Re: [fw-wiz] RE: In defense of non standard ports



Bill Royds wrote the following on 24.01.2006 01:32:
> As a postscript, when I managed a corporate firewall, I found that a number of
> sites and applications were trying to pass arbitrary traffic through HTTPS by
> just believing that it would not be examined by an application proxy more than
> checking the headers. Our particular firewall (Symantec SEF) actually had an
> HTTPS proxy and complained that the handshake was not correct and refused it.

Perhaps the confusion arose because HTTPS uses the HTTP CONNECT method,
which requests a simple TCP transport. AFAIK, there is nothing
HTTPS-specific to this method, though it is probably most often used for
HTTPS -- one other application that uses it is rsync. Of course, if your
policy allows only HTTP and HTTPS via the firewall, it is behaving
correctly in refusing the other traffic.

Cheers,
Tobias
--
Tobias Reckhard
secunet Tel : +49(6196)95888-42
Mergenthalerallee 77 Fax : +49(6196)95888-88
D-65760 Eschborn E-Mail: tobias.reckhard@xxxxxxxxxxx
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: RDP, RWW and VPN difference
    ... In that position, and considering that RWW works 'out of the box', and is inherently more secure than the 'default' VPN some might fall into - I'd give kudo's to SBS DEV as well :-). ... I have implemented Outlook over HTTPS at all clients now that I've had time to test it, and it's great as most clients don't restrict HTTPS in their companies. ... I would think that we, as a community, need to educate everyone on the Myth about NAT appliances being Firewalls and that there are solutions that provide proper security that many of the kids today are missing because of marketing hype. ... I always cringe when I hear someone say "My Firewall" or "I have a firewall", when all they really have is a pretty NAT Router that some marketing person packaged as a Firewall. ...
    (microsoft.public.windows.server.sbs)
  • Re: NAsty Message
    ... many types of malware), and HijackThis, which is a Windows utility to help ... the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3, ... I was speaking of a firewall ... Many firewalls have HTTPS proxy services, but you are completely correct, ...
    (alt.computer.security)
  • Re: Wie beurteilt Ihr IPCop
    ... jeweiligen Betriebssystem mitgelieferte Firewall, sondern um die ... da Du speziell nach IPcop fragst. ... so das man HTTPS durch ssh tunneln muss will man die Kiste fernwarten. ... e) Das Addons und Sicherheits updates nicht von der FW gepollt ...
    (de.comp.security.firewall)
  • Re: security port 443
    ... It is doubtful that anything is blocking your outbound https and if you ... have a firewall, any firewall should allow incoming traffic for any ... connection to that site where the foreign address is using port 443. ... If you are using a proxy ...
    (microsoft.public.security)
  • Re: Need https,portscan help
    ... the port is open or you wouldn't be getting there ... the firewall sitting in front of the webserver doesn't know ... probably not filtering/routing the https request through the firewall ... Colonel Flagg ...
    (alt.computer.security)