Proof positive that they're not all mindless IM addicts with no technical know-how. I got an email this morning from one of our field techs letting me know that the students at one of the high schools had found a way around our filtering system.* www.myfreeproxy.com We already block access to the web site (by blocking N2H2's category of 'proxies and anonymizers'), but you can put their web server name into your browser as a proxy server and ZWOOP! go right around the filter.

Well, not any more. The site myfreeproxy.com looks like a very small-scale operation; it all appears to be behind a single public IP: 72.232.218.83. (There may be multiple servers behind a load balancer, but we're definitely not talking about a big server farm.) I poked at it several different ways (packet traces while using the service, repeated DNS queries, etc) and always came up with the same IP. This made blocking it trivial: drop a DENY rule in the firewalls for any traffic destined for 72.232.218.83.

I wrote the tech telling him that the hole had been plugged and to, please, let me know when the kids figure out the next free proxy service.

---

* Not technically our system; it's an N2H2 filtering appliance farm run by the state and we have delegated local control.