> The DRI.edu network uses a proxy to route all port 80 and 443 traffic to > the net, so there is no way to access the internal machines or the > internal machines to access external machines, except to have the proxy > to do the request. > > This would be a good way to prevent reverse exploits to the NDOT > network, at the annoyance of using a proxy. > > If anyone knows a way around this proxy situation, or how to do reverse > connections using a proxy, I'd be quite interested. > > Mark > -- > Mark C. Ballew <[EMAIL PROTECTED]> > Sublinear.net
If you can get someone inside the network to run an executable containing a trojan horse from within the network it becomes fairly easy to gain access to the entire network. This trojan could, for example; read the network settings and/or detect network ports that are open to the outside world. It could then create a tunnel using that open port. While it would certainly be easier to use through a non filtered port going through an http proxy is still possible. There are a number of resources that discuss tunneling over other protocols and through proxies. The following is just a general article on the topic. http://infosecuritymag.techtarget.com/articles/may01/columns_tech_talk.shtml For your proxy to detect and filter these tunnels it will have to be able to filter based on what type of attachments are allowed, and be able to look for other types of embeded data that doesn't belong. The only commercial firewall/proxy solution that does this that I'm aware of is Symantec Raptor. While this isn't an easy to pull off attack it is definatly possible for a dedicated attacker to do so. What this is more commonly used for, and what is actually a bigger security risk is users of a locked down network creating http tunnels to thier own insecure boxes in order to bypass filters on the local network. For an easy way to do this check out httptunnel http://www.nocrew.org/software/httptunnel.html or read the htun project description for more useful information. http://runslinux.net/projects/htun/description.html -- Kyle T. Smith _______________________________________________ RLUG mailing list [EMAIL PROTECTED] http://www.rlug.org/mailman/listinfo/rlug
