[ale] Firewall Administrative Question

Patrick tewkewl at mindspring.com
Tue Jun 20 20:28:25 EDT 2000


Is this HTTP 'client' going to be a normal browser?  What exactly will it be
receiving?  What yiou are doing should be irrelevant as long as you are
passing it along port 80... (which most firewalls let go) This is similar to
how versions of distnet's client, some messenger clients, etc, get around
firewalls.

I'm not sure I understand what the possible trouble would be for the IS
folks.  It would seem to be transparent.  Am I missing something?

-Patrick
----- Original Message -----
From: John Mills <"jmills at tga.com"@tga.com>
To: ale at ale.org
To: Atlanta Linux Enthusiasts <ale at ale.org>
Sent: Tuesday, June 20, 2000 5:35 PM
Subject: [ale] Firewall Administrative Question


>
> Hello -
>
> I would like to write a set of clients and servers, each pair of which
> would would communicate using a different packet sub-type, each presenting
> to a firewall as HTTP/1.1. The actual data would consist of well-formed
> HTTP Requests and HTTP Responses. The content-type would be "text/xml" or
> "application/xml". I would like to use a set of port numbers other than
> the usual 80 and 443, so that each service could be assigned a port
> number and those clients would use that port for their default connection.
>
> In summary, this box would behave like an HTTP/1.1 client except that it
> would work to a non-standard set of ports.
>
> Technically I think this amounts to "HTTP Tunnelling" as a [hopefully]
> non-threatening way to pass several types of exchange through a proxy
> firewall (or a number of them) without having to use another box ahead of
> the client to decode each packet's type to determine which service was
> appropriate.
>
> The question is this: in the typical enterprise with a strong, content-
> filtering proxy firewall, how much trouble will the MIS department have to
> go to allow this?
>
> How risky do you think this type of setup would appear to an 'average'
> firewall administrator?
>
> Any experience with available firewalls, or any policy information you
> could share, would be great. Thanks for any comments.
>
> Regards -
>
>    John Mills
>    Sr. Software Engineer
>    TGA Technologies, Inc.
>    100 Pinnacle Way, Suite 140
>    Norcross, GA 30071-3633
>    e-mail: jmills at tga.com
>    Phone: 770-441-2100 ext.124 (voice)
>           770-449-7740 (FAX)
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list