Home page logo
/

nanog logo nanog mailing list archives

Re: HTTP Tunneling
From: Mufti Ahmed <Mufti.Ahmed () reuters com>
Date: Wed, 14 Jun 2000 08:53:30 -0400




Hi Eric, this sounds like a hack or is this valid for certain services that
you've
seen.

thanks

Mufti Nayeem Ahmed
Network Systems Engineer
Market Data Networks
Reuters America Inc.
(212)-603-3595






Eric Vyncke <evyncke () cisco com> on 06/14/2000 03:09:21 AM

To:   Mufti Ahmed/NYC/US/Reuters () REUTERS, nanog () merit edu
cc:
Subject:  Re: HTTP Tunneling






Mufti,

May be your director was thinking about tunneling a Telnet/SSH/IPSec/... session
in a HTTP session.

This is quite common to use HTTP (which is allowed through most firewalls
configuration) to funnel other protocols through a firewall.

If your firewall is a plain packet filter, sending Telnet traffic to a modified
/etc/inetd.conf on port 80 will make the trick.

If your firewall is a proxy firewall, you will have to add a HTTP header
to it ;-)

Basically, some trojans are using this technique.

Other protocols used for tunneling are ICMP (remember loki ?), ...

Hope this helps

-eric

At 18:38 13/06/2000 -0400, Mufti Ahmed wrote:



My Director was mentioning this phrase to me. Is this another term for
"TLS Within HTTP/1.1"  RFC 2817.  Maybe some one who works in the
ISP world is familiar with this term? Or do you think it's just a marketing
term for what i just mentioned?

Thanks

Mufti Nayeem Ahmed
Network Systems Engineer
Market Data Networks
Reuters America Inc.
(212)-603-3595


-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.

Eric Vyncke
Consulting Engineer                Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke () cisco com          Mobile: +32-75-312.458




-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.



  By Date           By Thread  

Current thread:
  • HTTP Tunneling Mufti Ahmed (Jun 13)
    • <Possible follow-ups>
    • Re: HTTP Tunneling Mufti Ahmed (Jun 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault