Re: can Hopster traffic be blocked?

From: ERACC (eracclists_at_bellsouth.net)
Date: 08/04/04

  • Next message: whiplash: "Re: can Hopster traffic be blocked?" 
    To: focus-linux@securityfocus.com
Date: Wed, 4 Aug 2004 11:33:24 -0500

    On Wednesday 04 August 2004 00:05
    Prakash Purushotham wrote:

    [...]
    > The following site has some information on hopster and similar
    > software.
    > http://www.hackingspirits.com/eth-hac/prf-of-conc/bypass-fw/PoF01/b
    >ypass-fw-sock.html

    Evil.

    > I have tried in vain to block traffic using iptables. I tried INPUT
    > filter on traffic coming in from port 1863 (for example), under the
    > assumption that the messenger server has to reply to hopster
    > requests. I have tried blocking FORWARDs again, based on source
    > port 1863 on the external interface.

    Won't work. All the traffic is tunneled through the SOCKS connection
    with hopster.

    > My last resort (administrative) is to invoke the rule that no
    > unauthorized software be installed on the systems.

    Do this. This should be a default policy for most businesses these
    days with all the adware, spyware and other trashware that abound. We
    have clients that had to implement this as a policy and tie the
    employees' continued employment to compliance.

    > Any suggestions on how I can block hopster (and other similar socks
    > based tunneling applications) from tunnelling out.

    I don't know any but someone else might. I look forward to other
    replies.

    Gene 

    -- 
Linux era4.eracc.UUCP 2.4.22-28mdkenterprise i686
 11:24:44 up 158 days,  5:23, 12 users,  load average: 0.06, 0.06, 0.01
ERA Computer Consulting - http://www.eracc.com/
eCS, OS/2, Mandrake GNU/Linux, OpenServer & UnixWare resellers
  • Next message: whiplash: "Re: can Hopster traffic be blocked?"

    Relevant Pages

    • Re: can Hopster traffic be blocked?
      ... > based tunneling applications) from tunnelling out. ... Ok, I downloaded this hopster, installed it on a win box, started ... Then i started some applications, like an irc client and configured them to ... a simple acl that denies the CONNECT method ...
      (Focus-Linux)
    • Re: can Hopster traffic be blocked?
      ... added it in the banned sites acl. ... I wonder whether hopster uses just one server. ... >> based tunneling applications) from tunnelling out. ... > tcpdump and ehereal are often the syadmin best friends. ...
      (Focus-Linux)