netcurmudgeon (netcurmudgeon) wrote,

  • Mood:
  • Music:

Oh those pesky kids.

Proof positive that they're not all mindless IM addicts with no technical know-how. I got an email this morning from one of our field techs letting me know that the students at one of the high schools had found a way around our filtering system.* We already block access to the web site (by blocking N2H2's category of 'proxies and anonymizers'), but you can put their web server name into your browser as a proxy server and ZWOOP! go right around the filter.

Well, not any more. The site looks like a very small-scale operation; it all appears to be behind a single public IP: (There may be multiple servers behind a load balancer, but we're definitely not talking about a big server farm.) I poked at it several different ways (packet traces while using the service, repeated DNS queries, etc) and always came up with the same IP. This made blocking it trivial: drop a DENY rule in the firewalls for any traffic destined for

I wrote the tech telling him that the hole had been plugged and to, please, let me know when the kids figure out the next free proxy service.

* Not technically our system; it's an N2H2 filtering appliance farm run by the state and we have delegated local control.

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment