Re: httport 3snf

[Devdas Bhagat <dvb () users sourceforge net>]

On 21/10/02 09:56 -0400, Robert E. Martin wrote:
> Hi there.
> We run Redhat 6.0 with ipchains and have been able to block AIM and 
Ouch, an old .0 release od Redhat. Hopefully, it has been patched and
kept up to date.

> others with this system quite effectively, however, our students here 
> have discovered HTTport 3.snf to bypass our proxy server using a SSL 
Why not enforce policy on desktops?

> connection. Is there a way to stop this without bringing the rest of the 
> newtork to it's knees? I have been unable to sniff the packets 
Pretty much a FAQ. This is a social problem and should preferably be
solved by social means (read AUP).
Working around this technically is usually painful.

> successfully enough to find out what ip address the host ssl server is, 
> but I am able to launch the program on my local machine, sniff the 
You could use a SSL proxy, which intercepts SSL requests, and makes an
outbound SSL connection on behalf of the user.
See the Zorp proxy.

> packets and see that the first thing that happens is a DNS Request. Can 
> I block DNS requests for a specifid url, ipaddress or other entry via 
> IPCHAINS?
No, but you can block them using your DNS server. Just make your server
authoritative for AOL/MSN/Yahoo, and resolve all these domains to
127.0.0.1

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards