Data-Driven Attacks Using HTTP Tunneling

Poindexter at Poindexter at
Wed Aug 4 09:16:32 PDT 2004

As more traffic across the Internet is coming under scrutiny and network administrators are making efforts to limit the traffic in and out of their networks, the one port that no one is willing to block en-masse is port 80. Users (and administrators) browse the web constantly, whether it is for work purposes or not. The lifeblood of a company's existence on the Internet requires a web presence in one fashion or another and this requires a web server, whether it is hosted by a service provider or located on a company's network. With every new worm, bug, or vulnerability found in IIS and Apache servers, network and secop administrators are trying to lock down these systems further at the router or firewall. To identify attacks many are turning to IDS and IPS.

In this article we will look at a means to bypass the access control restrictions of a company's router or firewall. This information is intended to provide help for those who are legitimately testing the security of a network (whether they are in-house expertise or outside consultants). This article, by no means, condones the use of this information for the purpose of unauthorized access to a network or a system. Finally, this article will provide some pointers on how to defend against this attack.

More information about the cypherpunks-legacy mailing list