Security Basics mailing list archives

RE: Tunnel any protocol over any protocol?

From: "Ken Kousky" <kkousky () ip3inc com>
Date: Wed, 6 May 2009 11:53:06 -0400

Vunneling is simply sending structured data in the RTP/UDP stream. Most
engineers are taught that successful data transmissions require every packet
to arrive in tact and in sequence or the files will be corrupted. This
implies that the media channel in a voip connection can't carry the
corporate data base out the front door or bring in malware.  However, it's
common to use an unreliable layer, like UDP as long as a higher layer
service requests retransmission of any lost or corrupted packets. 


This is an extremely important issue since most companies only inspect the
call set-up and signally (usually the SIP) which establishes an inbound and
an outbound UDP port. The actual flow of data isn't inspected in almost all
voip connections due to the latency it takes.

So DLP is mostly a pipedream toda. Anybody running end-to-end voip services
must be using a data loss prevention system with the back door wide open.

This only gets worse as managers say they want their voice and video
conference sessions encrypted. All you can do at this point is trust the end
stations.  

I spent hours at RSA looking for companies wanting to address these covert
channels and was extremely disappointed.

KWK

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Jeff Johnson
Sent: Tuesday, May 05, 2009 4:10 PM
To: Danny Puckett; security-basics () securityfocus com
Subject: RE: Tunnel any protocol over any protocol?

I also hear there is something called Vunneling that allows you to
tunnel over RTP packets. 


Thanks,
 
Jeff

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Danny Puckett
Sent: Tuesday, May 05, 2009 3:29 PM
To: security-basics () securityfocus com
Subject: RE: Tunnel any protocol over any protocol?

There is a slick utility called Ping Tunnel that allows tunneling over
ping packets.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Chip Panarchy
Sent: Tuesday, May 05, 2009 7:07 AM
To: security-basics () securityfocus com
Subject: Tunnel any protocol over any protocol?

Hello

Is it possible to Tunnel any Protocol (within reason) over any other
protocol?

Eg; http tunnel, https tunnel, ftp tunnel, ssh tunnel etc.

If yes, could you please tell me your preferred programs/tools/scripts
for doing so?

Thanks in advance,

Panarchy

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught
by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------



This email and any attached files are confidential and intended solely for
the intended recipient(s). If you are not the named recipient you should not
read, distribute, copy or alter this email. Any views or opinions expressed
in this email are those of the author and do not represent those of the
company. Warning: Although precautions have been taken to make sure no
viruses are present in this email, the company cannot accept responsibility
for any loss or damage that arise from the use of this email or attachments.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught by
an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


__________ NOD32 4055 (20090506) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Tunnel any protocol over any protocol? Chip Panarchy (May 05)
- RE: Tunnel any protocol over any protocol? Danny Puckett (May 05)
  - RE: Tunnel any protocol over any protocol? Jeff Johnson (May 06)
    - Re: Tunnel any protocol over any protocol? Phil Bieber (May 06)
    - RE: Tunnel any protocol over any protocol? Ken Kousky (May 06)
- Re: Tunnel any protocol over any protocol? Brad Edmondson (May 05)
- Re: Tunnel any protocol over any protocol? Kurt Buff (May 06)
- Re: Tunnel any protocol over any protocol? Robin Wood (May 06)
- RE: Tunnel any protocol over any protocol? Murda Mcloud (May 06)
- Re: Tunnel any protocol over any protocol? Aarón Mizrachi (May 06)
- Re: Tunnel any protocol over any protocol? Muhammad Farooq-i-Azam (May 11)
- <Possible follow-ups>
- Re: Tunnel any protocol over any protocol? Nick Owen (May 05)
- Re: Tunnel any protocol over any protocol? v3nd3rs5uck (May 11)