Re: [squid-users] BLock Http Tunnel from Tesla 13 on 2003-02-12 (squid-users)

From: Tesla 13 <tesla1313@dont-contact.us>
Date: Wed, 12 Feb 2003 06:11:11 -0500

If you consider like this, it is better to scan access log for abnormal
transfer sizes which would indicate tunneling sessions and block the target
hosts.

The question was "...block in squid proxy server".

Tesla

>From: Gavin Hamill <gdh@acentral.co.uk>
>To: squid-users@squid-cache.org
>Subject: Re: [squid-users] BLock Http Tunnel
>Date: Wed, 12 Feb 2003 10:55:45 +0000
>
>On Wednesday 12 February 2003 10:51 am, Tesla 13 wrote:
> > If the connection is to port 443, I don't think so.
> > Tesla
>
>There's always a way, it's just unlikely to be very elegant.
>
>For example, here 'a solution' would be to search the squid logs for any
>CONNECT methods on port 443, and try to establish an SSL connection and
>"GET
>/".
>
>If it really is a webserver, then it will at least reply with an HTTP
>message.
>If not, then you know you can add a firewall rule or squid ACL against that
>host :)
>
>gdh

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
Received on Wed Feb 12 2003 - 04:11:16 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:20 MST