HTTP Tunnelling

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Rikku

Thread Starter
Joined
Dec 11, 2001
Messages
743
My users are not being nice.

They are using tunnelling software to convert their traffic so that it flows freely through my HTTP Proxy.

This is mainly used for peer to peer file sharing programs, which are fun, but they chew up the bandwith bigtime!

A couple examples:

http://http-tunnel.com/HT_Products_Consumer.asp

http://worker3.miner.nu

In the last example, users actually 'socksify' their traffic (convert TCP to SOCKS) then the Socks2http program tunnels it through the proxy.

AARGH!!!

Any ideas??

(I'm using Novell BorderManager 3.6)
 
Joined
Jul 29, 2001
Messages
21,334
Kick their butts off the network.....if the boss won't support you QUIT!! Sounds like a bunch off loose cannons at your office. You might want to try a real firewall instead of a proxy server? Another option would be to put http on port 81 or some other port their software won't work on.
 
Joined
Jul 12, 2001
Messages
9,082
How locked down are these pc's? Don't you have the ability to block or lock down? I have one user that thinks he's an expert because he works part time at Best Buy and I had to lock his pc down so he can't do anything without permission. It sounds like you have more then one and I agree with Rockn but maybe tell the boss ahead of time so he knows when the flack starts coming in.
 
Joined
Jul 29, 2001
Messages
21,334
I love that littlemar....LOL
The Best Buy PC guru....too funny

She is correct tho, you can pretty much sut down their ability to install software and make any network changes, administering it does get to be a headache at time tho.
 

Rikku

Thread Starter
Joined
Dec 11, 2001
Messages
743
Thanks all, for your comments :)

but......

This is in a College environment. The users have thier own computers... (and stay up late, trying to hack me)

We have Novell BorderManager which is a pretty heavy duty firewall - I'm able to deny all packets and permit specific exceptions, log everything, create access rules...

The problem is, even if I deny everything and only allow proxy traffic, the users can still tunnel their stuff through.

AND to make matter worse, peer to peer traffic shows up a almost completely different IPs each time, so there's no way to block a certain range of IPs or something like that.

<sigh>
 
Joined
Jul 12, 2001
Messages
9,082
Looks like you're going to have to sit back and wait for them to royally screw up your system before the "big" guys decide that you need more security and control. Just make sure you keep a record of all the fixes and time it took. Got to cover your a** too.

The students should be allowed to do what they want at home not at school. Ok, I'll get off the soapbox again. (for a while)
 
Joined
Jul 29, 2001
Messages
21,334
Sounds like the hackers need to be hacked. What do you have for monitoring software? Seems you could easily isolate the traffic to a segment on the network. What are they using the tuneling for...games...FTP....?? What about changing the port # for http? That's what qwest did rececntly to thwart the Code Red virus on Cisco DSL routers.
 

Rikku

Thread Starter
Joined
Dec 11, 2001
Messages
743
We log EVERY http request made through the proxy.

We could change the proxy port, but that would mean telling people so they'd be able to browse the web :)

If I could isolate the traffic somehow, then I could limit it, or cap it. Right now its swallowing our T1 whole!!
 
Joined
Jul 29, 2001
Messages
21,334
If you had some software like Sniffer Pro from Network associates you could see per IP address where the majority of the traffic is coming from. Are any of your network switches managed? If they are they can be monitored very easily...most newer equipment can be monitored for bandwith etc. There are some really awesome monitoring tools out ther if the school wants to dole out the cash.
 

Rikku

Thread Starter
Joined
Dec 11, 2001
Messages
743
GREAT INFO Toddles!

Thank you!!

*humming to self happily while locking little hoodlums out*
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top