On 14 Feb 2002 at 14:57 +0100, Jean-Francois JOLY wrote:
> Basically this is a free tunneling service over HTTP that you can
> run on your workstation to bind a local port to an internet
> host/port. Does anyone have a quick response to this kind of
> application, especially this one ?
You can block CONNECT on your proxy or at least limit it to some
reasonable ports (e.g. 443). If your proxy can identify SSL
connections, activate this. If you able to detect some pattern in
the tunnel and your proxy can filter based on this: use it.
But be aware that if you users are able to transfer random data via
any protocol, they can tunnel ip over it. That's it. There are ip
tunnels over http, email, icmp, whatever. As you usually can't work
with a whitelist filter on a proxy for it all this is a problem not
be solved on the technical layer alone.
MfG/best regards, helmut springer "Freedom's just another word
for nothing left to lose"
- From: Jean-Francois JOLY <email@example.com>