On Wed, Sep 17, 2003 at 01:17:53PM +0800, ian sison (mailing list) wrote: > On Wed, 17 Sep 2003, Federico Sevilla III wrote: > > an HTTP proxy? You can then set up a Squid proxy server and go > > through it as long as it supports CONNECT for port 6667, which > > should be enabled in the default setup anyway. > > Software like this makes it hard for firewall maintainers vainly > trying to block such applications..
I don't think so. AFAIK, X-Chat cannot tunnel through a firewall's port 80 to an IRC server listening to port 6667 without a proxy server in between. In situations where the firewall allows the proxy server to do "anything", but doesn't allow direct access to machines without going through the proxy server, the HTTP proxy solution works because default Squid installations allow CONNECT for SSL_ports, which include the unregistered ports from 1025 to 65535. So a firewall/proxy maintainer can simply remove the unregistered ports range from the ACLs that allow CONNECT, or deny CONNECT for specific known ports like the IRC ports 6666 and 6667. I don't think this is as "bad" as the other P2P clients that actually tunnel through port 80. --> Jijo -- Federico Sevilla III : http://jijo.free.net.ph : When we speak of free Network Administrator : The Leather Collection, Inc. : software we refer to GnuPG Key ID : 0x93B746BE : freedom, not price. -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
