[K12OSN] Squid / Socks
Josiah Ritchie
jritchie at bible.edu
Wed May 19 12:24:22 UTC 2004
On Wed, 2004-05-19 at 08:05, daniel.hunt at iibbank.ie wrote:
> From: Josiah Ritchie [mailto:jritchie at bible.edu]
> > > Hey all
> > > I know that Squid is a simple http proxy - what I'm looking for is a
> > > complete proxy system ... that can help filter everything including (but
> not
> > > limited to) IM applications / browsers / other stuff :p / etc
> > That is going to be hard. I work at a small college and we didn't do
> > this at all until recently. It required us to get a traffic shaper. We
> > messed around with doing it with Linux for awhile, but it was more messy
> > then it was worth. Also, if you have P2P programs you are trying to
> > limit there's an issue with them hopping ports and you have to get
> > something that scans at layer 7 of the OSI model or you really can't
> > nail them down. Our traffic shaper is a vendor provided Linux box
> > actually, so it is all possible in Linux.
> > I don't discourage you, but rather make sure you are aware that this is
> > a task that will take time to work out.
>
> Bloody pessimists :o)
>
> Hmm ... I didn't realise it'd be so much work to shut off everything except
> what I want to allow :s
Bloody
P2P-programmers-giving-people-that-don't-know-anything-about-networking-the-tools-to-entirely-subvert-network-security-without-them-having-to-even-think-once-about-it is more like it. It's actually a very significant issue at colleges across the world (or at least the US, I assume the world).
Here's a thought, bandwidth throttling might not be as hard to do and
would keep the port from jumping. You could throttle the P2P port being
used to 3K of bandwidth and that's going to discourage large usage, but
not cut it entirely.
JSR/
More information about the K12OSN
mailing list