Re: httport 3snf

[Christopher Hicks <chicks () chicks net>]

On Mon, 21 Oct 2002, Robert E. Martin wrote:
> We run Redhat 6.0 with ipchains and have been able to block AIM and
> others with this system quite effectively, however, our students here
> have discovered HTTport 3.snf to bypass our proxy server using a SSL
> connection. Is there a way to stop this without bringing the rest of the
> newtork to it's knees? I have been unable to sniff the packets
> successfully enough to find out what ip address the host ssl server is,
> but I am able to launch the program on my local machine, sniff the
> packets and see that the first thing that happens is a DNS Request. Can
> I block DNS requests for a specifid url, ipaddress or other entry via
> IPCHAINS?

If you know the IP of the SSL host they're connecting to why not just 
block that?  (And you might want to seriously consider a newer version of 
Red Hat.  iptables is easier to deal with than ipchains for instance.)

-- 
</chris>

Recently, I was asked if I was going to fire an employee who made a
mistake that cost the company $600,000.  No, I replied, I just spent
$600,000 training him. Why would I want somebody to hire his experience?
                -Thomas J.  Watson, industrialist (1874-1956)

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards