Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: HTTP Tunneling

  • From: Mufti Ahmed
  • Date: Wed Jun 14 08:58:04 2000 


Hi Eric, this sounds like a hack or is this valid for certain services that
you've
seen.

thanks

Mufti Nayeem Ahmed
Network Systems Engineer
Market Data Networks
Reuters America Inc.
(212)-603-3595






Eric Vyncke <evyncke@cisco.com> on 06/14/2000 03:09:21 AM

To:   Mufti Ahmed/NYC/US/Reuters@REUTERS, nanog@merit.edu
cc:
Subject:  Re: HTTP Tunneling






Mufti,

May be your director was thinking about tunneling a Telnet/SSH/IPSec/... session
in a HTTP session.

This is quite common to use HTTP (which is allowed through most firewalls
configuration) to funnel other protocols through a firewall.

If your firewall is a plain packet filter, sending Telnet traffic to a modified
/etc/inetd.conf on port 80 will make the trick.

If your firewall is a proxy firewall, you will have to add a HTTP header
to it ;-)

Basically, some trojans are using this technique.

Other protocols used for tunneling are ICMP (remember loki ?), ...

Hope this helps

-eric

At 18:38 13/06/2000 -0400, Mufti Ahmed wrote:



>My Director was mentioning this phrase to me. Is this another term for
>"TLS Within HTTP/1.1"  RFC 2817.  Maybe some one who works in the
>ISP world is familiar with this term? Or do you think it's just a marketing
>term for what i just mentioned?
>
>Thanks
>
>Mufti Nayeem Ahmed
>Network Systems Engineer
>Market Data Networks
>Reuters America Inc.
>(212)-603-3595
>
>
>-----------------------------------------------------------------
>         Visit our Internet site at http://www.reuters.com
>
>Any views expressed in this message are those of  the  individual
>sender,  except  where  the sender specifically states them to be
>the views of Reuters Ltd.

Eric Vyncke
Consulting Engineer                Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke@cisco.com          Mobile: +32-75-312.458




-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.