Deron Meranda wrote: > Ah, the fun of companies that like to port-block and proxy > everything because of the feeling of power it gives them. Or know that they've got limited bandwidth and want to save it for stuff that is either low-bandwidth or work-related (preferably both). And no, it *isn't* necessarily cheaper just to buy more bandwidth. > In general, it's usually pretty easy to get around a firewall, as > long as you control something on each side. No matter how > small of a hole the firewall has, with patience, you can > squeeze elephants through it. (And a firewall has to have a > hole of some sort, or it's just a concrete block, not a firewall). > But it's all still very annoying. And you don't have plausible deniability. If you have a carefully-constructed tunnel running over HTTP through a proxy, it's fairly obvious that you're trying to circumnavigate the firewall. And if that proxy has suitable logging and analysis (length of connection, number of connections, amount of traffic), there's a good chance your tunnel will become obvious. > Depending on how determined your obstacles are, be aware that > they may run invisible proxies. Even for SSL. So if you really > want to be invisible, use ssh (and validate your server keys!) > or set up real SSL on your Apache server, and then be sure to > check the SSL certificate on your browser to make sure there's > no man-in-the-middle. You aren't invisible. IT staff can't read the data, but they can tell that the traffic is there. James. -- James Wilkinson | Whenever [Richard I] returned to England he always Exeter Devon UK | set out again immediately for the Mediterranean and E-mail address: james | was therefore known as Richard Gare de Lyon. @westexe.demon.co.uk | -- '1066 and All That'
