Jump to content


Photo

User bypassing the 310 - HOW?


  • This topic is locked This topic is locked
14 replies to this topic

#1 joe sanfilippo

joe sanfilippo
  • Members
  • 0 posts

Posted 11 January 2010 - 11:18 AM

I have a user bypassing the 310 filter. This is a shared computer so multiple users work off of the same login ID. Someone found a way to bypass the filter and I have no idea how they are doing it. When I first noticed the issue I took the machine away and put a new computer in its place that I knwo has no access whatsoever toi the internet or local admin rights. I just checked again today 2 weeks later and the machine is accessing restricted pages again.. I cant find anything installed anywhere on the machine, no proxy addresses added to IE... Not sure of where else to look sinc ethe machine is 100% bypassing the filter and not even being loghged by the 310... Thanks in advance for all help!!

#2 John Anderson

John Anderson
  • Members
  • 0 posts

Posted 11 January 2010 - 12:49 PM

What is your deploment scenario? Inline, Proxy?

#3 joe sanfilippo

joe sanfilippo
  • Members
  • 0 posts

Posted 15 January 2010 - 09:57 AM

inline

#4 Charlotte

Charlotte
  • Barracuda Team Members
  • 0 posts

Posted 15 January 2010 - 10:23 AM

Have you run TCPDUMP or Packet Captures from your firewall or switch to investigate his traffic?

#5 joe sanfilippo

joe sanfilippo
  • Members
  • 0 posts

Posted 15 January 2010 - 10:25 AM

I have not used tcp dump - honestly I have never have used that command before.

#6 Charlotte

Charlotte
  • Barracuda Team Members
  • 0 posts

Posted 15 January 2010 - 10:31 AM

You may want to call our support team to help you investigate the problem further. Unfortunately, without access to your device, I am of limited use in helping you diagnose the problem.

#7 joe sanfilippo

joe sanfilippo
  • Members
  • 0 posts

Posted 15 January 2010 - 10:32 AM

I did call and they said since the users system is bypasses the filter and not being monitored - they cannot do anything about it.

#8 LoneRegister

LoneRegister
  • Members
  • 17 posts

Posted 18 January 2010 - 01:12 PM

You may wish to check the machine to make sure that it's IP Address is "inside" the range of filtered addresses - or that it's physically connected behind the barracuda device.

#9 convictus

convictus
  • Members
  • 7 posts

Posted 25 January 2010 - 01:04 PM

Your user is getting out because they are normal and type sites as www.sitename.com just like they where trained to by aol. "naked" sitenames is a recent advent and some sites (very few) won't load if you don't type the www.Category fitlers do not block sites if they add www.www.hollywoodtuna.com loads fine. The traffic is logged as adult, but not blockedhollywoodtuna.com is blocked this is a defect in the catagory filters.This is a failure what can be corrected with regex in the fillters
www|d.sitename.com
Barracuda needs to fix this on all of their filters.

#10 Lonnie Nagel

Lonnie Nagel
  • Members
  • 0 posts

Posted 26 January 2010 - 09:24 AM

I am not seeing this behavior on our 810 running v v4.2.0.013 ???? :?:

#11 Steve Poirier

Steve Poirier
  • Members
  • 8 posts

Posted 27 January 2010 - 03:26 PM

Could be using something like Ultrasurf. The developers are testing a blocking patch that works well.

#12 Vinnie McGee

Vinnie McGee
  • Members
  • 2 posts

Posted 19 March 2010 - 09:14 AM

I'm seeing two different ways users are getting by the webfilter 310 we have.1. Keep trying the website. Repeated attempts to gain access to a blocked site will eventually let you through. That's just the way it works. Probabbly has to do with the load on the box.2. They are using a proxy service to redirect their requests. There is a website called vtunnel.com that is an example of proxy bypassing.I constantly see people bypassing the webfilter. I am currently looking into replacing the 310 for this reason.

#13 TomG

TomG
  • Members
  • 4 posts

Posted 30 March 2010 - 11:35 AM

odd.I am not encountering any of the issues some of you folks are:www vs non_wwwI try the www.hollywoodtuna.com and it's BLOCKEDI try hollywoodtuna.com and it's BLOCKED.I BLOCK proxies sites so vtunnel.com, etc. are not accessible.I keep reloading the same BLOCKED site ... and it always stays BLOCKED.Obviously the order of exceptions to to bottom, Content Filter, Custom Categories, etc. play a HUGE role in what gets blocked successfully, once I figured this out all has worked fine.Not sure why some of you are having issues, I'm not having any problems. BTW, My system is as follows:- Barracuda 310- Firmware version 4.2.0.014 - Spyware Definition version 1.0.1829 (2010-03-30)- Virus Definition version 3.1.10744o (2010-03-30)- Category Definition version 1.0.1177 (2010-03-29)- Security Definition version 2.0.2

#14 Lonnie Nagel

Lonnie Nagel
  • Members
  • 0 posts

Posted 07 April 2010 - 09:02 AM

For whatever it's worth...My 410 does not exhibit any of this behavior either. I also block proxy sites (why would you want to leave those unblocked?)

#15 Wayne Cawelti

Wayne Cawelti
  • Members
  • 4 posts

Posted 10 May 2010 - 12:42 PM

I don't get any of those issues either..maybe network setup issues. :?