<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1498" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>This one is possible, but I would like to prefere
some kind of blocks, maybe into iptables?</FONT></DIV>
<DIV><FONT face=Arial size=2>Thanks</FONT></DIV>
<DIV><FONT face=Arial size=2> </FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=jon.spriggs@gmail.com href="mailto:jon.spriggs@gmail.com">Jon
Spriggs</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=k12osn@redhat.com
href="mailto:k12osn@redhat.com">Support list for opensource software in
schools.</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, June 08, 2005 8:46
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [K12OSN] Blocking http
tunnel and ssh tunnel</DIV>
<DIV><BR></DIV>
<DIV>If it were me, I'd do the following.</DIV>
<DIV> </DIV>
<DIV>1) Install Snort on the K12 server. Launch a HTTP tunnel yourself and
watch the traffic using snort.</DIV>
<DIV>2) Configure snort to watch for that signature.</DIV>
<DIV>3) Arrange for it to drop the log file into an e-mail hourly, daily or
weekly, depending on how often it's happening.</DIV>
<DIV>4) Enable "login recording" (I can't remember the exact local policy
option - I can look it up for you if needed) on the Windows PC</DIV>
<DIV>5) Confront the user who was logged in at the time in a subtle manner
first (such as, look kid - the rules are there for a reason) then the heavier
handed approach (do you want me to bring in your parents) followed by the
sledgehammer (OK, let's see the headmaster) and if that doesn't work get the
police (there's probably some sort of "Misuse of computing" laws? perhaps if
you speak to the officers and let them know that you initially want to
frighten the lad into behaving, and if that's doesn't work, you'll want to
start the formal route) </DIV>
<DIV> </DIV>
<DIV>Remember, most of the best white hats started as black hats - if you
teach this kid the meaning of right and wrong now (and most importantly, this
stuff can be monitored) then hopefully, he'll ease off.</DIV>
<DIV> </DIV>
<DIV>Perhaps if you show him how you caught him, he'll show more interest in
the legitimate side of this game?</DIV>
<DIV> </DIV>
<DIV>And of course, it's not necessarily a guy - I'm just using the male
gender for illustration purposes.</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV> </DIV>
<DIV>Jon "The Nice Guy" Spriggs.<BR><BR> </DIV>
<DIV><SPAN class=gmail_quote>On 08/06/05, <B
class=gmail_sendername>M.Pribik</B> <<A
href="mailto:mpribik@zoznam.sk">mpribik@zoznam.sk</A>> wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<DIV><FONT face=Arial size=2>Is it possible to block "http tunnel" and "ssh
tunnel" created by students on Windows desktop PCs? The Internet
traffic of the Window desktops are going through K12LTSP server
and HTTP traffic is filtered by Dansguardian. The tunnels can override the
filter! </FONT></DIV>
<DIV><FONT face=Arial> <FONT size=2>Thank you,
Marian</FONT></FONT></DIV>
<DIV><FONT
face=Arial></FONT> </DIV><BR>_______________________________________________<BR>K12OSN
mailing list<BR><A onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:K12OSN@redhat.com">K12OSN@redhat.com </A><BR><A
onclick="return top.js.OpenExtLink(window,event,this)"
href="https://www.redhat.com/mailman/listinfo/k12osn"
target=_blank>https://www.redhat.com/mailman/listinfo/k12osn</A><BR>For more
info see <<A onclick="return top.js.OpenExtLink(window,event,this)"
href="http://www.k12os.org/" target=_blank>
http://www.k12os.org</A>><BR><BR></BLOCKQUOTE></DIV><BR>-- <BR>Jon "Four
Star Gun" Spriggs AKA<BR>Jon "The Nice Guy" Spriggs
<P>
<HR>
<P></P>_______________________________________________<BR>K12OSN mailing
list<BR>K12OSN@redhat.com<BR>https://www.redhat.com/mailman/listinfo/k12osn<BR>For
more info see <http://www.k12os.org></BLOCKQUOTE></BODY></HTML>