Re: Netcat through Squid HTTP Proxy
From: James Kearney (jamesjohnkearney_at_gmail.com)
Date: 04/19/05
- Previous message: Henderson, Dennis K.: "RE: Netcat through Squid HTTP Proxy"
- In reply to: Henderson, Dennis K.: "RE: Netcat through Squid HTTP Proxy"
- Next in thread: Chris Kuethe: "Re: Netcat through Squid HTTP Proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Apr 2005 16:19:52 +0100 To: pen-test@securityfocus.com
Henderson, Dennis K. wrote:
>It seems like he was looking for information on how to prevent this.
>
>You can configure squid to only allow tunneling on certain ports like
>443 and 80. You'll have to figure out what your safe ports are to
>prevent legitimate traffic from being impacted.
>
>I usually make sure the usual ports like ssh, telnet, irc are not
>allowed.
>
>Cheers
>
>Dennis
>
>
>
although of course, they may just have the sshd running on 443... or be
using a httptunnel client and server etc etc... stopping someone getting
out when they are already inside is v difficult - what if they tunnel
over dns/write a custom server and client over port 80 etc?
I would think that generally if the individual knows enough to try
tunneling ssh over https, then they probably can put an ssh server on
443, or using some transport mechanism over http.
Of course thats not to say that you should not block the connect options
for ssh/imap/whatever... but don't assume this will stop anyone getting out.
maybe you could have a tcpdump dumping the open and close connections
for https connect on port 443, and record the amount of usuage/time it
is used, and it may indicate someone using a shell through the https
proxy or something like that?
- jk
- Previous message: Henderson, Dennis K.: "RE: Netcat through Squid HTTP Proxy"
- In reply to: Henderson, Dennis K.: "RE: Netcat through Squid HTTP Proxy"
- Next in thread: Chris Kuethe: "Re: Netcat through Squid HTTP Proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
