Block HTTPort and other tunneling software

[Siebenkaes Stefan <Stefan.Siebenkaes () itellium com>]

Hi there,

recently I played along with some tunneling software, like
httport (see http://www.htthost.com or below for details).
Do you have any ideas on how to stop my users from tunneling
my firewalls via Proxy (http, https) using such tools?
I did not go into protocol details yet, but it seems to
be a valid http-stream. In just 5 minutes I set up 
icq, news, pop, smtp and a variety of other protocols
on my local system using httport passing the firewalls.

Bad ideas: 
scanning the clients for the ".exe" of httport
forbid using httport
deny administrative access or installation on the desktop

Any good ideas?

Details:
HTTPort acts as a proxy/forwarder for protocols, e.g. I
use my localhost as "newsserver", httport takes the protocol
from "localhost", transfers it to http, connects via Proxy
to a public httport-server, that server reads the news and
transfers it back to httport using the proxies, httport gives 
it back to my newsreader. 
--> NEWS gets tunneled via "Port 80" into my network. Bad.


Regards,

  Stefan

(BTW, thanks for all the good answers on my posting regarding
borderguard)


--
Stefan Siebenkäs
Systemingenieur

ITELLIUM 
Systems & Services GmbH
Hundingstrasse 11 b
90431 Nürnberg

Tel.:   0911/14-20209
Fax:    0911/14-26433
mailto: stefan.siebenkaes () itellium com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards