michael.holstein at csuohio.edu
Thu Sep 29 20:09:27 GMT 2005
> We’ve been having difficulty getting a lid on our students that are
> bypassing our content filtering with proxy services such as proxify and
> now…a service call WebShell4. I’m curious, has anyone had an issue with
> this sort of thing, and if so, would you mind talking with me about any
> solutions you might have implemented? Thanks…
It's impossible to implement technical solutions to what are management
problems. That said ...
I'd use a Snort sig to identify proxied HTTP requests (there are some on
bleedingsnort). Then I'd blackhole them on the firewall.
Since you mention two services specifically, install them yourself,
figure out what networks they talk to, use whois to find out how big
that netblock is, then block it.
You can even deal with the encrypted ones this way.
Personally .. I'd make a note of who's using them ahead of time .. then
monitor those users specifically because they'll try to find other ways
once you block the first. Knowing what they're trying will allow you to
stay ahead of the game.
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog