[K12OSN] Fedora 2 vs WB3 or RHE3 and old proxy by-pass prob

k12osn at collinsoft.com k12osn at collinsoft.com
Mon Jun 7 01:17:08 UTC 2004


On Fri, 4 Jun 2004, Terrell Prude', Jr. wrote:
> k12osn at collinsoft.com wrote:
> >Even blocking everything and transparently proxying those two ports won't 
> >stop someone from running some sort of anonymizing proxy such as 
> >circumventor.
> 
> Actually, transparently proxying those two ports will do it very 
> nicely.  If someone's running an anonymizing proxy, just block that IP 
> address.  Since, in this scenario, you'd be allowing only TCP 80 and TCP 
> 443 to go out, they *have* to go through your transparent proxy setup 
> before they can go out.  Thus, you can do whatever you want to their 
> traffic, and they have no choice.  Discover an anonymizing proxier?  No 
> problem:  "access-list 199 deny ip any host ano.nym.iz.er".  That's how 
> we dealt with circumventor, and it does work.

This still won't stop someone from running an anonymous proxy service that 
acts as a website. I'm not familiar with circumventor at all, but I have 
seen software where you surf to the website running on a home machine, it 
asks for a url, and it sends the page to you, bypassing any filtering you 
might have done. A good example on how this works would be 
http://www.anonymizer.com/ (which should be blocked in your filtering 
software!).

And if they set it up as a secure site, Dans Guardian won't be able to 
filter the content.

-- 
Ryan Collins
Technology Coordinator - Kenton City Schools
http://www.kentoncityschools.org/





More information about the K12OSN mailing list