RE: Bypassing proxies
> -----Original Message-----
> From: Phillip Hofmeister [mailto:plhofmei@zionlth.org]
> Sent: Tuesday 19 November 2002 15:30
> To: DEFFONTAINES Vincent
> Cc: debian-security@lists.debian.org
> Subject: Re: Bypassing proxies
>
>
> On Tue, 19 Nov 2002 at 02:48:04PM +0100, DEFFONTAINES Vincent wrote:
> > Wondering if some people know of some "content-aware"
> proxies/filters, to
> > attempt to block [some of] those dangerous products (apart
> from maintaining
> > a black-list...)
> If you allow out FTP I will be able to start an SSH
> connection over port
> 20 (FTP-Data) and it will look like a binary data transmission on any
> network sniff.
I would say it should not look like it.
I may be wrong but on a ftp binary connection, "most" of the data goes on
only one sense. And the data that goes back is checksum, etc, therefore
could be calculated and checked by the proxy.
A ssh or even a telnet connection is more "asymetric" than that, you cannot
calculate the content of a packet from another.
That kind of check wouldn't make things impossible for someone who wants to
bypass a proxy, they would just need to send more data to encapsulate his
messages...
> In reality I am forwarding a local port to a remote
> squid proxy and instructing IE, Netscape or the browser of choice
> to proxy through the local port. Finding a solution to block
> something
> like this (similiar to what you mentioned above) may be difficult...
>
> If you find something, please let me know...
>
> --
> Phil
>
> PGP/GPG Key:
> http://www.zionlth.org/~plhofmei/
> wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
> --
> Excuse #236: microelectronic Riemannian curved-space fault in
> write-only file system
>
Reply to: