[107944] in Cypherpunks
Re: firewall circumvention
daemon@ATHENA.MIT.EDU (Foo Young)
Fri Jan 29 12:11:12 1999
Date: Fri, 29 Jan 1999 11:53:23 -0500 (EST)
From: Foo Young <wok@cyberspace.org>
To: cypherpunks@cyberpass.net
In-Reply-To: <Pine.LNX.4.04.9901290845160.13777-100000@Io.ALIEN.BT.CO.UK>
Reply-To: Foo Young <wok@cyberspace.org>
mgraffam may have wrote:
> The firewall should let the connection to port 80 through, I'd think..
> unless it actually monitors the traffic on that port to verify that it
> is an http session! ..
An application-layer gateway (proxy) won't simply allow you to make
arbitrary connections to ports 80, you must obey the protocol. That said,
there is very little you can't embed in a protocol like HTTP. If you have
control of both endpoints.
Although HTTP is asymmetric (client->server), you can simulate a symmetric
channel with some buffers if you arrange for the client to poll the server
repeatedly. Stick a pppd at each end and you have a cheap-but-effective
VPN which tramples your employers security policy.
Foo.
'98 Extreme Knitting Champion
