Penetration Testing: Re: Netcat through Squid HTTP Proxy

[Chris Kuethe <chris.kuethe () gmail com>]

On 4/18/05, Henderson, Dennis K. <Dennis.Henderson () umb com> wrote:
> It seems like he was looking for information on how to prevent this.
Short answer: good luck, unless you can definatively teach squid about
what https, etc. looks like. Application layer gateways don't do you
much good if they don't watch for protcol abuses.

Limiting CONNECT is one way to do it, but that means you a) need to
sniff and decode at least the initial negotiation [is this really an
SSL session?] or b) are going to break HTTPS.

> You can configure squid to only allow tunneling on certain ports like
> 443 and 80. You'll have to figure out what your safe ports are to
> prevent legitimate traffic from being impacted.
until someone sets up a world-reachable box with every port redirected
to 127.0.0.1:22 to get around this...

> I usually make sure the usual ports like ssh, telnet, irc are not
> allowed.
Make sure you don't allow DNS out either. Otherwise someone will come
along with an IP-over-DNS tunneller.

CK

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?