[K12OSN] Filtering OT
mrjohnlucas at gmail.com
Wed Mar 28 16:07:42 UTC 2007
On Wednesday 28 March 2007 11:26, Roger wrote:
> On 3/27/07, Mel Wade <mel at melwade.com> wrote:
> > I'm looking for a way to successfully block https://www.proxify.com Any
> > ideas?
> If you're using squid, try looking through the log files. Look for
> 'proxy' 'tunnel' 'anonymous' for sites the students get to.
> What about 'legit' sites, take a look at:
> click on the 'abe' pic in the upper left.
> there are literally thousands of sites out there for bypassing proxy
> servers. Every once in a while, I'll browse the logs and add a dozen
> to the list of sites being blocked.
> That first one with nph-proxy.cgi, if you google that, there's a site
> where that software is being distributed. Quite a few people use the
> default names, so blockin nph-proxy.cgi in the URL would cover all of
> those. There's one site, oregonlive.com that for some reason uses
> that software.
Those are good ideas.
A number of years ago I used "Webalizer" to summarize my proxy logs and turned
up proxy tunnels due to the large amount of traffic going to a single
address, which I then checked out with "dig". Since students pass the same
info around, the same tunnel gets used and the result turns up in the log
analysis. So a typical pattern would be that as you close one tunnel, another
gets used which in turn shows up in the logs. Some of the proxy tunneling
sites had left their DNS server insecure, so sometimes I was able to suck the
entire zone file down with "dig @authoritativeNS domain.name axfr". You find
the authoritative name server for a domain with "dig domain.name ns". If you
have only an IP address, try the inverse lookup "dig -x
dot.ted.decimal.address" and see if a domain is listed (not as common as it
used to be).
"History doesn't repeat itself; at best it rhymes."
- Mark Twain
| John Lucas MrJohnLucas at gmail.com |
| St. Thomas, VI 00802 http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W AST (UTC-4) |
More information about the K12OSN