On Wed, 17 Sep 2003, Federico Sevilla III wrote: > On Wed, Sep 17, 2003 at 01:17:53PM +0800, ian sison (mailing list) wrote: > > On Wed, 17 Sep 2003, Federico Sevilla III wrote: > > > an HTTP proxy? You can then set up a Squid proxy server and go > > > through it as long as it supports CONNECT for port 6667, which > > > should be enabled in the default setup anyway. > > > > Software like this makes it hard for firewall maintainers vainly > > trying to block such applications.. > > I don't think so. AFAIK, X-Chat cannot tunnel through a firewall's port > 80 to an IRC server listening to port 6667 without a proxy server in > between. In situations where the firewall allows the proxy server to do > "anything", but doesn't allow direct access to machines without going > through the proxy server, the HTTP proxy solution works because default > Squid installations allow CONNECT for SSL_ports, which include the > unregistered ports from 1025 to 65535. > > So a firewall/proxy maintainer can simply remove the unregistered ports > range from the ACLs that allow CONNECT, or deny CONNECT for specific > known ports like the IRC ports 6666 and 6667. I don't think this is as > "bad" as the other P2P clients that actually tunnel through port 80. >
I guess so. I haven't fiddled with that ACL in squid yet. (sigh) so many leaks to cover. Although the discussion on the p2pwall looks promising. It may be an interesting experiment. :) -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
