Firewall Wizards mailing list archives
RE: how to block ICMP tunneling?
From: Kevin Steves <stevesk () sweden hp com>
Date: Sat, 24 Jul 1999 09:10:36 +0200 (CEST)
On Mon, 19 Jul 1999, Jason Diesel wrote: : Unless you have an application based firewall! Where the firewall is : actually scanning the contents of the pay load to check which commands for : that associated application protocol are coming in. If they are unrecognised : for say... DNS, then the firewall will not let them in. The firewall will : then log and alert as necessary. I think Adam was referring to the issues of tunneling in general (he did mention SSH and SSL). CONNECT tends to be my favorite tunneling method. Does the Raptor CONNECT proxy try to examine the initial connection for valid SSL handshake messages? Even if it did, there are only limited checks that can be performed to try to determine that it's really tunneling an SSL session vs. BO2K, and then it could be fooled, so I suspect you don't even bother. Or we can also just do BO2K over real-SSL. Application firewall products are not the silver bullet here--one needs to look at the overall requirements and deploy multiple methods and techniques to implement a given policy (insert all Adam's original comments here...).
Current thread:
- how to block ICMP tunneling? Razvan Peteanu (Jul 16)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)
- Re: how to block ICMP tunneling? Sebastian Krahmer (Jul 19)
- Re: how to block ICMP tunneling? Ted Doty (Jul 18)
- Re: how to block ICMP tunneling? Adam Shostack (Jul 19)
- BO2k : was (Re: how to block ICMP tunneling?) Jason Brvenik (Jul 20)
- <Possible follow-ups>
- RE: how to block ICMP tunneling? Jason Diesel (Jul 19)
- RE: how to block ICMP tunneling? Kevin Steves (Jul 26)
- RE: how to block ICMP tunneling? Kyle Starkey (Jul 19)
- Re: how to block ICMP tunneling? Joseph S D Yao (Jul 20)
- Re: how to block ICMP tunneling? Chris Brenton (Jul 20)
- Re: how to block ICMP tunneling? carson (Jul 21)
- Re: how to block ICMP tunneling? Geva Patz (Jul 20)
- RE: how to block ICMP tunneling? Marcus J. Ranum (Jul 19)
- Re: how to block ICMP tunneling? Steven M. Bellovin (Jul 20)
- RE: how to block ICMP tunneling? Ben Nagy (Jul 20)
- Re: how to block ICMP tunneling? Ryan Russell (Jul 21)
- Re: how to block ICMP tunneling? Dru (Jul 26)
(Thread continues...)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)