|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Netcat through Squid HTTP Proxy
From: Chris Kuethe (chris.kuethe
gmail.com)
Date: Tue Apr 19 2005 - 10:32:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 4/18/05, Henderson, Dennis K. <Dennis.Hendersonumb.com> wrote:
> It seems like he was looking for information on how to prevent this.
Short answer: good luck, unless you can definatively teach squid about
what https, etc. looks like. Application layer gateways don't do you
much good if they don't watch for protcol abuses.
Limiting CONNECT is one way to do it, but that means you a) need to
sniff and decode at least the initial negotiation [is this really an
SSL session?] or b) are going to break HTTPS.
> You can configure squid to only allow tunneling on certain ports like
> 443 and 80. You'll have to figure out what your safe ports are to
> prevent legitimate traffic from being impacted.
until someone sets up a world-reachable box with every port redirected
to 127.0.0.1:22 to get around this...
> I usually make sure the usual ports like ssh, telnet, irc are not
> allowed.
Make sure you don't allow DNS out either. Otherwise someone will come
along with an IP-over-DNS tunneller.
CK
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]