Monday, August 24, 2009

Bypass bandwidth management

Last week, i was informed that video streaming from the "trailers" in "Movies.yahoo.com" was fast even though the bandwidth for media streaming was "cramped".

I initally suspect that they might be streaming with low-resolution videos or by downloading and play the video on local drive. But after checking the HTML codes and sniffing the traffic, they were actually using SSL traffic. As the content were encrypted, bandwidth management device was not able to detect these traffic.

Wireshark

Many malware, Botnet, Remote access, File sharing, P2P and more these days, uses SSL to hide their presence and circumvent the detection of security devices such as firewall. SSL is a double-edge sword. It protect our sensitive traffic such as Online banking but also been used by "bad" guys to bypass security detection.

Companies should be careful in allowing SSL traffic in and out of their network. You never know what activity is happening under the cover of SSL.

No comments: