Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Tool to find hidden web proxy server
From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 2 Sep 2004 17:04:05 -0700 (PDT)

Hash: SHA1

Yo Jose!

On Thu, 2 Sep 2004, Jose Maria Lopez wrote:

But if you allow in and out from specific ports you have at least a
second level of security over what the original poster said it had.
Only allowing out from some IPs it's possible, but I find it very
difficult to make rules for the outer IPs, having in mind the original
poster wants to have internet connection from the LAN for that

If you leave just ONE port open, then an insider can use it to tunnel
out.  That one port is often DNS/udp.  You have to work very, very,
hard to filter out IP over DNS/udp.  You could force the use of
an internal DNS server, but if it allows any recursive lookups out
of the firewall then game over.

This /. describes how to do it:

The insider does not even need an open port.  Only TCP/IP (proto 6) and
TCP/UDP (proto 17) use "ports".  The insider can just use a "portless"
protocol like TCP/ICMP (proto 1), TCP/ESP (proto 50), TCP/AH (proto 51),

There are several IPSEC stacks available as freeware that use TCP/ESP
and TCP/AH.

- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

Version: GnuPG v1.2.3 (GNU/Linux)


Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]