@Home bans VPNS

Marc VanHeyningen marcvh at AVENTAIL.COM
Fri Aug 25 17:42:43 EDT 2000


Joseph S D Yao sed:
> On Fri, Aug 25, 2000 at 09:00:51AM -0400, Dante Mercurio wrote:
> > IPSec uses IP Protocol 50, not TCP port 50. It also uses a TCP or UDP port,
> > but I don't have the listing handy. You can not change the IP protocol it is
> > running over. A scanner looking for IP Protocol 50 can find the packets
> > fairly easily, or block them altogether.
>
> Sorry, responded too late at night, of course you are right, I have
> corrected people on that myself.  ;-)  Certainly you could change it!
> SMOP - Simple Matter Of Programming - provided you had both sides with
> the same mods.  Unless you use closed-source software.  ;->

They also block other mechanisms of doing things they think might qualify
as VPNs; for example, they block port 1080 (SOCKS) which can be used for
remote access and the like.  I would guess they also have blocks for
PPTP (GRE), L2TP, and possibly SSH.

Of course, as you say, "hiding" services by changing their characteristics
to something non-standard is possible, though implementations (particularly
those involving appliances or other hardware) may not make it easy.

- Marc

--
Marc VanHeyningen                 marcvh at aventail.com
Internet Security Architect
Aventail                          http://www.aventail.com/

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list