[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FA2A494.5040205@venom600.org>
From: venom at venom600.org (Ben Nelson)
Subject: Proxies
Blocking all internal->external traffic and then allowing ONLY the
needed services from the necessary hosts is the best way to stop this
sort of abuse. Then, using a web proxy that filters web content and
only understands HTTP (to prevent other services from being tunneled
over port 80), you should be good to go.
--Ben
Earl Keyser wrote:
> Help needed, please.
>
> We use all cisco networking gear. Currently using a cisco cache engine
> with SmartFilter to "manage" the surfing for our staff/students. As
> usual, the little devils figured a way to get around it.
>
> They went to Google, entered "open proxy list" and bingo-bango. From
> this list they found open proxies to use in IE.
>
> Besides suspending them, we made one technological change. Outgoing
> ports 8000, 8080, 8888 and 3128 are now blocked at the firewall.
>
> Can anyone suggest further refinements to reduce this kind of abuse? I
> know some proxies run on port 80, but I'll have to live with that.
>
> TIA
>
> Earl
>
> Earl Keyser, Network Specialist
> Wayzata Public Schools
> 763-745-5105
>
> "Unix IS user-friendly. It's just picky about who its friends are."
>
>
> This outbound message has been scanned for viruses by ISD#284.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists