Block WWW.ORKUT.COM
Patrick Proniewski
patpro at patpro.net
Fri Aug 3 08:54:23 UTC 2007
On 03 août 2007, at 10:31, Fai Cheng wrote:
> I don't think this is impossible. depends on how you could
> configure the
> firewall. If you can block all traffics but allow those only you
> need. (e.g.
> to your partner site only, deny all outgoing traffic)
this is a good solution (technically speaking), but unless your
working in a very tight security environment, you might prefer
education over extensive blocking.
> Modify the DNS / hosts files is a trick way but its work.
as long as the user won't put is own hosts file on his system.
> but you have to
> know what is behind the host. e.g. they can use orkut.l.google.com
> instead
> of www.orkut.com. So the white list approach is easier to handle.
> (If you
> can)
sure.
> Of course different proxy (e.g. running proxy in 80 or 443 port) is
> hard to
> block, this case you need to monitor the traffic and see any ppl go to
> specific host with large amount of traffic. So you may notice the
> problems.
not hard, just impossible (in a blacklist context), because there is
no way you can know every proxy/anonymizer. It's exactly the same a
fighting spam. You block something, the spammer will find his way in
again, you block it again, etc.
patpro
More information about the freebsd-pf
mailing list