On Sun, 23 Jan 2000, Gene Lee wrote:
> >I'm not worried about some wizzo hand-crafting
> >packets; what I'm more wondering is if there are
> >already tools out there that do this. Pointers
> >anyone?
>
> One thing you really have to worry about are all these Java Telnet Applets
> springing up all over the place. Good example of one is:
> http://edcen.ehhs.cmich.edu/telnet.html
Why? The telnet applets like the one you showed here use regular telnet
to connect to their host. They're not tunnelling over http. That web
page is -no- different than opening up a telnet client to edcen.ehhs.cmich.edu
and if your firewall blocks outbound telnet then that applet won't work
either!
> It is hardcoded to telnet only to a specific host, but there are probably
> some on the net which are not security-conscious and allow you to specify
> exactly where you want to telnet to. Hard thing is deciding if you want to
> block Java at the proxy, since a lot of organizations are using Java to
> deploy legitimate web-based applications.
Actually - that has nothing to do with how the applet is coded or the site
it comes from. It is a limitation in the applet security model. Applets
are -only- allowed to make network connections to the machine they were
downloaded from. A signed applet would be able to go to other sites, but
again, if your firewall blocks telnet access, then the applet won't be
able to get through.
Now, I suppose you could make a connection over port 80 if your firewall
just blindly allows access through port 80. If the firewall does some
kind of proxying, and only allows valid HTTP through, then tunneling something
like telnet becomes a little triciker (or maybe more than a little).
I haven't seen an applet yet that does this (doesn't mean it isn't out
there though :)
--Dg
"Why god? WHY?"
"Because, there's something about you that REALLY Pisses me off!"
| icq/4813658 | yahoo/kender42 | [EMAIL PROTECTED] | aim/dg4293 |
| [EMAIL PROTECTED] | www/www.hollyfeld.org |
"Even angels learn to fall"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
