Home page logo
/

basics logo Security Basics mailing list archives

Re: Avoiding tunnels
From: Javier Hijas <jhijas () germinus com>
Date: Thu, 02 Mar 2006 12:50:49 +0100

Thanks all, It's clear that to inspect http protocol I need an
application level firewall. I know about netfilter add-ons and comercial
firewalls like ISA and checkpoint (with "application intelligence" ;-)
implementing this osi level inspection, but I see no way to check ssl
traffic: opening navigation traffic for users means opening at least 80
and 443 ports. I can open a ssh tunel troght 443 port even with "ssl
inspection".

Access lists has no reason to be implemented when you deal with "shrewd"
users?


Ansgar -59cobalt- Wiechers wrote:
On 2006-02-28 Javier Hijas wrote:

 I wonder if there is a way to avoid tunnels via fw (v.g. netfilter).
How can I control that an opened port 80 is not used to tunel to a ssh
server listening at port 80?


You need to filter on layer 7 instead of layer 3/4, e.g. by proxying the
traffic.

Regards
Ansgar Wiechers


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]