On Thu, February 21, 2008 10:37 pm, Neil Schneider wrote: > > Lan Barnes wrote: >> >> On Thu, February 21, 2008 4:03 pm, SJS wrote: >>> Then I think you're doomed. If they're forcing you to use a proxy >>> server, then they've presumably locked down all outgoing traffic from >>> your subnet except to the server(s). (Incoming traffic too, but that's >>> only to be expected.) >>> >>> >> >> Can I try the port 80 trick? "I'm just an innocent packet going out to >> ping a return of very important ... umm .... MARKETING information -- >> yeah, that's the ticket -- marketing information from a web server I >> know >> in Point Loma." > > If they are using a true proxy, which I think is likely, then you must use > http protocol out port 80. The point of an application proxy firewall in a > secure network environment is to do exactly what Stewart was suggesting, > examine every packet and make sure it's the right protocol for that > application. If it's not an http packet then you can't proxy it at the > application level, so it shouldn't work. That's why they're called > application > proxies. Proxy firewalls that are well managed, and by reports I hear > Sony's > are, are very difficult to bypass. If there's a proxy for it, that's the > default way to get out of that port. If there's no proxy, that port is > closed. > > Josh alluded to using https port 443, which is probably a good plan. Since > it's already encrypted, and since you can't really proxy an ssl > connection, > it's more likely to slip past the egress filtering. > > But, you have a second filter on your home ISP network. I believe the > cable > companies filter incoming 25, 80 and probably some other ports. I don't > recall > hearing if they filter 443. > > So I would second Josh's advice. Run your sshd on port 443 and use that as > tunnel back to home. If that doesn't work, wait until you go home to read > email. >
OK. I surrender (443 already tried). I have learned. This is good. I know when to quit (the effort, not the job). This, too, is good. The thread may close for all of me. I'll use IMAP for mutt at home, squirrelmail for reading from work, and life is OK if not good. -- Lan Barnes SCM Analyst Linux Guy Tcl/Tk Enthusiast Biodiesel Brewer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
