1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HTTP Tunnelling

Discussion in 'Networking' started by Rikku, Dec 11, 2001.

Thread Status:
Not open for further replies.
Advertisement
  1. Rikku

    Rikku Thread Starter

    Joined:
    Dec 11, 2001
    Messages:
    743
    My users are not being nice.

    They are using tunnelling software to convert their traffic so that it flows freely through my HTTP Proxy.

    This is mainly used for peer to peer file sharing programs, which are fun, but they chew up the bandwith bigtime!

    A couple examples:

    http://http-tunnel.com/HT_Products_Consumer.asp

    http://worker3.miner.nu

    In the last example, users actually 'socksify' their traffic (convert TCP to SOCKS) then the Socks2http program tunnels it through the proxy.

    AARGH!!!

    Any ideas??

    (I'm using Novell BorderManager 3.6)
     
  2. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Kick their butts off the network.....if the boss won't support you QUIT!! Sounds like a bunch off loose cannons at your office. You might want to try a real firewall instead of a proxy server? Another option would be to put http on port 81 or some other port their software won't work on.
     
  3. littlemar

    littlemar

    Joined:
    Jul 12, 2001
    Messages:
    9,082
    How locked down are these pc's? Don't you have the ability to block or lock down? I have one user that thinks he's an expert because he works part time at Best Buy and I had to lock his pc down so he can't do anything without permission. It sounds like you have more then one and I agree with Rockn but maybe tell the boss ahead of time so he knows when the flack starts coming in.
     
  4. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    I love that littlemar....LOL
    The Best Buy PC guru....too funny

    She is correct tho, you can pretty much sut down their ability to install software and make any network changes, administering it does get to be a headache at time tho.
     
  5. Rikku

    Rikku Thread Starter

    Joined:
    Dec 11, 2001
    Messages:
    743
    Thanks all, for your comments :)

    but......

    This is in a College environment. The users have thier own computers... (and stay up late, trying to hack me)

    We have Novell BorderManager which is a pretty heavy duty firewall - I'm able to deny all packets and permit specific exceptions, log everything, create access rules...

    The problem is, even if I deny everything and only allow proxy traffic, the users can still tunnel their stuff through.

    AND to make matter worse, peer to peer traffic shows up a almost completely different IPs each time, so there's no way to block a certain range of IPs or something like that.

    <sigh>
     
  6. littlemar

    littlemar

    Joined:
    Jul 12, 2001
    Messages:
    9,082
    Looks like you're going to have to sit back and wait for them to royally screw up your system before the "big" guys decide that you need more security and control. Just make sure you keep a record of all the fixes and time it took. Got to cover your a** too.

    The students should be allowed to do what they want at home not at school. Ok, I'll get off the soapbox again. (for a while)
     
  7. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Sounds like the hackers need to be hacked. What do you have for monitoring software? Seems you could easily isolate the traffic to a segment on the network. What are they using the tuneling for...games...FTP....?? What about changing the port # for http? That's what qwest did rececntly to thwart the Code Red virus on Cisco DSL routers.
     
  8. Rikku

    Rikku Thread Starter

    Joined:
    Dec 11, 2001
    Messages:
    743
    We log EVERY http request made through the proxy.

    We could change the proxy port, but that would mean telling people so they'd be able to browse the web :)

    If I could isolate the traffic somehow, then I could limit it, or cap it. Right now its swallowing our T1 whole!!
     
  9. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    If you had some software like Sniffer Pro from Network associates you could see per IP address where the majority of the traffic is coming from. Are any of your network switches managed? If they are they can be monitored very easily...most newer equipment can be monitored for bandwith etc. There are some really awesome monitoring tools out ther if the school wants to dole out the cash.
     
  10. Toddles18

    Toddles18

    Joined:
    Jul 18, 2001
    Messages:
    2,910
  11. Rikku

    Rikku Thread Starter

    Joined:
    Dec 11, 2001
    Messages:
    743
    GREAT INFO Toddles!

    Thank you!!

    *humming to self happily while locking little hoodlums out*
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/61424

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice