Have anyone worked behind an IPCOP firewall? This is max security!! Kamiti style If you know of a free DNS please email me i try to play around thefirewall.
On Thu, Nov 19, 2009 at 10:09 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
Have anyone worked behind an IPCOP firewall?
This is max security!! Kamiti style
Perception, maybe! :-) It can't be that secure by default. Qualify your judgement.
If you know of a free DNS please email me i try to play around thefirewall.
opendns.org, perhaps?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
I have worked behind an open DNS setting and thats really insecure for techies can easily beat it,i did...But this(IPCOP) have proved hard for me.... Any free DNS? On Thu, Nov 19, 2009 at 10:35 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Thu, Nov 19, 2009 at 10:09 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
Have anyone worked behind an IPCOP firewall?
This is max security!! Kamiti style
Perception, maybe! :-) It can't be that secure by default. Qualify your judgement.
If you know of a free DNS please email me i try to play around thefirewall.
opendns.org, perhaps?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Thu, Nov 19, 2009 at 10:53 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
I have worked behind an open DNS setting and thats really insecure for techies can easily beat it,i did...But this(IPCOP) have proved hard for me....
Not sure I understand what you mean up there:)
Any free DNS?
I thought you wanted something like https://store.opendns.com/get/basic, no? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
Instance,content filter for this Firewall(It have one-Dansgurdian) has blocke You-Tube,wnat to go round the firewall/content filter and access You-tube.... The network's IP is on DHCP,my thinking is that the content filter blockes specified sites from the DHCP issued DNS,if i can get a free DNS,i think it will work..n i will b in You-tube.. Just want to try.. I think now u understand. On Thu, Nov 19, 2009 at 10:56 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Thu, Nov 19, 2009 at 10:53 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
I have worked behind an open DNS setting and thats really insecure for techies can easily beat it,i did...But this(IPCOP) have proved hard for me....
Not sure I understand what you mean up there:)
Any free DNS?
I thought you wanted something like https://store.opendns.com/get/basic, no?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Thu, Nov 19, 2009 at 11:39 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
Instance,content filter for this Firewall(It have one-Dansgurdian) has blocke You-Tube,wnat to go round the firewall/content filter and access You-tube....
Is there anything you configured once you installed the system or it does this by default?
The network's IP is on DHCP,my thinking is that the content filter blockes specified sites from the DHCP issued DNS,if i can get a free DNS,i think it will work..n i will b in You-tube..
That's not how Dansguardian works. IPCOP probably implements a transparent proxy which has Dansguardian integrated. You will NOT get round it as you still don't seem to understand how it works. The site blocking cannot be based on DNS at all. It's just likely that youtube content is by default blocked in IPCOP and resolving the domain using an alternate DNS does not alter the content, or the rule blocking it.
Just want to try..
I think now u understand.
I wish I did... -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
is it possible to solve the above with a reverse proxy On 19/11/2009, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Thu, Nov 19, 2009 at 11:39 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
Instance,content filter for this Firewall(It have one-Dansgurdian) has blocke You-Tube,wnat to go round the firewall/content filter and access You-tube....
Is there anything you configured once you installed the system or it does this by default?
The network's IP is on DHCP,my thinking is that the content filter blockes specified sites from the DHCP issued DNS,if i can get a free DNS,i think it will work..n i will b in You-tube..
That's not how Dansguardian works. IPCOP probably implements a transparent proxy which has Dansguardian integrated. You will NOT get round it as you still don't seem to understand how it works. The site blocking cannot be based on DNS at all. It's just likely that youtube content is by default blocked in IPCOP and resolving the domain using an alternate DNS does not alter the content, or the rule blocking it.
Just want to try..
I think now u understand.
I wish I did...
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
-- with Regards: Get your free technology e-magazine in pdf format: Tekniaonline: http://bit.ly/tekniaonline-2 Sterotyping: Abednego, tell the tribe by the name; visit the blog : http://gramware.blogspot.com
I dont think so. Reverse proxy ideally sits before you web servers to 'offload' some load from the web servers from the clients. I think the only way to beat content filtering is tunneling http traffic over ssl (so just add (s) to http, its that easy for servers running http over ssl). Most content filters I have met, apart from a few, cannot stop that. Try that from IPCOP and let us now. You could also try proxys sites -http://proxy.org/- (not sure if that is what you meant by reverse proxy), though most UTMs will have categories for blocking proxy sites. -----Original Message----- From: Dennis Kioko <dmbuvi@gmail.com> Reply-to: Skunkworks Forum <skunkworks@lists.my.co.ke> To: Skunkworks Forum <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] IPCOP Date: Thu, 19 Nov 2009 07:30:48 -0600 is it possible to solve the above with a reverse proxy On 19/11/2009, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Thu, Nov 19, 2009 at 11:39 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
Instance,content filter for this Firewall(It have one-Dansgurdian) has blocke You-Tube,wnat to go round the firewall/content filter and access You-tube....
Is there anything you configured once you installed the system or it does this by default?
The network's IP is on DHCP,my thinking is that the content filter blockes specified sites from the DHCP issued DNS,if i can get a free DNS,i think it will work..n i will b in You-tube..
That's not how Dansguardian works. IPCOP probably implements a transparent proxy which has Dansguardian integrated. You will NOT get round it as you still don't seem to understand how it works. The site blocking cannot be based on DNS at all. It's just likely that youtube content is by default blocked in IPCOP and resolving the domain using an alternate DNS does not alter the content, or the rule blocking it.
Just want to try..
I think now u understand.
I wish I did...
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
I meant http tunnelling! -- with Regards: Get your free technology e-magazine in pdf format: Tekniaonline: http://bit.ly/tekniaonline-2 Sterotyping: Abednego, tell the tribe by the name; visit the blog : http://gramware.blogspot.com
*IPCOP** And DansGuardian* is a hard nut to crack. I tried the secure port mode(adding the s=https),it seemed as if it would work but never..It keeps trying n eventually i get timed out. Thanks On Thu, Nov 19, 2009 at 5:45 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
I meant http tunnelling!
-- with Regards:
Get your free technology e-magazine in pdf format: Tekniaonline: http://bit.ly/tekniaonline-2
Sterotyping: Abednego, tell the tribe by the name; visit the blog : http://gramware.blogspot.com _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Fri, Nov 20, 2009 at 9:44 AM, Lawrence Kago <lawrencekago@gmail.com>wrote:
*IPCOP** And DansGuardian* is a hard nut to crack. I tried the secure port mode(adding the s=https),it seemed as if it would work but never..It keeps trying n eventually i get timed out.
You are just not experienced enough in breaking out of a prison, or you just haven't explored the different options available out there but it's very possible to crack that nut, especially with tunneling, as someone mentioned. If you were resident in China, you'd find a way out quite easily - the need will make you innovative:-) Let me advise you: First do something interesting - break into the IPCOP box, then you'll see how easy it gets. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
participants (4)
-
Alex Nderitu -
Dennis Kioko -
Lawrence Kago -
Odhiambo Washington