dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
187
share rss forum feed

brianiscool

join:2000-08-16
Miami, FL
kudos:1

darn

So, when I have kids I am going to block every port.

Except port 80 and 53.


Simba7
I Void Warranties

join:2003-03-24
Billings, MT

1 recommendation

Good luck with that. There's ways to tunnel via port 80 and 53.

Why do you think I have my network designed like I do? Because I have 2 little geniuses that could, eventually, find their way through the roadblocks I've set.

Of course, teaching responsibility and ethical hacking are key to preventing the feds from knocking down your door.

brianiscool

join:2000-08-16
Miami, FL
kudos:1
I will filter L2P and block VPN tunnels .


Simba7
I Void Warranties

join:2003-03-24
Billings, MT
said by brianiscool:

I will filter L2P and block VPN tunnels .

..and you think it's just that easy?

The only way I was able to was to put a Squid proxy for port 80, but it doesn't work well for port 443 (HTTPS).

foxyshadis

join:2004-05-16
Modesto, CA
reply to brianiscool
You'll probably have to completely block the internet, and run a DNS server and HTTP/S proxy on your PC. (With the certificates to make HTTPS proxying work.) Then you just have to hope they never find a way to hijack your PC or firewall while you're gone....

You'd be surprised how similar to HTTP new tunnels are. There's no way to block them piecemeal without blocking real traffic.

Or just run driftnet, networkminer, or wireshark 24/7 and punish appropriately...