Firewall Wizards mailing list archives

RE: Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe)

From: Joseph Steinberg <Joseph () whale-com com>
Date: Mon, 6 Aug 2001 17:26:16 -0400


In terms of all tunneling - since the e-Gap System inspects the
application-level payload of all inbound requests to ensure that they are
valid -- the application payload of the tunneling attempt, which will not
look like valid web activity (URL, parameters, etc.), will be rejected.

Also, httptunnel is normally used for tunneling out of a network. The e-Gap
is normally used to protect sensitive internal data -- and would protect
against tunneling in. Tunneling in via httptunnel would mean running the hts
server on the internal network -- which is not how it is normally used.

If someone did want to try tunneling through an e-Gap with httptunnel,
unless the e-Gap were configured to allow tunneling to the tunnel server
(hts), it would fail. The only machines and ports to which the e-Gap System
will relay information are those that are specified in its configuration
files. I.e., if the e-Gap is configured to relay port 80 on its external
server (e.g., 1.2.3.4) to port 65 on an internal machine (5.6.7.8), even if
someone tunneled information, it would not reach his/her intended
destination, as the only machine that is reachable is the one in the
configuration. If someone tried to communicate to a different port or
machine it would not reach the destination -- as the source and destination
he/she provided would be ignored. Because no TCP/IP passes through the e-Gap
and the packets need to be re-generated on the internal side, this is
assured.

For more information (we are going off topic) please consult our white paper
available at:
http://www.whalecommunications.com/fr_030008.htm

Joseph



-----Original Message-----
From: Paul Cardon [mailto:paul () moquijo com]
Sent: Monday, August 06, 2001 4:09 PM
To: Joseph Steinberg
Cc: firewall-wizards () nfr com
Subject: Re: [fw-wiz] Re: Code Red: What security specialist don't
mention inwarnings(Frank Knobbe)


Joseph Steinberg wrote:


Tunneling -> There are ways to mitigate against tunneling threats. I know
that our products address tunneling by eliminating TCP/IP connectivity and
TCP/IP headers, there may be other that do so as well. We also distinguish
between types of attacks, and I am certain others do as well.


Bah.  Eliminating TCP/IP headers isn't enough.  How does it work against
httptunnel?

-paul
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe) Joseph Steinberg (Aug 07)
- Code Red paths robert_david_graham (Aug 08)
  - Re: Code Red paths bacano (Aug 10)
  - Re: Code Red paths R. DuFresne (Aug 10)
- Re: Re: Code Red: What security specialist don't mentioninwarnings(Frank Knobbe) Paul Cardon (Aug 10)