Re: Anti-spyware at the Gateway

"Sebastian Gottschalk" <seppi@seppig.de> wrote in message
news:47likiFg3ba0U1@news.dfncis.de...
> Somebody. wrote:
>> "Sebastian Gottschalk" <seppi@seppig.de> wrote in message
>> news:47l6rlFfs3doU1@news.dfncis.de...
>>> Somebody. wrote:
>>>
>>>> On the network like that, that we monitor, we catch the people that do
>>>> such
>>>> tunnelling, and they are diciplined for breaching policy.
>>> You cannot detect arberaty tunneling techniques.
>>
>> Not easily. But you can.
>
> Not easily == with exponential effort, so actually not at all
>
>> They each have some sort of behavior that is not
>> like their neighbors on the network.
>
> Simple DNS queries? Uploading unsuspiciously looking JPEG images?
>
>> You simply have to notice it. Noticing
>> things that are outside of the normal is a start, when you turn your full
>> attention to it, you will figure it out.
>
> Good tunneling cannot be differed from normal behaviour.
>
>> If you are logging all traffic in and out of your pipe, it does indeed
>> produce log entries.
>
> Wonderful. :-)
>
>> These can be examined and the behavior can be discovered.
>
> It cannot.
>
>> (the policies I was referring to above were the written
>> policies, not electronic ones)
>
> Fine. So what? Doesn't help with any technically imposed limits.

Ok, well you can tell the fellows we've caught doing this so far, that they
weren't caught.

Are there others doing it? Perhaps. Will they get away with it forever?
Don't count on it.

Just because *you* can't do it, doesn't mean it can't be done.

-Russ.
Received on Mon May 1 00:56:58 2006