On Sat, 22 Jan 2000, John Cheswick wrote:
> I have been tasked with evaluating how completely our
> firewall implements our security policy. A question
> came up in our discussions that I'm hoping someone can
> help me with.
>
> Our firewall blocks outgoing telnet/ssh. Actually the
> only thing it lets through for regular users is
> proxied HTTP, with username/pwd authentication. What
> I'm wondering is if it would be possible for a user to
> do something like IP-over-IP, putting the telnet
> packets inside HTTP packets to the proxy thinks they
> are legit.
It's possible to tunnel almost any protocol over any other- so, yes, it is
definitely possible.
>
> I'm not worried about some wizzo hand-crafting
> packets; what I'm more wondering is if there are
> already tools out there that do this. Pointers
> anyone?
There are, a search of "tunnel" on freshmeat should turn up a few.
httptunnel I think is the name of one package. I'd heard that Back
Oriface was going to do HTTP tunneling in its next release, but I don't
follow Windows trojans much anymore.
> Also if anyone has faced this situation before I'd
> sure appreciate hearing from you.
If you allow any protocol in/out it's a potential tunnel. SMTP makes a
good telnet tunnel as well.
If you allow SSL and the connect method, it's *trivial* to tunnel out
through an HTTP proxy. Authentication makes it more difficult, as someone
has to write a script rather than simply typing a single HTTP header
followed by a connect statement from their telnet client.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
