[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] old proxy by-pass prob

Hi Ryan,

Aw shucks, just keep an eye out for one site that seems to be getting
extra attention.

There are flaws in the circumventor  strategy. 

1) It relies on someone in the censored environment with sufficient
ability to install the software on their personal machine outside of the
censored environment. The censored environment may be a home, school, or

2) The circumventor machine has to be uncensored, or the censoring
software has to be disabled.

3) The circumventor machine has to be on a permanent connection, so the
address won't change. This will show up in your proxy logs, once it
does, BLOCK IT!

4) Peacefire suggests only giving this address out to about 10 people.
Why? So the traffic doesn't get too heavy on this 'little server'.
Remember, this is a personal machine machine. 

I'm not that clued up on firewall rules, but here are some questions for
the list.

If your firewall is set up to only allow incoming connections from
certain hosts, could the circumventor machine get through?

If you have squidguard / dansguardian running on the firewall/proxy will
the circumventor machine be able to bypass that filtering? 

The peacefire site only mentions machines with locally installed
filtering software like Net Nanny.


> A good site to see what students can do is http://peacefire.org/. It 
> appears they have a program called circumventor which lets the students 
> get around you're filtering even without changing the proxy server. It 
> also uses SSL to encrypt the transmission so you can't even see what's 
> going through. I don't know how to stop this one.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]