WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RES: Instant Messenger

From: "Murtland, Jerry" <MurtlandJ () Grangeinsurance com>
Date: Mon, 13 Sep 2004 11:47:24 -0400
Snake,

That's a very good step-by-step illustration of how to proxy through secure
remote to external systems.  I'm sure it would make other security staff
feel as uncomfortable as it does me, but I was aware of this.  However,
there might be something else that we can discuss that would be of good use
to me as well as others looking to work on ways to detect and block this
sort of activity.  Obviously, you can't sniff or detect secure protocol, and
I've heard of some that say they can, but they that's via SSL and the
certificates are pointed to from the IDS for filtering signatures.  Not
effective.

I'm looking for a way to be able to block this all together.  What
immediately comes to mind is to only allow specific IP's to SSh outbound
through your firewall and deny all else.  I guess my question is, "Are there
other methods to circumvent this block after creating this rule set?"

Thanks for the document, I put it to good use!  ;)

Jerry Murtland


-----Original Message-----
From: RSnake [mailto:rsnake () shocking com]
Sent: Sunday, September 05, 2004 3:50 PM
To: Alexandre Cezar
Cc: Ido Rosen; Murtland, Jerry; pen-test () securityfocus com;
webappsec () securityfocus com; full-disclosure () lists netsys com
Subject: Re: RES: Instant Messenger



        On the flip side I wrote a short paper on bypassing content filters
by
sending Trillian Pro messages over SSH.  It's a tad off topic, but still
relevant: http://www.shocking.com/~rsnake/trillianremote.html

On Fri, 3 Sep 2004, Alexandre Cezar wrote:

| Date: Fri, 3 Sep 2004 11:42:31 -0300
| From: Alexandre Cezar <acezar () opencs com br>
| To: Ido Rosen <ido () cs uchicago edu>,
|      "Murtland, Jerry" <MurtlandJ () Grangeinsurance com>
| Cc: pen-test () securityfocus com, webappsec () securityfocus com,
|      full-disclosure () lists netsys com
| Subject: RES: Instant Messenger
|
| Take a look at http://www.akonix.com for securing IM communication and
| I recommend this paper
| www.giac.org/practical/GSEC/Frank_Reiss_GSEC.pdf
|
|
| Regards
| -----Mensagem original-----
| De: Ido Rosen [mailto:ido () cs uchicago edu]
| Enviada em: quinta-feira, 2 de setembro de 2004 23:17
| Para: Murtland, Jerry
| Cc: pen-test () securityfocus com; webappsec () securityfocus com;
| full-disclosure () lists netsys com
| Assunto: Re: Instant Messenger
|
| Jabber.
|
| On Thu, 2 Sep 2004 10:00:18 -0400
| "Murtland, Jerry" <MurtlandJ () Grangeinsurance com> wrote:
|
| > I am looking for white papers on enterprise Instant Messenger security
| > concerns.  It doesn't have to be, but anything on MSN IM would be
| > helpful too.  Does anyone have any good resources to share?
| >
| > Jerry J. Murtland
| >
| >
| >
|
|
| --
| +-------------------------------------------------+
| |  Email : ido () ieee org / ido () cs uchicago edu     |
| | Jabber : phaedo () jabber org                      |
| |    PGP : http://www.dork.com/ido                |
| +-------------------------------------------------+
|

-R

The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to
this email by anyone else is unauthorized.  If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.
Previous By Date Next
Previous By Thread Next

Current thread: