Re: Protection against http tunneling (was: HTTP tunnel with linux server and windows client)
I've worked for a firm where they limited http-connections to let's
say 2MB per connection. So for stealing a lot of data you always had
to open several connections. This was some kind of "protection"
against tunnels and heavy downloads. Maybe this interruption would be
of some use to prevent incidents like this.
On 13 Mar 2003 at 16:33, Vassilii Khachaturov wrote:
> > The question is... is there any way to protect against this? I mean,
> > how would you differenciate on for example, a squid, the traffic of
> > one of this tunnels from the real traffic you want to allow?
>
> There is a way to protect any particular form of tunnelling (i.e., if
> you know that a particular tunnel is there, you'll find a way to
> disrupt it).
>
> But there is no practical way to prevent covert communications of an
> inside user to the outside world, if any reasonable connectivity,
> through whatever firewall or whatever, exists. You can minimize the
> risk by monitoring everyone's activity 24hours, but even then you
> don't have 100% guarantee.
>
> And if you close the network, the person can smuggle diskettes in and
> out, creating a high-latency link. Or use the state of his office
> lighting (on or off) at every 17th minutes to signify whether the next
> bit of the message is 0 or 1. Not too good to transmit a picture, but
> enough to eventually relay a secret encryption key to someone out
> there watching. You've got the idea...
Reply to: