NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] http tunneling



Just an idea:
If the HTTP tunneling software does not hit the proxy on port 80, then you
could place a firewall between the users and the proxy.  Sandwiching the
proxy between 2 firewalls -

Internet----Firewall1---Proxy---Firewall2---Users

Then just allow port 80 requests to the IP(s) of the Proxy in Firewall2, or
deny whatever port the tunneling software is using.

Of course if the software is using port 80 just disregard this email.

HTH,
Alex

-----Original Message-----
From: Jesus Calvo Hernandez [mailto:[email protected]]
Sent: Friday, May 04, 2001 4:57 AM
To: [email protected]
Cc: FW1-MailingList (E-mail)
Subject: Re: [FW1] http tunneling



Hi Juan

Thanks for your help, but the problem is that http tunnel software links
directly to the proxy server, which is BEFORE the firewall, so this rule
never would be applied, as it is the proxy making legitimate http requests
to the internet who hides internally on http packets other non-legitmate
requests.

What is needed I think is a way to look into the packets to separate those
who have legitimate http requests from other non-legitimate packets embedded
on http requests.

Best regards

Jesus Calvo
----- Original Message -----
From: "Juan" <[email protected]>
To: "Jesus Calvo Hernandez" <[email protected]>
Sent: Saturday, May 05, 2001 1:45 AM
Subject: Re: [FW1] http tunneling


You need to find out what protocol their software uses, create a service
with those specific ports, next you want to create a rule above the one
allowing them outbound access.  It will read:

Src: Internal Network
Dst: Any
Service: Tunneling sofware
Action: Drop
Track: Long (temporarily while you make sure it works)

Mind you this is if you definitely want to kill that software that they are
using to tunnel outbound.

Just an idea.
--
JUAN CONCEPCION
Network Consultant
CCSA/CCSE
[email protected]

On 2001.05.03 05:52 Jesus Calvo Hernandez wrote:
> Hi everybody
>
> Currently I´m facing problems with the fact that our internal users have
> got http tunnel software installed on their pcs, so they use our proxy
> server for more things than it has to be. Concretely with this software
> they convert their pcs into a socks client which contact a socks server
> outside our network, from where they can do almost whatever they want,
> and which is forbidden by the firewall any other way.
>
> Anyone knows how to crop this out on the firewall (any uri resource or
> whaetever) so that only http legitimate requests are relayed by the
> proxy?
>
> Any help would be a great advantage and greatly appreciated.
>
> Best regards to all
>
> Jesus Calvo
>
> ------------------------------------------------------------------
> This email is confidential and intended solely for the use of the
> individual to whom it is addressed. Any views or opinions presented are
> solely those of the author and do not necessarily represent those of Sema
> Group.
> If you are not the intended recipient, be advised that you have received
> this email in error and that any use, dissemination, forwarding,
> printing, or copying of this email is strictly prohibited.
> ------------------------------------------------------------------
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 5.50.4522.1801" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV><FONT face=Arial size=2>Hi everybody&nbsp;&nbsp;&nbsp;
> &nbsp;&nbsp;&nbsp;
> </FONT></DIV>
> <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Arial size=2>Currently I´m facing problems with the fact
> that
> our internal users have got http tunnel software installed on their pcs,
> so they
> use our proxy server for more things than it has to be. Concretely with
> this
> software they convert their pcs into a socks client which contact a socks
> server
> outside our network, from where they can do almost whatever they want,
> and which
> is forbidden by the firewall any other way.</FONT></DIV>
> <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Arial size=2>Anyone knows how to crop this out on the
> firewall
> (any uri resource or whaetever) so that only http legitimate requests are
>
> relayed by the proxy?</FONT></DIV>
> <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Arial size=2>Any help would be a great advantage and
> greatly
> appreciated.</FONT></DIV>
> <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Arial size=2>Best regards to all</FONT></DIV>
> <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Arial size=2>Jesus Calvo</FONT></DIV></BODY></HTML>
>


------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual
to whom it is addressed. Any views or opinions presented are solely those of
the author and do not necessarily represent those of Sema Group. 
If you are not the intended recipient, be advised that you have received
this email in error and that any use, dissemination, forwarding, printing,
or copying of this email is strictly prohibited.
------------------------------------------------------------------



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.