> > Wondering if some people know of some "content-aware" proxies/filters, to > > attempt to block [some of] those dangerous products (apart from maintaining > > a black-list...) > If you allow out FTP I will be able to start an SSH connection over port > 20 (FTP-Data) and it will look like a binary data transmission on any > network sniff. In reality I am forwarding a local port to a remote > squid proxy and instructing IE, Netscape or the browser of choice > to proxy through the local port. Finding a solution to block something > like this (similiar to what you mentioned above) may be difficult... > > If you find something, please let me know... >
I've bypassed proxies before (check out DESPROXY on freshmeat). One possible way to deal with it is to require an authentication method that the bypass doesn't understand. A
