[29175] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: HTTP Tunneling

daemon@ATHENA.MIT.EDU (Mufti Ahmed)
Wed Jun 14 08:57:15 2000

Date: Wed, 14 Jun 2000 08:53:30 -0400
From: Mufti Ahmed <Mufti.Ahmed@reuters.com>
To: Eric Vyncke <evyncke@cisco.com>
Cc: nanog@merit.edu
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
Message-Id: <20000614125506.AB4095DE40@segue.merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu

Hi Eric, this sounds like a hack or is this valid for certain services that
you've
seen.

thanks

Mufti Nayeem Ahmed
Network Systems Engineer
Market Data Networks
Reuters America Inc.
(212)-603-3595

Eric Vyncke <evyncke@cisco.com> on 06/14/2000 03:09:21 AM

To:   Mufti Ahmed/NYC/US/Reuters@REUTERS, nanog@merit.edu
cc:
Subject:  Re: HTTP Tunneling

Mufti,

May be your director was thinking about tunneling a Telnet/SSH/IPSec/... session
in a HTTP session.

This is quite common to use HTTP (which is allowed through most firewalls
configuration) to funnel other protocols through a firewall.

If your firewall is a plain packet filter, sending Telnet traffic to a modified
/etc/inetd.conf on port 80 will make the trick.

If your firewall is a proxy firewall, you will have to add a HTTP header
to it ;-)

Basically, some trojans are using this technique.

Other protocols used for tunneling are ICMP (remember loki ?), ...

Hope this helps

-eric

At 18:38 13/06/2000 -0400, Mufti Ahmed wrote:

>My Director was mentioning this phrase to me. Is this another term for
>"TLS Within HTTP/1.1"  RFC 2817.  Maybe some one who works in the
>ISP world is familiar with this term? Or do you think it's just a marketing
>term for what i just mentioned?
>
>Thanks
>
>Mufti Nayeem Ahmed
>Network Systems Engineer
>Market Data Networks
>Reuters America Inc.
>(212)-603-3595
>
>
>-----------------------------------------------------------------
>         Visit our Internet site at http://www.reuters.com
>
>Any views expressed in this message are those of  the  individual
>sender,  except  where  the sender specifically states them to be
>the views of Reuters Ltd.

Eric Vyncke
Consulting Engineer                Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke@cisco.com          Mobile: +32-75-312.458

-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29175] in North American Network Operators' Group

Re: HTTP Tunneling

daemon@ATHENA.MIT.EDU (Mufti Ahmed)Wed Jun 14 08:57:15 2000

daemon@ATHENA.MIT.EDU (Mufti Ahmed)
Wed Jun 14 08:57:15 2000