can Hopster traffic be blocked?

• Next in thread: ERACC: "Re: can Hopster traffic be blocked?"
• Reply: ERACC: "Re: can Hopster traffic be blocked?"
• Reply: whiplash: "Re: can Hopster traffic be blocked?"
• Reply: Pablo Gietz: "Re: can Hopster traffic be blocked?"
• Reply: lonely wolf: "Re: can Hopster traffic be blocked?"
• Maybe reply: Charles Weidner (Accenture): "RE: can Hopster traffic be blocked?"
• Maybe reply: Prakash Purushotham: "Re: can Hopster traffic be blocked?"
• Maybe reply: Alan Hicks: "RE: can Hopster traffic be blocked?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com
Date: Wed, 04 Aug 2004 10:35:04 +0530

Current setup:

RH9 all patches current
iptables set to deny all direct traffic out except to a select few
squid with acls to allow only http(s)/ftp, more acls to allow access to
msn/yahoo.

Problem:

Some users have installed hopster and are able to connect to messenger
servers even if they are not listed under the "chat access" acls.

The following site has some information on hopster and similar software.
http://www.hackingspirits.com/eth-hac/prf-of-conc/bypass-fw/PoF01/bypass-fw-sock.html

I have tried in vain to block traffic using iptables. I tried INPUT
filter on traffic coming in from port 1863 (for example), under the
assumption that the messenger server has to reply to hopster requests. I
have tried blocking FORWARDs again, based on source port 1863 on the
external interface.

My last resort (administrative) is to invoke the rule that no
unauthorized software be installed on the systems.

Any suggestions on how I can block hopster (and other similar socks
based tunneling applications) from tunnelling out.

• Next in thread: ERACC: "Re: can Hopster traffic be blocked?"
• Reply: ERACC: "Re: can Hopster traffic be blocked?"
• Reply: whiplash: "Re: can Hopster traffic be blocked?"
• Reply: Pablo Gietz: "Re: can Hopster traffic be blocked?"
• Reply: lonely wolf: "Re: can Hopster traffic be blocked?"
• Maybe reply: Charles Weidner (Accenture): "RE: can Hopster traffic be blocked?"
• Maybe reply: Prakash Purushotham: "Re: can Hopster traffic be blocked?"
• Maybe reply: Alan Hicks: "RE: can Hopster traffic be blocked?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: can Hopster traffic be blocked? ... > iptables set to deny all direct traffic out except to a select few ... > squid with acls to allow only http/ftp, more acls to allow access to ... > The following site has some information on hopster and similar software. ... prefer to do at their homes for faster connection) saving almost the ... (Focus-Linux) Re: can Hopster traffic be blocked? ... > iptables set to deny all direct traffic out except to a select few ... > The following site has some information on hopster and similar software. ... I bet all my weekend beers that the only way out is content filtering ... look for open proxy servers to chain with, ... (Focus-Linux)