Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Minimizing/Stopping http-tunneling

Hi everyone,

Would anyone have suggestions on how I might minimize/stop users from performing http-tunneling to bypass our content filtering, using instant messanger, etc.....

I currently have all outgoing ports block except for 80, 443 from those networks.

What I have noticed is the user are setting up proxy servers at their home then building ssh tunnel over port to their servers.

One of the ideas, I was thinking of trying was setting up a proxy server (squid, ISA, whatever) with WCCP. Once this was setup, I was only going to allow internet access from the Proxy server on ports 80, 443 and close everything else.

I know that this is shot in the dark.

Thanks for the advice.

-- Dominique

1 REPLY
Cisco Employee

Re: Minimizing/Stopping http-tunneling

V7.0 of PIX code (I presume you have a PIX since you've asked this on the firewalling group) has some good stuff for stopping IM's, etc.

You can read about how to configure it here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/inspect.htm#wp1144258

Specifically look at the "port-misuse" parameter under the http-map.

You can get v7.0 code from here:

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

And the rest of the v7 documentation, for your perusal is here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/index.htm

102
Views
0
Helpful
1
Replies
CreatePlease to create content