Firewall Wizards mailing list archives
Block HTTPort and other tunneling software
From: Siebenkaes Stefan <Stefan.Siebenkaes () itellium com>
Date: Thu, 31 Jan 2002 11:43:42 +0100
Hi there, recently I played along with some tunneling software, like httport (see http://www.htthost.com or below for details). Do you have any ideas on how to stop my users from tunneling my firewalls via Proxy (http, https) using such tools? I did not go into protocol details yet, but it seems to be a valid http-stream. In just 5 minutes I set up icq, news, pop, smtp and a variety of other protocols on my local system using httport passing the firewalls. Bad ideas: scanning the clients for the ".exe" of httport forbid using httport deny administrative access or installation on the desktop Any good ideas? Details: HTTPort acts as a proxy/forwarder for protocols, e.g. I use my localhost as "newsserver", httport takes the protocol from "localhost", transfers it to http, connects via Proxy to a public httport-server, that server reads the news and transfers it back to httport using the proxies, httport gives it back to my newsreader. --> NEWS gets tunneled via "Port 80" into my network. Bad. Regards, Stefan (BTW, thanks for all the good answers on my posting regarding borderguard) -- Stefan Siebenkäs Systemingenieur ITELLIUM Systems & Services GmbH Hundingstrasse 11 b 90431 Nürnberg Tel.: 0911/14-20209 Fax: 0911/14-26433 mailto: stefan.siebenkaes () itellium com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Block HTTPort and other tunneling software Siebenkaes Stefan (Jan 31)