[K12OSN] Filtering OT

John Lucas mrjohnlucas at gmail.com
Wed Mar 28 16:07:42 UTC 2007 

On Wednesday 28 March 2007 11:26, Roger wrote:
> On 3/27/07, Mel Wade <mel at melwade.com> wrote:
> > I'm looking for a way to successfully block https://www.proxify.com   Any
> > ideas?
>
...
>
> If you're using squid, try looking through the log files.  Look for
> 'proxy' 'tunnel' 'anonymous' for sites the students get to.
> What about 'legit' sites, take a look at:
> http://www.AllAboutAbe.com/
> click on the 'abe' pic in the upper left.
> there are literally thousands of sites out there for bypassing proxy
> servers.  Every once in a while, I'll browse the logs and add a dozen
> to the list of sites being blocked.
> That first one with nph-proxy.cgi, if you google that, there's a site
> where that software is being distributed.  Quite a few people use the
> default names, so blockin nph-proxy.cgi in the URL would cover all of
> those.  There's one site, oregonlive.com that for some reason uses
> that software.
>

Those are good ideas. 

A number of years ago I used "Webalizer" to summarize my proxy logs and turned 
up proxy tunnels due to the large amount of traffic going to a single 
address, which I then checked out with "dig". Since students pass the same 
info around, the same tunnel gets used and the result turns up in the log 
analysis. So a typical pattern would be that as you close one tunnel, another 
gets used which in turn shows up in the logs. Some of the proxy tunneling 
sites had left their DNS server insecure, so sometimes I was able to suck the 
entire zone file down with "dig @authoritativeNS domain.name axfr". You find 
the authoritative name server for a domain with "dig domain.name ns". If you 
have only an IP address, try the inverse lookup "dig -x 
dot.ted.decimal.address" and see if a domain is listed (not as common as it 
used to be).

-- 
        "History doesn't repeat itself; at best it rhymes."
                        - Mark Twain

| John Lucas                          MrJohnLucas at gmail.com               |
| St. Thomas, VI 00802                http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W                        AST (UTC-4)                         |

More information about the K12OSN mailing list