[K12OSN] Blocking http tunnel and ssh tunnel

M.Pribik mpribik at zoznam.sk
Wed Jun 8 22:27:25 UTC 2005 

This one is possible, but I would like to prefere some kind of blocks, maybe into iptables?
Thanks
  
  ----- Original Message ----- 
  From: Jon Spriggs 
  To: Support list for opensource software in schools. 
  Sent: Wednesday, June 08, 2005 8:46 PM
  Subject: Re: [K12OSN] Blocking http tunnel and ssh tunnel


  If it were me, I'd do the following.

  1) Install Snort on the K12 server. Launch a HTTP tunnel yourself and watch the traffic using snort.
  2) Configure snort to watch for that signature.
  3) Arrange for it to drop the log file into an e-mail hourly, daily or weekly, depending on how often it's happening.
  4) Enable "login recording" (I can't remember the exact local policy option - I can look it up for you if needed) on the Windows PC
  5) Confront the user who was logged in at the time in a subtle manner first (such as, look kid - the rules are there for a reason) then the heavier handed approach (do you want me to bring in your parents) followed by the sledgehammer (OK, let's see the headmaster) and if that doesn't work get the police (there's probably some sort of "Misuse of computing" laws? perhaps if you speak to the officers and let them know that you initially want to frighten the lad into behaving, and if that's doesn't work, you'll want to start the formal route) 

  Remember, most of the best white hats started as black hats - if you teach this kid the meaning of right and wrong now (and most importantly, this stuff can be monitored) then hopefully, he'll ease off.

  Perhaps if you show him how you caught him, he'll show more interest in the legitimate side of this game?

  And of course, it's not necessarily a guy - I'm just using the male gender for illustration purposes.

  Regards,

  Jon "The Nice Guy" Spriggs.

   
  On 08/06/05, M.Pribik <mpribik at zoznam.sk> wrote: 
    Is it possible to block "http tunnel" and "ssh tunnel" created by students on Windows desktop PCs? The Internet traffic of the Window desktops are going through K12LTSP server and HTTP traffic is filtered by Dansguardian. The tunnels can override the filter! 
     Thank you, Marian


    _______________________________________________
    K12OSN mailing list
    K12OSN at redhat.com 
    https://www.redhat.com/mailman/listinfo/k12osn
    For more info see < http://www.k12os.org>



  -- 
  Jon "Four Star Gun" Spriggs AKA
  Jon "The Nice Guy" Spriggs 


------------------------------------------------------------------------------


  _______________________________________________
  K12OSN mailing list
  K12OSN at redhat.com
  https://www.redhat.com/mailman/listinfo/k12osn
  For more info see <http://www.k12os.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20050608/96d2b3ad/attachment.htm>

More information about the K12OSN mailing list