BT develops tunneling tech, beats firewalls

Method could be taken up by evil hackers, warns telco monolith

A representative from BT's research labs has revealed that the telecommunications giant has developed a new wave of HTTP tunnelling technology capable of bypassing conventional firewall security measures.

BT's Steve Hubbard expressed the fear that hackers could soon adopt this technology and run amok on many networks protected by outmoded firewall technology.

The HTTP tunnelling technique has been developed by BT to enhance the transfer of traffic across networks adopting a new generation of protocols. According to BT, the tunnelling technique will allow traffic to travel from one IPV6 host to another via a IPV4 network, although BT concedes that this technique could also allow malicious code to be hidden disguised as HTTP traffic, allowing it to slip past firewall protocol blocking.

Hubbard describes many current firewall technologies as increasingly redundant and called for an "evolution" in security methods. He also warned those complacent about protecting their company with a firewall alone, saying, "It is only a matter of time before someone else comes up with this idea and uses it to hack into somewhere."

However ex-hacker and security specialist Matt Bevan says that this sort of technique is hardly new. He says, "There's a program called Crack Pipe that can be used to tunnel TCP through a mail server. Anyway you can breach a firewall with Back Orifice and that's very unlikely to be noticed."

Bevan also suggests that Hubbard and BT may well have had an ulterior motive for publicising such vulnerabilities. "You've got to think why would they develop this thing and then go around telling everyone about it, if they're so security conscious. Maybe they've also got some new network access technology they'll want to promote soon."

Take me to the Hackers news special