Re: Anti-spyware at the Gateway
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Anti-spyware at the Gateway

From: Somebody. <somebody.@nospam.russdoucet.com>
Date: Mon Mar 13 2006 - 16:26:00 CET




"Sebastian Gottschalk" <seppi@seppig.de> wrote in message 


news:47l6rlFfs3doU1@news.dfncis.de...


> Somebody. wrote:


>


>> On the network like that, that we monitor, we catch the people that do 


>> such


>> tunnelling, and they are diciplined for breaching policy.


>


> You cannot detect arberaty tunneling techniques.



Not easily.  But you can.  They each have some sort of behavior that is not 


like their neighbors on the network. You simply have to notice it.  Noticing 


things that are outside of the normal is a start, when you turn your full 


attention to it, you will figure it out.



>> Those that repeatedly try to get around it, show up in the logs as such


>> (repeated denies), and get special "attention".  Even your two minute


>> attempt would garner you some special attention, now for deliberately


>> attempting to get around the policies.


>


> A serious tunneling doesn't produce any log entries, as no implemented


> policy is violated.



If you are logging all traffic in and out of your pipe, it does indeed 


produce log entries.  These can be examined and the behavior can be 


discovered.  (the policies I was referring to above were the written 


policies, not electronic ones)



-Russ. 


Received on Mon May  1 00:56:44 2006