LISTSERV - JOEBOX-L Archives

JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

	LISTSERV Archives
	JOEBOX-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: proxy list setting for mecguard
From:	Kyle Green <[log in to unmask]>
Reply To:	Joebox User <[log in to unmask]>
Date:	Thu, 30 Jun 2011 16:21:33 -0400
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (2299 bytes) , text/html (3349 bytes)


On Thursday, June 30, 2011 at 4:08 PM, Ray Soucy wrote:

> Are HTTP proxies (e.g. ones that require browser configuration) a
> common problem for you? Have you verified that they're using port 80
> and that MecGuard doesn't break them already? If it's not on port 80,
> then you might need to look at blocking traffic using Firewall rules.
I wouldn't say I spend hours a day dealing with them, but I know they've been used in the past. MECGuard might be dealing with most of them through the lists already, but those are rarely up-to-date. We're not 1:1 and have a lot of student-owned laptops (and iPads and iPod Touches) in our building.

I don't want to block HTTP traffic to ports that aren't 80 because that can break legitimate traffic.
> Secondly, you reference a proxy allow list; can you provide an example
> of a legitimate proxy? I can't think of one off the top of my head in
> a K12 context.
I'd (temporarily) forgotten that the JoeBox is the interface to MSLN. I was thinking about potential uses of squid or other caching proxy, but that'd be behind JoeBox sending traffic towards it and not between the JoeBox and the internet.

On the other hand, the minute you decide you don't need a capability....
> L7 filtering has proven to not be accurate enough for production use
> and our recommendation is to disable it on the Joebox. It makes use
> the the "L7-Filter" kernel module for Linux which does regex pattern
> matching on packet payload, but lacks intelligence to determine packet
> progression and thus can quickly lead to a lot of false positives (one
> example is that many of the L7 filters on the Joebox will block time
> updates to time.apple.com (http://time.apple.com)).
L7 filtering might not be accurate enough for production use, but I've done some tweaking of it and MSLN hasn't forwarded me any DMCA takedown notices since I turned it on. :) (It used to be one or two a month.) 
> The focus, for now at least, is to make sure that MecGuard is
> providing a reasonable level of filtering in comparison to other
> solutions. Feedback from some would seem to indicate that MecGuard is
> currently falling short; and that is something I'm very interested in
> and want to have resolved before school starts up again.
I guess I'm in the minority of people who don't have a lot of problems with it.

ATOM RSS1 RSS2

LISTS.MAINE.EDU