[Full-Disclosure] RE: By passing surf control

["Otero, Hernan (EDS)" <HOtero@lanchile.cl>]

That is very easy if you can have a machine in the net with ssh server...

With a standard proxy that support CONNECT METHOD (Typically HTTPS
connections) using putty and a ssh server listening in port 443 you can
forward any port via tunneling.

Look at your logs looking for an endless HTTPS connection..., with tons of
traffic.

Regards,

Hernán

-----Original Message-----
From: Kudakwashe Chafa-Govha [mailto:KChafa-Govha@bankunitedfla.com] 
Sent: Miércoles, 25 de Febrero de 2004 17:04
To: 'pen-test@securityfocus.com'
Subject: By passing surf control

Hello Group,


Does anyone have any information on how to by pass a web content filter? We
use Surf Control to monitor and filter web content. However, I have one of
my users who was able to by pass this. We tried using a proxy to by pass
just for testing purposes but it did not work. I am still trying to figure
out what other method he used to do so. If anyone has any information , it
will be greatly appreciated.

Thanks

Kuda

****************************************************************************
**********************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or
the 
sender immediately. Unless you are the intended recipient or his/her
representative 
you are not authorized to, and must not, read, copy, distribute, use or
retain this 
message or any part of it. 
****************************************************************************
**********************


---------------------------------------------------------------------------
----------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html