[K12OSN] old proxy by-pass prob
Shawn Henderson
shawn at techcoms.net
Mon Jun 7 13:03:54 UTC 2004
Here is a nice resource to keep you a little ahead of the game.
www.antiproxy.com Subscribe to this site and you will get allot of info on
how you can by pass your proxy or anyone elses. Just start blocking them..
----- Original Message -----
From: <k12osn at collinsoft.com>
To: "Support list for opensource software in schools." <k12osn at redhat.com>
Sent: Sunday, June 06, 2004 6:40 PM
Subject: Re: [K12OSN] old proxy by-pass prob
> On Sun, 6 Jun 2004, Bert Rolston wrote:
> > Aw shucks, just keep an eye out for one site that seems to be getting
> > extra attention.
> >
> > There are flaws in the circumventor strategy.
> >
> > 1) It relies on someone in the censored environment with sufficient
> > ability to install the software on their personal machine outside of the
> > censored environment. The censored environment may be a home, school, or
> > country.
> >
> > 2) The circumventor machine has to be uncensored, or the censoring
> > software has to be disabled.
>
> With the proliferation of cable/DSL connections, this is getting easier
> and easier, and most parents are pretty ingorant when it comes to their
> computer.
>
> > 3) The circumventor machine has to be on a permanent connection, so the
> > address won't change. This will show up in your proxy logs, once it
> > does, BLOCK IT!
>
> Even with dial-up you can use a service such as http://www.no-ip.com/ or
> http://www.dyndns.org/. But wait, you can block those sites, but they
> could bring up the command line and ping the no-ip.com name and get their
> ip address. If command line is disabled, go to one of the various sites
> that give you net tools such as ping or traceroute, such as
> http://www.geektools.com/ and you can still find out the ip address.
>
> > If you have squidguard / dansguardian running on the firewall/proxy will
> > the circumventor machine be able to bypass that filtering?
> >
> > The peacefire site only mentions machines with locally installed
> > filtering software like Net Nanny.
>
> Since circumventor traffic is encrypted with SSL, Dans Guardian wouldn't
> be able to see the data to filter it. SquidGuard could if you check your
> logs and start blocking access to IPs. In a small enough location you
> could conceivably block most of the dial-up and broadband ip addresses.
>
> You could run something like this:
> http://www.jmarshall.com/tools/cgiproxy/
> at home with SSL and be able to surf anywhere. In fact, I haven't figured
> out how to force them to make sure every site they're visiting goes
> through our filter. The best that I've figured out is to make sure you can
> use you logs to tell you exactly who was using what computer when and what
> websites they visited.
>
> Anyway, you can't rely on technology for this one, unless you go to
> whitelists and block everything else.. :-)
>
> --
> Ryan Collins
> Technology Coordinator - Kenton City Schools
> http://www.kentoncityschools.org
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
More information about the K12OSN
mailing list