Re: [fw-wiz] httport 3snf

From: Christopher Hicks (chicks@chicks.net)
Date: 10/21/02 

From: Christopher Hicks <chicks@chicks.net>
To: firewall-wizards@nfr.com, "Robert E. Martin" <rmartin@fishburne.org>
Date: Mon Oct 21 13:42:34 2002

On Mon, 21 Oct 2002, Robert E. Martin wrote:
> We run Redhat 6.0 with ipchains and have been able to block AIM and
> others with this system quite effectively, however, our students here
> have discovered HTTport 3.snf to bypass our proxy server using a SSL
> connection. Is there a way to stop this without bringing the rest of the
> newtork to it's knees? I have been unable to sniff the packets
> successfully enough to find out what ip address the host ssl server is,
> but I am able to launch the program on my local machine, sniff the
> packets and see that the first thing that happens is a DNS Request. Can
> I block DNS requests for a specifid url, ipaddress or other entry via
> IPCHAINS?

If you know the IP of the SSL host they're connecting to why not just
block that? (And you might want to seriously consider a newer version of
Red Hat. iptables is easier to deal with than ipchains for instance.) 

-- 
</chris>
Recently, I was asked if I was going to fire an employee who made a
mistake that cost the company $600,000.  No, I replied, I just spent
$600,000 training him. Why would I want somebody to hire his experience?
		-Thomas J.  Watson, industrialist (1874-1956)