Website using port 85
James Wilkinson
james at westexe.demon.co.uk
Wed Jan 26 02:04:48 UTC 2005
Deron Meranda wrote:
> Ah, the fun of companies that like to port-block and proxy
> everything because of the feeling of power it gives them.
Or know that they've got limited bandwidth and want to save it for stuff
that is either low-bandwidth or work-related (preferably both).
And no, it *isn't* necessarily cheaper just to buy more bandwidth.
> In general, it's usually pretty easy to get around a firewall, as
> long as you control something on each side. No matter how
> small of a hole the firewall has, with patience, you can
> squeeze elephants through it. (And a firewall has to have a
> hole of some sort, or it's just a concrete block, not a firewall).
> But it's all still very annoying.
And you don't have plausible deniability. If you have a
carefully-constructed tunnel running over HTTP through a proxy, it's
fairly obvious that you're trying to circumnavigate the firewall. And if
that proxy has suitable logging and analysis (length of connection,
number of connections, amount of traffic), there's a good chance your
tunnel will become obvious.
> Depending on how determined your obstacles are, be aware that
> they may run invisible proxies. Even for SSL. So if you really
> want to be invisible, use ssh (and validate your server keys!)
> or set up real SSL on your Apache server, and then be sure to
> check the SSL certificate on your browser to make sure there's
> no man-in-the-middle.
You aren't invisible.
IT staff can't read the data, but they can tell that the traffic is
there.
James.
--
James Wilkinson | Whenever [Richard I] returned to England he always
Exeter Devon UK | set out again immediately for the Mediterranean and
E-mail address: james | was therefore known as Richard Gare de Lyon.
@westexe.demon.co.uk | -- '1066 and All That'
More information about the fedora-list
mailing list