Quote:
Originally Posted by Azure
We already use OpenDNS for their DNS service, and of course blocking the proxy sites. But that only blocks the actual websites. Which would block someone from downloading Tor.
Problem is there are a lot of other ways to still get the program. Free Wi-Fi at the library, airport, whatever.
|
Yeah blocking the actual download is pretty much useless.
Quote:
Originally Posted by Azure
You can create rules where all port 53 requests are blocked or redirected to the OpenDNS addresses that you specify on the gateway device.
|
True! Then I'll just run my own DNS server.
Quote:
Originally Posted by Azure
But the way I understand it Tor and other similar services operate over SSL, so the question is can Shaw, or any other big ISP company, actually prevent Tor from running if they do deep packet inspection.
|
Nope, at least not by inspecting the encrypted payload. I've seen people blocking specific things like HotSpotShield based on URL patterns and stuff, but that's just a cat/mouse game.
You can throw the encrypted packets to the bottom of the pile though, which could help with the network type issues. Doesn't help with circumvention of filters though. And might cause problems for people trying to do banking if you can't differentiate between Tor encrypted packets and IE ones.
Quote:
Originally Posted by Azure
From what I've read its a common problem that people are dealing with.
|
Yup. And it's a losing battle, if Iran and China can't do it, you aren't going to be able to either