[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bypassing proxies

Some companies sell products such as this :
that any clueless user can install with the help of 3 mouse clicks on their

It autodetects proxy settings, creates an HTTP tunnel through corporate
proxy to software editor companyserver, so you can read your email from
everywhere... and so possibly the editor company or any bad guy having
rooted them get easy access to your internal network.

Wondering if some people know of some "content-aware" proxies/filters, to
attempt to block [some of] those dangerous products (apart from maintaining
a black-list...)

Certainly, it will always be possible to encapsulate anything in HTML very
sharply, but some filtering could be made still? 

ie, If a HTTP or HTTPS connection takes "too long" it should be dropped by
and many checks could be made by proxy to validate content, which I am not
sure are checked by products such as squid? 
(Maybe even run a browser on the proxy and have it check it is able to
display what goes through? sounds a bit freak, doesn't it?)

By the way, I am really starting to wonder if running a HTTPS proxy is
really reasonable...


 .''`.                            | Vincent Deffontaines
: :'  :   Debian GNU/Linux        | Network Administrator
`. `~'    http://www.debian.org   | Council of Europe

Reply to: