RE: Tunnel any protocol over any protocol?
- From: "Ken Kousky" <kkousky@xxxxxxxxxx>
- Date: Wed, 6 May 2009 11:53:06 -0400
Vunneling is simply sending structured data in the RTP/UDP stream. Most
engineers are taught that successful data transmissions require every packet
to arrive in tact and in sequence or the files will be corrupted. This
implies that the media channel in a voip connection can't carry the
corporate data base out the front door or bring in malware. However, it's
common to use an unreliable layer, like UDP as long as a higher layer
service requests retransmission of any lost or corrupted packets.
This is an extremely important issue since most companies only inspect the
call set-up and signally (usually the SIP) which establishes an inbound and
an outbound UDP port. The actual flow of data isn't inspected in almost all
voip connections due to the latency it takes.
So DLP is mostly a pipedream toda. Anybody running end-to-end voip services
must be using a data loss prevention system with the back door wide open.
This only gets worse as managers say they want their voice and video
conference sessions encrypted. All you can do at this point is trust the end
stations.
I spent hours at RSA looking for companies wanting to address these covert
channels and was extremely disappointed.
KWK
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Jeff Johnson
Sent: Tuesday, May 05, 2009 4:10 PM
To: Danny Puckett; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Tunnel any protocol over any protocol?
I also hear there is something called Vunneling that allows you to
tunnel over RTP packets.
Thanks,
Jeff
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Danny Puckett
Sent: Tuesday, May 05, 2009 3:29 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Tunnel any protocol over any protocol?
There is a slick utility called Ping Tunnel that allows tunneling over
ping packets.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Chip Panarchy
Sent: Tuesday, May 05, 2009 7:07 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Tunnel any protocol over any protocol?
Hello
Is it possible to Tunnel any Protocol (within reason) over any other
protocol?
Eg; http tunnel, https tunnel, ftp tunnel, ssh tunnel etc.
If yes, could you please tell me your preferred programs/tools/scripts
for doing so?
Thanks in advance,
Panarchy
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught
by an expert with years of real pen testing experience.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
This email and any attached files are confidential and intended solely for
the intended recipient(s). If you are not the named recipient you should not
read, distribute, copy or alter this email. Any views or opinions expressed
in this email are those of the author and do not represent those of the
company. Warning: Although precautions have been taken to make sure no
viruses are present in this email, the company cannot accept responsibility
for any loss or damage that arise from the use of this email or attachments.
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught by
an expert with years of real pen testing experience.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
__________ NOD32 4055 (20090506) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
- References:
- Tunnel any protocol over any protocol?
- From: Chip Panarchy
- RE: Tunnel any protocol over any protocol?
- From: Danny Puckett
- RE: Tunnel any protocol over any protocol?
- From: Jeff Johnson
- Tunnel any protocol over any protocol?
- Prev by Date: Re: Tunnel any protocol over any protocol?
- Next by Date: RE: Tunnel any protocol over any protocol?
- Previous by thread: Re: Tunnel any protocol over any protocol?
- Next by thread: Re: Tunnel any protocol over any protocol?
- Index(es):
Relevant Pages
|
