short answer is yes....I've seen port forward/redirection code out there for tunneling over both HTTP and ICMP. I've an HTTP tunnel (sorry I forgot the name) and it was even fairly user friendly to setup..If you are running NFR it would probably be very easy to punch out some N-Code to catch this, even if it is base-128 encoded or whatever... As for blocking it you may want to set department policies about users trying to tunnel through your firewall. It should be fairly easy to write some N-Code to monitor for such HTTP traffic even if it is base 128 encoded.... daN. At 11:06 AM 1/23/00 -0500, Mailing Lists wrote: >Hi! > >Back where I work, we are using a firewall the blocks everything coming in, >and gives internal users permission to use the www, ftp, pop and mail >ports. (no icq, no aol, no nothing else). > >But I overheard one of my users bragging that it bypassed the firewall >using two linux machines doing port redirection. > >I did a little research on this and the most plausible way I found is that >he is running a linux inside the firewall which grabs everyhing on a >certain port (let's say the icq server port), then forward it through port >80 to another linux box outside the firewall which make the actual call to >the icq server on the right port. Is that possible? Is there any other >alternatives he can be using? > >btw, I don't know what the firewall used is, I'm the sysadm for my >division, but we are using the corporate firewall. > >Thanks! >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:07 PDT