[CentOS] firewall?

Sun Jul 17 09:11:46 UTC 2011
Keith Roberts <keith at karsites.net>

On Sun, 17 Jul 2011, Ljubomir Ljubojevic wrote:

*snip*

>>> I read some time ago something about tunneling different protocols
>>> through firewalls? which sounded quite scary.
>>
>> This is what I was refering to:
>>
>> Data Driven Attacks Using HTTP Tunneling
>>
>> "... HTTP Tunneling Example
>>
>> HTTP tunneling can be used to access ports that are
>> normally inaccessible from a network. Consider Figure 1
>> below. The attacker's host is shown on the left with the
>> target systems on the right. The router at the edge has the
>> following policies:"
>>
>> http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling
>>
>> Sounds a bit scary to me, as any website needs to have port
>> 80 open to allow access to that website.
>>
>
> That example is based on the premise that attacker will exploit existing
> security bug/hole to gain access to the system. And they refer in that
> article to IIS (Micro$oft Web server, with holes like swiss cheese).
>
> If you check the frequency of Apache (httpd) security bugs on CentOS
> 5.x, I think you will see several Denial Of Service bugs, but only one
> or two that would allow code execution. And bug reports for Apache are
> made to secure mailing list so rest of the world is not aware of them
> until they are already fixed.
>
> So I would not be overly concerned about HTTP tunneling attacks.

OK thanks for that advice Ljubomir.

Kind Regards,

Keith

-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------