Re: can Hopster traffic be blocked?

From: Prakash Purushotham (prakashp_at_bigfoot.com)
Date: 08/07/04

  • Next message: Alan Hicks: "RE: can Hopster traffic be blocked?"
    To: focus-linux@securityfocus.com
    Date: Sat, 07 Aug 2004 22:19:11 +0530
    
    

    Thanks whiplash, I had infact used tcpdump to track down that IP and
    added it in the banned sites acl. Problem solved ... atleast for the
    time being. Sorry I was not prompt enough to post it here.

    I wonder whether hopster uses just one server. I would be doing some
    more tcpdump'ing to check whether other servers are being used.

    > From: whiplash <whiplash@despammed.com>
    > To: focus-linux@securityfocus.com
    > Subject: Re: can Hopster traffic be blocked?
    > Date: Thu, 05 Aug 2004 01:22:35 +0200
    >
    > Prakash Purushotham wrote:
    >
    > > Any suggestions on how I can block hopster (and other similar socks
    > > based tunneling applications) from tunnelling out.
    >
    > tcpdump and ehereal are often the syadmin best friends. :)
    >
    > Ok, I downloaded this hopster, installed it on a win box, started
    > squid on my home linux firewall, putted a rule in FORWARD chain to
    > drop packets coming from the win box and then I started to observe.
    > hopster wasn't apparently able to automatically detect the squid proxy, so
    > I manually configured it.
    > Then i started some applications, like an irc client and configured them to
    > use the localhost socks proxy that hopster binded.
    >
    > Ok: what did ethreal showed me?
    > First: in all tests I've performed, hopster seems to use just one remote
    > http tunneler:
    >
    > CONNECT 62.116.83.62:443 HTTP/1.0
    >
    > If this observation is correct, a simple acl that denies the CONNECT method
    > to 62.116.83.62 should be suficient.
    > Moreover: despite of the port showed above, the traffic isn't actually
    > ssl-tunneled:
    <snipped>

    Best regards
    Prakash


  • Next message: Alan Hicks: "RE: can Hopster traffic be blocked?"

    Relevant Pages

    • Re: can Hopster traffic be blocked?
      ... > based tunneling applications) from tunnelling out. ... Ok, I downloaded this hopster, installed it on a win box, started ... Then i started some applications, like an irc client and configured them to ... a simple acl that denies the CONNECT method ...
      (Focus-Linux)
    • Re: can Hopster traffic be blocked?
      ... > The following site has some information on hopster and similar ... This should be a default policy for most businesses these ... employees' continued employment to compliance. ... > based tunneling applications) from tunnelling out. ...
      (Focus-Linux)