[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Bypassing proxies

> -----Original Message-----
> From: Phillip Hofmeister [mailto:plhofmei@zionlth.org]
> Sent: Tuesday 19 November 2002 15:30
> Cc: debian-security@lists.debian.org
> Subject: Re: Bypassing proxies
> On Tue, 19 Nov 2002 at 02:48:04PM +0100, DEFFONTAINES Vincent wrote:
> > Wondering if some people know of some "content-aware" 
> proxies/filters, to
> > attempt to block [some of] those dangerous products (apart 
> from maintaining
> > a black-list...)
> If you allow out FTP I will be able to start an SSH 
> connection over port
> 20 (FTP-Data) and it will look like a binary data transmission on any
> network sniff.

I would say it should not look like it.
I may be wrong but on a ftp binary connection, "most" of the data goes on
only one sense. And the data that goes back is checksum, etc, therefore
could be calculated and checked by the proxy.
A ssh or even a telnet connection is more "asymetric" than that, you cannot
calculate the content of a packet from another.
That kind of check wouldn't make things impossible for someone who wants to
bypass a proxy, they would just need to send more data to encapsulate his

> In reality I am forwarding a local port to a remote
> squid proxy and instructing IE, Netscape or the browser of choice
> to proxy through the local port.  Finding a solution to block 
> something
> like this (similiar to what you mentioned above) may be difficult...
> If you find something, please let me know...
> -- 
> Phil
> PGP/GPG Key:
> http://www.zionlth.org/~plhofmei/
> wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
> --
> Excuse #236: microelectronic Riemannian curved-space fault in 
> write-only file system 

Reply to: