On Mon, 5 Sep 2005, Lasse [iso-8859-1] Mørk wrote:
It seems, like they are using a software called loophole (
http://www.loopholesoftware.com ) !!
One of many.. this particular one runs encrypted SOCKS ontop of an HTTP
tunnel. There is several others, each with their own encapsulation. The
perhaps worst in terms of security runs PPP ontop of HTTP providing a
fully functional bidirectional link..
Damnit..
All you need to cure this is
a) A "terms of use" agreement and "security policy" allowing you to take
action to the persons abusing the service / violating the security policy.
b) Monitor the Internet usage, and when finding users of loophole or
other firewall piercing tools / filter avoidance tools take suitable
action on these persons.
then (provided the action taken is sufficiently strong but not
unmotivated) there won't be many attemting to do this after the first
one getting caught..
As indicated in my previous message identifying these tunnels is not
impossible, but a little practice may be needed as these tunnel softwares
often intentionally tries to masquerade themselves as legit traffic.
Regards
Henrik