One of the core problem that allows A.S.E to do his job quite effective is what I call static http/s tunneling. You can´t evade a primary static tunnel system like that because you need a browser to surf the internet. IMHO, there are actually not many possibilities to prevent static http/s tunneling. ALF (application level firewall) was a try worth but couldn´t prevent the information flow of A.S.E for long. Apparently it used kind of http exploit or http request smuggling to circumvent the proxy wall, further disadvantages might be slow down of general internet activities and errors of several services. What about SPI (stateful packet inspection) mostly found in nowadays routers, blocks outside potential harmful traffic and ddos but is vulnerable against http tunnels. If http traffic adapts to standards and is encrypted and embedded in http, firewalls remain powerless. This can be considered as one of the key vulnerabilities of the internet. All bypassing Eye could use hidden tunnel streams to evade all security setups.
No comments:
Post a Comment