HI, I need a solution where in I should be able to configure my firewall/IDS in such a way that Http tunnels using port 80 should be dropped and rest all the http traffic should be allowed.in our company everybody has internet access.port 80 is enabled by default which have to be checked.First of all is it possible to block HTTP tunnels with ISS network sensor..???
Thanks Regards Venkat -----Original Message----- From: Rob Rosenberger [mailto:junkmail@;barnowl.com] Sent: Thursday, October 17, 2002 9:55 PM To: Mokkapati Rao Venkat Subject: RE: [ISSForum] Http tunneling >>Do anybody know how to block HTTP tunneling ..???Can we configure ISS network sensor to do that..? You can use any port to tunnel HTTP, including port 80 itself (as Anonymizer.com does). I usually tunnel HTTP through ports 22 and 80, but I've also used ports 21, 23, 25, 79, 81, 3128(!), 8000, 8001, and 8080. In the future, I might use ports 5517 and 5518 to cover my tracks. If you just want to take a stab at it, then you should at least block ports 22 & 3128 and then block any outbound HTTP connections to a short list of well-known secure proxy sites like Anonymizer.com. If you really want to block HTTP tunneling, then you may need to block every single outbound port as the {ahem} "obvious and easiest" solution. Don't throw out this idea as stupid! If your company treats the Internet as an employee privilege, not an employee expectation, then you could possibly implement a strong policy of "deny unless allowed." If employees want HTTP access, they'd need to justify it, else they can roam only within the confines your Intranet. Hope this insight helps. Rob ********************************************************************** The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. ********************************************************************** _______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
