[K12OSN] old proxy by-pass prob
k12osn at collinsoft.com
k12osn at collinsoft.com
Mon Jun 7 01:40:16 UTC 2004
On Sun, 6 Jun 2004, Bert Rolston wrote:
> Aw shucks, just keep an eye out for one site that seems to be getting
> extra attention.
>
> There are flaws in the circumventor strategy.
>
> 1) It relies on someone in the censored environment with sufficient
> ability to install the software on their personal machine outside of the
> censored environment. The censored environment may be a home, school, or
> country.
>
> 2) The circumventor machine has to be uncensored, or the censoring
> software has to be disabled.
With the proliferation of cable/DSL connections, this is getting easier
and easier, and most parents are pretty ingorant when it comes to their
computer.
> 3) The circumventor machine has to be on a permanent connection, so the
> address won't change. This will show up in your proxy logs, once it
> does, BLOCK IT!
Even with dial-up you can use a service such as http://www.no-ip.com/ or
http://www.dyndns.org/. But wait, you can block those sites, but they
could bring up the command line and ping the no-ip.com name and get their
ip address. If command line is disabled, go to one of the various sites
that give you net tools such as ping or traceroute, such as
http://www.geektools.com/ and you can still find out the ip address.
> If you have squidguard / dansguardian running on the firewall/proxy will
> the circumventor machine be able to bypass that filtering?
>
> The peacefire site only mentions machines with locally installed
> filtering software like Net Nanny.
Since circumventor traffic is encrypted with SSL, Dans Guardian wouldn't
be able to see the data to filter it. SquidGuard could if you check your
logs and start blocking access to IPs. In a small enough location you
could conceivably block most of the dial-up and broadband ip addresses.
You could run something like this:
http://www.jmarshall.com/tools/cgiproxy/
at home with SSL and be able to surf anywhere. In fact, I haven't figured
out how to force them to make sure every site they're visiting goes
through our filter. The best that I've figured out is to make sure you can
use you logs to tell you exactly who was using what computer when and what
websites they visited.
Anyway, you can't rely on technology for this one, unless you go to
whitelists and block everything else.. :-)
--
Ryan Collins
Technology Coordinator - Kenton City Schools
http://www.kentoncityschools.org
More information about the K12OSN
mailing list