HTTP tunnel

[don]

I was at a conference a while ago and one of the speakers talked about a project they had.
The project was based on a large campus in which all students were only allowed http and
that was it. The problem was a large number of student were using http tunnel and other
like minded programs to get around it.
This phd's solution was to design and code a unique program. The program was based on the
response and answer times and amount of data sent vs received. I won't go into details here
for it would take too long, however once properly coded and implemented this program detected %97 of all http tunnel sessions!
That was pretty wicked indeed. Thought I would post this in case some of you guys were having like minded concerns over what some people were doing via http.

[neel]

People will always find a way to work arround those filters. Even if you filtering method is "cutting the line", even then people will find a way. 97% is nice for now, but imagine 10/20 years ago how many computers were vulnerable to the 'ping of death', and how many are now ? And is there really a decrease of crashes, defacements, exploits ? I think there only get more... At least for this time, maybe in the future we have better educated people. So 97 % of all administrators will be more knowledgeable then a general sciptkiddie or newbie. There had been some test somewere some while ago (well... I don't know were and how). It was somekind of wargame with sys admins, hackers, whizkids etc. The sysadmins lost badly and of them 38% didn't knew what happened, and 1% (!) couldn't get root on their own system... They got a pasword and a ssh client, some people just didn't knew what to do with that. Those were admins of pretty big sites, and they didn't knew basic linux and a large part that did knew, didn't know enough to decently secure their box. Makes you figure :s

[don]

I think my point was not clearly stated here perhaps. On a campus network where all that is
allowed is http access you can almost virtually get all illegal applications such as http tunnel
from broaching your policy. That is the point I am trying to make. It was an excellent piece of
programming, and an excellent tool. Things will always change however for the time being this
defeats all attempts at defeating the rules set in place via such tools as http tunnel.

[Tedob1]

http://www.icqproxy.com/icqp.asp

The Firewall
Most corporate networks today are behind firewalls. The purpose of a firewall is to prevent unwanted users from having access to machines within a companies intranet. At the same time they allow people in the intranet to access the internet. Unfortunately due to the way some firewalls are setup, only allow certain applications work. These restrictions prevent people from using several common internet applications such as ICQ, checking their POP/IMAP e-mail, PC Anywhere etc.

The Solution - HTTP-Tunnel

The founders of this company were determined to find a solution for this problem without compromising security the firewall provides and so they developed HTTP-Tunnel. HTTP-Tunnel is an application that runs in your system tray acting as a SOCKS server. Your application sends data to the HTTP-Tunnel client running on your desktop which then tunnels the data over HTTP (Port 80) to one of the free servers run by HTTP-Tunnel.com This server then sends that data to the real destination and vica-versa. This forwarding mechanism allows people to use any internet application from behind a firewall.

+=+=+=+=+=+=+=+=+=+=+=+=+=+

I sure am glad they don’t consider letting the most ignorant and careless of users have access to unprotected pop-mail and how can anyone consider ICQ a security threat.

Its also very nice that anybody that wants to use pcAnywhere no longer needs to bother the Admin because now he’s got more than enough to do tracking down and eliminating all the worms and trojans brought in by third party email and icq not to mention the new and improved Kazaa running on port 80

i hope we get to see that program someday soon. thank for the info don