Dyyryath
04-08-2002, 12:00 PM
As the Online Systems Administrator at work, I try to keep up with some of the various ways that users "work around" our firewall policies and proxies. Sometimes I take exception to these efforts and do something about it, sometimes I don't.
However, while searching the web for new tools that allow users to bypass our systems, I found this:
Loohole (http://www.loopholesoftware.com/index.jsp)
I haven't experimented with it yet, but it might be of use to some of you who have trouble running DC clients due to firewall and proxy policies. Often times, your SA might not mind you running DC clients (I don't), but they might not be willing to make changes to their security policies for the sole purpose of making it easier.
The theory behind this tool seems sound. You need access to some type of broadband access either at home or somewhere else where you can install the server.
Then, any network communication that needs to be done by your software that is behind a firewall/proxy is taken by the Loophole client, encrypted, and sent via a specified port (I'm guessing 80) to the server. The server grabs it, makes the communication over the correct protocols on your behalf, takes the reply, re-encrypts it, and sends it back via the same port it came from.
Will this work with DC clients? How configurable is it? I don't know. I haven't experimented with it yet, but I'm going to. Not because I need to send DC data, but rather because I need to figure out how to detect it. ;)
At any rate, I thought some of you might find this piece of software intrigiuing. Some of the more technical minded of our audience might also find the "approach" interesting. I could write something like this myself pretty easily, so any of our other programmers probably could, too.
However, while searching the web for new tools that allow users to bypass our systems, I found this:
Loohole (http://www.loopholesoftware.com/index.jsp)
I haven't experimented with it yet, but it might be of use to some of you who have trouble running DC clients due to firewall and proxy policies. Often times, your SA might not mind you running DC clients (I don't), but they might not be willing to make changes to their security policies for the sole purpose of making it easier.
The theory behind this tool seems sound. You need access to some type of broadband access either at home or somewhere else where you can install the server.
Then, any network communication that needs to be done by your software that is behind a firewall/proxy is taken by the Loophole client, encrypted, and sent via a specified port (I'm guessing 80) to the server. The server grabs it, makes the communication over the correct protocols on your behalf, takes the reply, re-encrypts it, and sends it back via the same port it came from.
Will this work with DC clients? How configurable is it? I don't know. I haven't experimented with it yet, but I'm going to. Not because I need to send DC data, but rather because I need to figure out how to detect it. ;)
At any rate, I thought some of you might find this piece of software intrigiuing. Some of the more technical minded of our audience might also find the "approach" interesting. I could write something like this myself pretty easily, so any of our other programmers probably could, too.