Firewall Wizards mailing list archives
encapsulated protocols?
From: "Mark Horn [ Net Ops ]" <mhorn () funb com>
Date: Tue, 3 Feb 1998 11:43:26 -0500
Hello, Lately, I've noticed an increasing number of network protocols that are encapsulating themselves over existing protocols. And then using some of our proxies to navigate anywhere on the Internet. Most recently I discovered VXTreme, a video streaming protocol. The client is a browser plugin. It is able to communicate through the firewall by contacting the configured HTTP proxy, and opening up a URL which points to a remote VXTreme server. This kinda scares me. One of the premises of running a firewall is that you explicitly deny any protocol that is unknown. Well, if new protocols are encapsulating themselves into known protocols, how can you keep a handle on what protocols are running through the firewall? The end result is that any protocol can traverse the firewall. You simply need to get the "plugin" to the inside, and then you're home free. Does anyone have any clever ideas as to how to prevent this encapsulation trick? -- Mark Horn <mhorn () funb com> PGP Public Key available at: http://www.es.net/hypertext/pgp.html PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76 E6 04 A1 7F C1
Current thread:
- encapsulated protocols? Mark Horn [ Net Ops ] (Feb 03)
- Re: encapsulated protocols? Adam Shostack (Feb 04)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 06)
- Re: encapsulated protocols? Mark Horn [ Net Ops ] (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- IPsec and firewalls Aleph One (Feb 07)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Aleph One (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Adam Shostack (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 04)