#arpnetworks 2015-02-07,Sat

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
antmercutio: i'm a bit late to the party, but it looks like you can use squid to transparently proxy https: http://www.squid-cache.org/Doc/config/https_port/ . sure, you will have to install your own ca certificate on the clients and make sure that they don't do public key pinning but in a controlled environment that might work [03:07]
mercutioant: it's probably more complicated than doing it with dns [03:13]
antmercutio: if you just want to block youtube, most probably [03:14]
mercutioant: it's anisfarhana that wanted to block youtube, but yeah. [03:14]
antmercutio: yeah, i didn't actually meant _you_ with "you" ;) [03:15]
mercutioyeah
generic you
[03:15]
brycecheh [03:16]
antat my former school i once tried to block gaming sites and other non-school-realted stuff via the web proxy. but i ended up realising that one should try to solve social problems by technical measures [03:17]
brycecFor that matter, it's technically possible to filter https by examining the SNI in-transit and blocking the connection appropriately. (I'm not aware of any f/oss out there that does this, but I know how several firewall vendors do it) [03:17]
mercutiobrycec: that's an interesting idea.
i'm against blocking myself
[03:18]
brycecEven if it's blocking a botnet that uses https for control? [03:18]
mercutiowell botnets may pretend to be facebook or something :/
but yeah i'm not a big fan of dpi
it's too hard to keep up with
[03:19]
brycec(or another very legit use case, eg compliance or other "government rules") [03:19]
mercutioand leads to too much complexity.
yeah there's a little danger in government enforced access blocks coming out more
already a lot of countries do dns blocking
sometimes forcing isp's hands.
[03:19]
brycec(I was referring to PCI-DSS compliance, but maybe that's not actually government-driven) [03:20]
antwhoops. just realised that i said the opposite of what i meant...one should _not_ try to solve social problems by technical measures [03:20]
brycec^ makes more sense now [03:20]
mercutioant: we knew what you meant
well i knew at least :)
lots of workplaces monitor usage of facebook tehse days afaik
but people are shifting more and more to passive monitoring.
if people know that they're being watched they'll avoid detection
and someone using facebook ontheir phone at work is no beter than their office pc as far as time wasting
as long as disabling flash facebook is probably "reasonably safe"
[03:20]
............. (idle for 1h1mn)
***qbit has quit IRC (Ping timeout: 264 seconds)
qbit has joined #arpnetworks
qbit is now known as Guest61504
[04:24]
...... (idle for 27mn)
Guest61504 is now known as qbit [04:52]
.... (idle for 17mn)
qbit_ has joined #arpnetworks
qbit_ has quit IRC (Client Quit)
[05:09]
...... (idle for 26mn)
mnathani has quit IRC (Ping timeout: 252 seconds) [05:35]
mnathani has joined #arpnetworks [05:46]
............. (idle for 1h0mn)
mjp has quit IRC (*.net *.split)
toeshred has quit IRC (*.net *.split)
awyeah has quit IRC (*.net *.split)
jcv has quit IRC (*.net *.split)
anisfarhana has quit IRC (*.net *.split)
jcv has joined #arpnetworks
mjp has joined #arpnetworks
toeshred has joined #arpnetworks
awyeah has joined #arpnetworks
[06:46]
anis has joined #arpnetworks [06:51]
ziyourenxiang has joined #arpnetworks [07:04]
ziyourenxiang has quit IRC (Client Quit) [07:09]
.............. (idle for 1h6mn)
medum has quit IRC (Remote host closed the connection) [08:15]
............................ (idle for 2h18mn)
anis is now known as anisfarhana
anisfarhana has quit IRC (Changing host)
anisfarhana has joined #arpnetworks
[10:33]
.......................... (idle for 2h8mn)
mkbbdmail [12:41]
............................................................. (idle for 5h3mn)
mnathani_mercutio: doesnt have to be human readable compression (for that ipv6 listings) Perhaps only calculate a /64 listed out then we can multiply [17:44]
..... (idle for 23mn)
mercutioweird google's just changed their dns infrastructure it seems
and www.google.com isn't working properly for me, which used to be a cname from www.google.co.nz
but www.google.co.nz now has a direct a record.
and the ip addresses on multiple dns all seemed to change, and the reverse lookups look different.
oh and now they're returning single records instead of like 8
[18:07]
..... (idle for 24mn)
***ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Client Quit)
[18:33]
medum has joined #arpnetworks [18:39]
mkbmercutio, not here [18:53]
mercutiomkb: it came right again. [18:57]
BryceBotThat's what she said!! [18:57]
mercutioit was giving SERVFAIL
it seems there are a whole lot of 216 addresses suddenly when there were 74.125 ones before.
but i found something to do dns lookups around the world, and some people seem to have the older addresses still. i assume they're changing things around a bit
[18:57]
........................... (idle for 2h12mn)
***dj_goku has quit IRC (Read error: Connection reset by peer)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
[21:10]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)