Firewall Wizards mailing list archives
RE: Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe)
From: Joseph Steinberg <Joseph () whale-com com>
Date: Mon, 6 Aug 2001 17:26:16 -0400
In terms of all tunneling - since the e-Gap System inspects the application-level payload of all inbound requests to ensure that they are valid -- the application payload of the tunneling attempt, which will not look like valid web activity (URL, parameters, etc.), will be rejected. Also, httptunnel is normally used for tunneling out of a network. The e-Gap is normally used to protect sensitive internal data -- and would protect against tunneling in. Tunneling in via httptunnel would mean running the hts server on the internal network -- which is not how it is normally used. If someone did want to try tunneling through an e-Gap with httptunnel, unless the e-Gap were configured to allow tunneling to the tunnel server (hts), it would fail. The only machines and ports to which the e-Gap System will relay information are those that are specified in its configuration files. I.e., if the e-Gap is configured to relay port 80 on its external server (e.g., 1.2.3.4) to port 65 on an internal machine (5.6.7.8), even if someone tunneled information, it would not reach his/her intended destination, as the only machine that is reachable is the one in the configuration. If someone tried to communicate to a different port or machine it would not reach the destination -- as the source and destination he/she provided would be ignored. Because no TCP/IP passes through the e-Gap and the packets need to be re-generated on the internal side, this is assured. For more information (we are going off topic) please consult our white paper available at: http://www.whalecommunications.com/fr_030008.htm Joseph -----Original Message----- From: Paul Cardon [mailto:paul () moquijo com] Sent: Monday, August 06, 2001 4:09 PM To: Joseph Steinberg Cc: firewall-wizards () nfr com Subject: Re: [fw-wiz] Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe) Joseph Steinberg wrote:
Tunneling -> There are ways to mitigate against tunneling threats. I know that our products address tunneling by eliminating TCP/IP connectivity and TCP/IP headers, there may be other that do so as well. We also distinguish between types of attacks, and I am certain others do as well.
Bah. Eliminating TCP/IP headers isn't enough. How does it work against httptunnel? -paul _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe) Joseph Steinberg (Aug 07)
- Code Red paths robert_david_graham (Aug 08)
- Re: Code Red paths bacano (Aug 10)
- Re: Code Red paths R. DuFresne (Aug 10)
- Re: Re: Code Red: What security specialist don't mentioninwarnings(Frank Knobbe) Paul Cardon (Aug 10)
- Code Red paths robert_david_graham (Aug 08)