[K12OSN] Fedora 2 vs WB3 or RHE3 and old proxy by-pass prob
k12osn at collinsoft.com
k12osn at collinsoft.com
Mon Jun 7 01:17:08 UTC 2004
On Fri, 4 Jun 2004, Terrell Prude', Jr. wrote:
> k12osn at collinsoft.com wrote:
> >Even blocking everything and transparently proxying those two ports won't
> >stop someone from running some sort of anonymizing proxy such as
> >circumventor.
>
> Actually, transparently proxying those two ports will do it very
> nicely. If someone's running an anonymizing proxy, just block that IP
> address. Since, in this scenario, you'd be allowing only TCP 80 and TCP
> 443 to go out, they *have* to go through your transparent proxy setup
> before they can go out. Thus, you can do whatever you want to their
> traffic, and they have no choice. Discover an anonymizing proxier? No
> problem: "access-list 199 deny ip any host ano.nym.iz.er". That's how
> we dealt with circumventor, and it does work.
This still won't stop someone from running an anonymous proxy service that
acts as a website. I'm not familiar with circumventor at all, but I have
seen software where you surf to the website running on a home machine, it
asks for a url, and it sends the page to you, bypassing any filtering you
might have done. A good example on how this works would be
http://www.anonymizer.com/ (which should be blocked in your filtering
software!).
And if they set it up as a secure site, Dans Guardian won't be able to
filter the content.
--
Ryan Collins
Technology Coordinator - Kenton City Schools
http://www.kentoncityschools.org/
More information about the K12OSN
mailing list