> -----Original Message----- > From: Phillip Hofmeister [mailto:[EMAIL PROTECTED] > Sent: Tuesday 19 November 2002 15:30 > To: DEFFONTAINES Vincent > Cc: debian-security@lists.debian.org > Subject: Re: Bypassing proxies > > > On Tue, 19 Nov 2002 at 02:48:04PM +0100, DEFFONTAINES Vincent wrote: > > Wondering if some people know of some "content-aware" > proxies/filters, to > > attempt to block [some of] those dangerous products (apart > from maintaining > > a black-list...) > If you allow out FTP I will be able to start an SSH > connection over port > 20 (FTP-Data) and it will look like a binary data transmission on any > network sniff.
I would say it should not look like it. I may be wrong but on a ftp binary connection, "most" of the data goes on only one sense. And the data that goes back is checksum, etc, therefore could be calculated and checked by the proxy. A ssh or even a telnet connection is more "asymetric" than that, you cannot calculate the content of a packet from another. That kind of check wouldn't make things impossible for someone who wants to bypass a proxy, they would just need to send more data to encapsulate his messages... > In reality I am forwarding a local port to a remote > squid proxy and instructing IE, Netscape or the browser of choice > to proxy through the local port. Finding a solution to block > something > like this (similiar to what you mentioned above) may be difficult... > > If you find something, please let me know... > > -- > Phil > > PGP/GPG Key: > http://www.zionlth.org/~plhofmei/ > wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import > -- > Excuse #236: microelectronic Riemannian curved-space fault in > write-only file system >
