On 12/08/10 23:51, RB wrote: > Pretty much any port you allow out (or even SSL websites) raw will > have this problem and you'll never reach 100% closure. You can > approximate 100% with application proxies that monitor for and cut off > abberrant behavior, but they'll never be perfect.
indeed, bypassing corporate firewalls to allow ssh is a popular game, see the ssh via https trick which is now pretty much full automated in putty! http://dag.wieers.com/howto/ssh-http-tunneling/ this is a classic problem of trying to solve a policy/training situation using a partial technology hack, chances are you'll annoy legitimate users more than you'll prevent the dodgy practises. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
