A good proxy firewall will prevent anything but valid HTTP going through the http port
but it can't prevent tunnelling using base 64 encoded text representations of data
embedded in web pages (as some spyware uses). The best approach is to use a proxy
firewall with an IDS looking for embedded data and a good policy of allowed software
on your client's desktop.
There will always be a way of embedding data in covert channels as long as there is
something going through your firewall that can encode more than one state.
Most tunnelling uses MIME attachments. By filtering on MIME type as some proxies do
(Symantec Raptor for one), you can restrict the data to only those kind you want. This
will not prevent stenography but will prevent overt tunnelling.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of acs
Sent: Saturday, April 21, 2001 22:33
To: [EMAIL PROTECTED]
Subject: http tunnels
Anybody have any ideas on dealing with (controlling /
preventing) all these http tunnels?
Is there a http proxy smart enough to block this or is
it hopeless?
Traffic analysis may help, but any time soon?
Are we all on the verge of becoming obsolete?
TIA
acs
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
