Is traffic analysis possible if cntlm (tunneling) is used?

K

Koyotter2014-08-22 17:07:26

linux

Koyotter, 2014-08-22 17:07:26

At work, a corporate proxy with restrictions.
The department has a dedicated Internet machine running Linux.
I wanted to download maven dependencies, I had to raise a special proxy - cntlm, which can log in via NTLM. Its side effect - allows you to bypass restrictions, i.e. when working through this proxy, nothing is blocked. Surprised, read - cntlm creates an HTTP tunnel. So, will admins be able to catch HTTP requests going through the tunnel, or will they be able to detect and block cntlm? Didn't find much on google.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

J

jcmvbkbc, 2014-08-22
@Koyotter

will admins be able to catch HTTP requests going through the tunnel

Your admins themselves have allowed this tunneling (i.e. the CONNECT method), so it will not be difficult for them to see that it is being used (if they can read the logs and read them), and disable it if it is against their policy. But inside such a tunnel, HTTP can be distinguished from other traffic only by specifically analyzing the packets. A regular proxy server will not distinguish.
> Correctly, I understood that it is impossible to see WHAT is requested through the tunnel (ie, that a person got into contact)
Well, at least you can see where the connection was requested, because the connection address is transmitted in the connect header.