Henrik Nordstrom schrieb:
>
>Note: The suggested default rules restricts CONNECT to only two well
>known SSL ports for good reasons..
>
OK, but still this does not prevent the scenario of people connecting
via the proxy to a ssh server running on port 443.
Actually if you look around a bit it seems that half the school kids and
university students use similar setups to connect to their home pcs from
inside the institution.
To block this, a small inspector that checks the incoming proxy ssl
traffic if it is really ssl would be enough. I wonder if anybody has
written such a thing already ?
Jakob Curdes
Received on Wed Apr 05 2006 - 16:39:37 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT