Firewall Wizards mailing list archives
Re: RE: In defense of non standard ports
From: Tobias Reckhard <tobias.reckhard () secunet com>
Date: Tue, 24 Jan 2006 09:29:14 +0100
Bill Royds wrote the following on 24.01.2006 01:32:
As a postscript, when I managed a corporate firewall, I found that a number of sites and applications were trying to pass arbitrary traffic through HTTPS by just believing that it would not be examined by an application proxy more than checking the headers. Our particular firewall (Symantec SEF) actually had an HTTPS proxy and complained that the handshake was not correct and refused it.
Perhaps the confusion arose because HTTPS uses the HTTP CONNECT method, which requests a simple TCP transport. AFAIK, there is nothing HTTPS-specific to this method, though it is probably most often used for HTTPS -- one other application that uses it is rsync. Of course, if your policy allows only HTTP and HTTPS via the firewall, it is behaving correctly in refusing the other traffic. Cheers, Tobias -- Tobias Reckhard secunet Tel : +49(6196)95888-42 Mergenthalerallee 77 Fax : +49(6196)95888-88 D-65760 Eschborn E-Mail: tobias.reckhard () secunet com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: In defense of non standard ports Behm, Jeffrey L. (Jan 23)
- RE: RE: In defense of non standard ports Bill Royds (Jan 23)
- Re: RE: In defense of non standard ports Tobias Reckhard (Jan 24)
- Re: RE: In defense of non standard ports James (Jan 24)
- Re: RE: In defense of non standard ports ArkanoiD (Jan 24)
- Re: RE: In defense of non standard ports Chuck Swiger (Jan 24)
- Re: RE: In defense of non standard ports Marcus J. Ranum (Jan 24)
- Re: RE: In defense of non standard ports Paul D. Robertson (Jan 24)
- Re: RE: In defense of non standard ports Tim Shea (Jan 24)
- Re: RE: In defense of non standard ports Paul D. Robertson (Jan 24)
- Message not available
- RE: In defense of non standard ports Brian Loe (Jan 24)
- Message not available
- Re: RE: In defense of non standard ports Marcus J. Ranum (Jan 24)
- Re: RE: In defense of non standard ports ArkanoiD (Jan 25)
- RE: RE: In defense of non standard ports Bill Royds (Jan 23)