Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Tue, 08 Apr 2003 00:58:56 +0200
"Anton A. Chuvakin" wrote:
[I agree ... BUT] surely people started to httptunnel not just because if was a fun thing to do?
No, it was made so that users/intruders could bypass the security policy of a given network.
surely you'd know of places where it is done exactly like that.
If I found someone doing that on my network, that someone would find himself without Internet access. Internet access is not a requirement for the majority of jobs out there.
Additionally, what if opening a port turns into "lets open yet another port in our swiss-cheese firewall and pray this application can't be exploited"? Will tunneling be justified in this case? Will it not reduce security a bit less than opening a port?
How? A port is a 16-bit integral number. Attacks are not mounted over 16-bit integral numbers. You attack _code_. The same code gets exposed regardless of whether it's being tunneled over port 80 or not. Not to mention that you are now also exposing the HTTP tunneling code, which you wouldn't be exposing if you weren't doing HTTP tunneling. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 09)
- Re: tunnel vs open a hole Frank Knobbe (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 06)
- Re: tunnel vs open a hole Mikael Olsson (Apr 06)
- Re: tunnel vs open a hole Bernie, CTA (Apr 06)
- Re: tunnel vs open a hole Christine Kronberg (Apr 07)
- Re: tunnel vs open a hole Anton A. Chuvakin (Apr 07)
- Re: tunnel vs open a hole R. DuFresne (Apr 07)
- Re: tunnel vs open a hole Dave Rinker (Apr 07)
- Re: tunnel vs open a hole Mikael Olsson (Apr 08)
- Re: tunnel vs open a hole Bill Royds (Apr 08)