| darn So, when I have kids I am going to block every port. 
Except port 80 and 53. |
|
 Simba7I Void Warranties
join:2003-03-24
Billings, MT | Good luck with that. There's ways to tunnel via port 80 and 53.
Why do you think I have my network designed like I do? Because I have 2 little geniuses that could, eventually, find their way through the roadblocks I've set.
Of course, teaching responsibility and ethical hacking are key to preventing the feds from knocking down your door. |
|
|
|
| I will filter L2P and block VPN tunnels . |
|
Simba7I Void Warranties
join:2003-03-24
Billings, MT | said by brianiscool:I will filter L2P and block VPN tunnels . ..and you think it's just that easy?
The only way I was able to was to put a Squid proxy for port 80, but it doesn't work well for port 443 (HTTPS). |
|
| reply to brianiscool
You'll probably have to completely block the internet, and run a DNS server and HTTP/S proxy on your PC. (With the certificates to make HTTPS proxying work.) Then you just have to hope they never find a way to hijack your PC or firewall while you're gone....
You'd be surprised how similar to HTTP new tunnels are. There's no way to block them piecemeal without blocking real traffic.
Or just run driftnet, networkminer, or wireshark 24/7 and punish appropriately... |
|
