Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Netcat through Squid HTTP Proxy

from [James Kearney] Network Security [Permanent Link]
Subject: Re: Netcat through Squid HTTP Proxy
Date: Tue, 19 Apr 2005 16:19:52 +0100 

Henderson, Dennis K. wrote:

It seems like he was looking for information on how to prevent this.

You can configure squid to only allow tunneling on certain ports like
443 and 80. You'll have to figure out what your safe ports are to
prevent legitimate traffic from being impacted. 

I usually make sure the usual ports like ssh, telnet, irc are not
allowed.

Cheers

Dennis




although of course, they may just have the sshd running on 443... or be using a httptunnel client and server etc etc... stopping someone getting out when they are already inside is v difficult - what if they tunnel over dns/write a custom server and client over port 80 etc?
I would think that generally if the individual knows enough to try tunneling ssh over https, then they probably can put an ssh server on 443, or using some transport mechanism over http.

Of course thats not to say that you should not block the connect options for ssh/imap/whatever... but don't assume this will stop anyone getting out.

maybe you could have a tcpdump dumping the open and close connections for https connect on port 443, and record the amount of usuage/time it is used, and it may indicate someone using a shell through the https proxy or something like that?

- jk

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Netcat through Squid HTTP Proxy, Henderson, Dennis K.
Next by Date:  RE: Netcat through Squid HTTP Proxy, Todd Towles
Previous by Thread:  RE: Netcat through Squid HTTP Proxy, Henderson, Dennis K.
Next by Thread:  Re: Netcat through Squid HTTP Proxy, Chris Kuethe
Indexes:  [Date] [Thread] [Top] [All Lists]