View Single Post
  #5   (View Single Post)  
Old 19th April 2009
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366

Even transparent proxy setups need to allow initial DNS lookups, and these DNS lookups are a way of getting around restricions: proxies or VPNs running on port 53, or, if you prevent that, take a look at http-over-DNS! Automatically configuring your proxy (for instance, using that rather horrid 'wpad' protocol) may allow you to close the DNS hole, but it will trip up some browsers. The other way is to mess around with captive portals and dual horizon DNS - find out about them if you'd like a headache.
You will have to allow https: on port 443, and once you allow encrypted traffic through, you have no control over what that encrypted traffic may be.

In conclusion, do what you can, but be aware that nothing can be 100% secure.
The only dumb question is a question not asked.
The only dumb answer is an answer not given.

Last edited by robbak; 19th April 2009 at 02:01 AM.
Reply With Quote