It's going to be funny when you get a job in a place where you get to monitor firewall logs/realtime services - you're going to learn just how wrong you are, or.... you're not going to learn anything and likely get fired.
Now I'm sure that you're Charles Newman - saying that Tunneling can't be detected, what utter poppycock.
They may work as long as noone tries to bypass them. In which case you wouldn't need them in the first place.
cu
59cobalt
We don't allow access to any news sites.
VB, you're completely off your rocker. We don't allow unapproved websites, we white list business partners, we black list other sites that may not meet our policy or that are in an approved category.
It works very nicely, efficiently securely, and sites that don't have content ratings are not permitted at all....
Now, tell me how this really doesn't work, when it works at the state, federal, local, soho, personal levels for so many.
No, it's quite easy, why don't you understand it. You never provide internet access except to approved/required sites - and nytimes.com is not a approved/required site (like so many zillions of others).
Some are some are not, it depends on the list vendor, and you can also black-list sites in an approved category if you find that they should not be to your own liking.
Yes, it falls within acceptable parameters at this location.
-Russ.
Well Sebastian, I will agree to disagree if you will. I don't think anybody is benefiting from the debate any more.
I think in future I will refrain from discussing the methods I use to detect that which is commonly considered undetectable. It bothers people too much. I'll stick with advice on configuring and troubleshooting appliances, for mainstream activities. If people believe it can't be done, I look all the better when I do it for my clients.
So you're right, none of this works, tunneling is impossible to detect.
-Russ.
Then you've already lost. About one year ago I and some other people already implemented a simple proof of concept about cookie/session-id data transfer over that site. With about 10 to 20 % bandwidth efficiency, you've got a nice tunnel.
There your tunnel goes!
So well, you didn't even present just one method while I could easily proof that no general method could exist.
So you actually admit that you're frauding your customers?
Tunneling is *generally* and *practically* impossible to detect, so you're just wasting your time.
Only the terminally clueless believe the above statement. You're putting yourself in the same class as Charles Newman (and you might just be Charles posting under another name).
No general method does exist. It takes skills and mulitple tools.
No, when I turn up tunnellers that subsequently admit to the behaviour, I don't feel that's faudulent.
You're right, it's impossible. Nobody should try.
-Russ.
The fact that the site is allowed, and can be used to make a tunnel, doesn't prove that I can' find and detect the tunnel.
Oh wait, I forgot, tunnels are impossible to detect. Never mind.
-Russ.
You have a problem with logic. No-one said, that it is impossible to detect a tunnel.
Yours, VB.
You have, several times, stated that it's almost impossible to detect a tunnel without lots of CPU power, which we all know is wrong, as many of us do it daily.
But I'm saying so. Using public key cryptography one can create a tunnel that provably can't be differed from a normal session ID transfer.
How would you like to differ a 128 bit hash value used as a session ID from 128 Bit of encrypted data?
What about provable undetectable tunnels using steganographic embedding of a provably undetectable covert channel?
Generelly yes.
You'll still only catch the obvious. Should I restate Rice's theorem?
And do you tell your customers that most likely there are other tunnels in place that you cannot detect?
It's practically impossible, so nobody should try.
Then you're wrong.
And knowing how it is done means being able to detect.
Yours, VB.
How about if you can't connect to it, then you can't use it as a tunnel point - what's so hard to understand about that.
Assuming the session ID transfer is a fully normal and trusted activtiy (f.e. logging in at nytimes.com and reading some articles)and the session ID is a pseudorandom value, you can create a covert channel with bandwidth efficiency 1/n that is as hard to detect as it is to break either a chosen n-bit symmetric cipher or RSA of any length.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.