Tools for Rendering Censorship Firewalls Ineffective

Bill Stewart stewarts at ix.netcom.com
Tue Oct 1 00:52:23 PDT 1996


At 05:24 PM 9/30/96 +0200, Gary Howland <gary at systemics.com> wrote:
>I would guess that most sites censoring http by IP would be doing so by
>only censoring the http port.  If the http servers were to be run on
>other ports too (perhaps well known ports like DNS), then this would
>make life a little harder for the bad guys.  

That's trivial - most web server software is happy to use ports
other than 80 if you tell it to, and it's not uncommon to see
web servers running on ports 8000 or 8080, especially if they're
run by regular users rather than root (which you need for port 80
on many Unix systems.)  Does anybody know if the German ISPs were
blocking XS4ALL's IP address just on port 80, on all ports, or on all but 25?

Using important well-known ports like DNS is inviting real trouble.
Borrowing from other protocols such as Quote-Of-The-Day or supdup
probably won't bother many people, though ports under 1024 may still
require root's cooperation and may be looked at skeptically by firewalls.


>I have some encrypted HTTP relay software if anyone is interested in
>setting up a server.

That could be interesting - do you have it on a web/ftp site?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto







More information about the cypherpunks-legacy mailing list