Website using port 85

[James Wilkinson]

Deron Meranda wrote:
> Ah, the fun of companies that like to port-block and proxy
> everything because of the feeling of power it gives them.

Or know that they've got limited bandwidth and want to save it for stuff
that is either low-bandwidth or work-related (preferably both).

And no, it *isn't* necessarily cheaper just to buy more bandwidth.

> In general, it's usually pretty easy to get around a firewall, as
> long as you control something on each side.  No matter how
> small of a hole the firewall has, with patience, you can
> squeeze elephants through it.  (And a firewall has to have a
> hole of some sort, or it's just a concrete block, not a firewall).
> But it's all still very annoying.

And you don't have plausible deniability. If you have a
carefully-constructed tunnel running over HTTP through a proxy, it's
fairly obvious that you're trying to circumnavigate the firewall. And if
that proxy has suitable logging and analysis (length of connection,
number of connections, amount of traffic), there's a good chance your
tunnel will become obvious.

> Depending on how determined your obstacles are, be aware that
> they may run invisible proxies.  Even for SSL.  So if you really
> want to be invisible, use ssh (and validate your server keys!)
> or set up real SSL on your Apache server, and then be sure to
> check the SSL certificate on your browser to make sure there's
> no man-in-the-middle.

You aren't invisible.

IT staff can't read the data, but they can tell that the traffic is
there.

James.

-- 
James Wilkinson       | Whenever [Richard I] returned to England he always
Exeter    Devon    UK | set out again immediately for the Mediterranean and
E-mail address: james | was therefore known as Richard Gare de Lyon.
@westexe.demon.co.uk  |     -- '1066 and All That'