Quote:
Originally Posted by jca111
Exactly, this is my point. It does not even need to redirect, it just needs to be set up on port X. Anything can link to it (email, website etc). Port numbers are just a "recommendation", if you want, of which port (which is just a suffix really on the IP Packet) to send different types of protocols down (e.g.80, 443 we are all familiar with, but 20 & 21 for FTP etc). There is nothing to stop you using ANY port for ANY protocol as far as I am aware (some firewalls may flag this however).
So the only way phorm anti-phishing can work is to scan all ports and analyse and recognise what protocols are being used.
Otherwise the anti-phish system will fail. If a phisher can circumvent detection in any way - they will.
This is so simple to circumvent - its embarrassing!
Unless..... No they cant be can they.... Scanning all ports???????? Nah!
|
http://www.badphorm.co.uk/e107_plugi...topic.php?4267
Right now, I'm using -p tcp --dport 80 -j REDIRECT --to-ports 3128 to
transparently proxy web traffic to a running squid.
I'd like to be able to balance between several running squid
processes, say, on 3128, 3129, 3130, and 3131.
The --to-ports option to REDIRECT says it can take a port range,
which I tried ("--to-ports 3128-3131"), but it only rewrites the dest
port to 3128. What is a port range option to --to-ports ever used for?
This is part of a conversation between 121Media and a Support Forum for Squid, during the initial creation of Webwise. It indicates the ports they would like to redirect to, and also the Port they wished to intercept.
Unfortunately nothing about whether they will intercept anything on any other port.