Re: Tool to find hidden web proxy server

From: Gary E. Miller (gem@rellim.com)
Date: Thu Sep 02 2004 - 20:04:05 EDT

• Next message: Ido Rosen: "Re: Instant Messenger"
• Previous message: Rogan Dawes: "Re: Tool to find hidden web proxy server"
• In reply to: Jose Maria Lopez: "Re: Tool to find hidden web proxy server"
• Next in thread: Jose Maria Lopez: "Re: Tool to find hidden web proxy server"
• Reply: Jose Maria Lopez: "Re: Tool to find hidden web proxy server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Jose!

On Thu, 2 Sep 2004, Jose Maria Lopez wrote:

> But if you allow in and out from specific ports you have at least a
> second level of security over what the original poster said it had.
> Only allowing out from some IPs it's possible, but I find it very
> difficult to make rules for the outer IPs, having in mind the original
> poster wants to have internet connection from the LAN for that
> machines.

If you leave just ONE port open, then an insider can use it to tunnel
out. That one port is often DNS/udp. You have to work very, very,
hard to filter out IP over DNS/udp. You could force the use of
an internal DNS server, but if it allows any recursive lookups out
of the firewall then game over.

This /. describes how to do it:
        http://slashdot.org/articles/00/09/10/2230242.shtml

The insider does not even need an open port. Only TCP/IP (proto 6) and
TCP/UDP (proto 17) use "ports". The insider can just use a "portless"
protocol like TCP/ICMP (proto 1), TCP/ESP (proto 50), TCP/AH (proto 51),
etc.

There are several IPSEC stacks available as freeware that use TCP/ESP
and TCP/AH.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBN7T48KZibdeR3qURAm4gAJ9GXYH6eeVS55+ai8SLOT93raeBKACg2BGf
QUxTOF4ZbKCUlGm33D2r0+w=
=HiIK
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Ido Rosen: "Re: Instant Messenger"
• Previous message: Rogan Dawes: "Re: Tool to find hidden web proxy server"
• In reply to: Jose Maria Lopez: "Re: Tool to find hidden web proxy server"
• Next in thread: Jose Maria Lopez: "Re: Tool to find hidden web proxy server"
• Reply: Jose Maria Lopez: "Re: Tool to find hidden web proxy server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:03 EDT