You could use the http proxy functions to do this I believe.
if not, you could install a squid or other type of http proxy and make
people use that, and block port 80 altogether.
Look at the program 'http tunnel' lets people do what you are talking
about, and still make it look like http commands.
It's also common to have people setup their ssh or telnet on secure port
443, high ports ( > 1024 ) and anything you have enabled really.
The other thing to do, add it to your company policy that violators will
be punished. If the company doesn't go for that, start sniffing their
traffic and leaving their IP's, logins and passwords on their desks each
day. Ask them how they think the CTO or CEO would think of them working on
personal stuff all day.
/*
http://www.nocrew.org/software/httptunnel.html
httptunnel creates a bidirectional data channel through an HTTP proxy,
from your isolated computer behind a restrictive firewall, to a system on
the Internet you have access to.
*/
On Sat, 27 May 2000, JRay wrote:
>
> Hi all,
>
> Is there any way in FW-1 Ver 4.0 to block users from telneting or ftp'ing
> out on
> port 80? Port 80 is enabled for http access, and the users need telnet / ftp
> access to our DMZ. However they are also telneting out to boxes their own
> outside servers that are listening on port 80. So far FW-1 can't distinguish
> between an ftp/telnet session and an http session.
>
> Any suggestions?
>
> Thanks in advance!
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
Erik Parker
[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
