Like spectators at a fast-paced tennis match, savvy systems administrators could almost feel their heads spin with the rapid back-and-forth between publishers of a peer-to-peer application that allows computer users to foil internet content filters and the technicians determined to keep the blocked sites blocked.
In June, SafeWeb, a San Francisco-area internet security firm that advocates unfettered browsing of the internet, introduced an application called Triangle Boy. Advantage: uncensored browsers. But this month, an Orange, Calif., content management company announced its filtering solution is able to defeat Triangle Boy. Advantage: content managers.
SafeWeb said Triangle Boy is intended to give citizens of authoritarian countries free access to the information on the internet. Others worry it gives minors access to pornography. To appreciate the technological to-and-fro, you need to understand Triangle Boy. Based on explanations presented by SafeWeb, here’s basically how it works:
A student or other end-user downloads the 1 MB Triangle Boy application and installs it on his or her machine. Thus equipped, the user’s machine sends out requests for connections to a forbidden site. These data requests (or packets), when blocked by a firewall, seek out another machine on the internet also equipped with Triangle Boy.
Retaining IP (internet protocol) address information sufficient to identify the student’s machine, the intermediary computer running Triangle Boy forwards the student’s connection requests to a SafeWeb server. That server, in turn, sends the connection requests to the user’s intended destination. The server at the intended destination now responds to the initial content request but replies to the SafeWeb server. The requested content is encrypted by the SafeWeb server, which then “spoofs,” or mimics, the intermediary machine’s IP address and passes the content back the student’s machine. There, the content is decoded and served up on the student’s computer screen.
The content originates on a forbidden site, but the internet filtering system is tricked into seeing the incoming data packets as originating from the innocuous intermediary machine, which the filtering application has not been programmed to block.
8e6 Technologies Inc. claims its R200 Internet Filtering Server blocks access to the TriangleBoy network.
“We have found that Triangle Boy is a big concern for many of our clients, as it effectively gets around many of our competitor’s filtering products,” said 8e6’s Chief Technology Officer Dave Salch in a statement.
According to the company, R2000’s unique ability to detect use of the TriangleBoy product was made clear during a test of several different internet filtering tools at the Crowley Independent School District in Texas.
In Crowley, the district’s technology team ran demonstrations on a number of web filtering tools before concluding the R2000 was the only filter tested that was able to identify when users sought access to the TriangleBoy network.
“It was the only one we tested that could do it,” said Steve Stricklin, Crowley’s technology director. “But there may be other filters out there.”
According to Eric Lundbohm, director of marketing for 8e6, what impressed educators most wasn’t the ability of the R2000 product to monitor internet access, but rather the sheer number of people who had attempted to use TriangleBoy as a means of passing under the filter’s protection.
“I think it really surprised them when they saw how many people were going through the site,” Lundbohm said. “On the first day they implemented the filter, they already had people trying to get around it.”
The research revealed users had attempted to gain access to SafeWeb’s content more than 30 times in one 48-hour period. But, Stricklin admitted, there is no telling for sure if each user visited solely for access to Triangle Boy.
“All I can tell you is that they were there,” Stricklin said. “What they were doing there, I don’t know.”
N2H2, a company that provides web filters to 25,000 schools nationwide admits its services are not configured to detect use of Triangle Boy. But that’s because the service is not considered a bona fide threat in the school field, the company said.
“So far, we haven’t heard of Triangle Boy being a problem in our school districts. There are a number of reasons for this,” said David Burt, a spokesman for N2H2.
N2H2 said it was not worried about the use of TriangleBoy in schools, because SafeWeb has discontinued its efforts to push the product in the States, citing an inability to make a profit off the peer-to-peer service model.
Secondly, Burt said many schools already have solutions in place to prevent people from downloading or installing new applications onto school computers. In fact, companies such as Fortres Grand Inc. provide a number of tools to prohibit unauthorized users from installing or downloading client programs to school computers, he said.
“Frankly,” said Burt. “I don’t see much future in ‘peer-to-peer filter-defeating devices’ because unlike file-sharing devices, there is no potential money to be made here. That is also apparently what SafeWeb concluded.
“Were TriangleBoy ever to become a serious problem, we would take steps to stop it.” At 8e6, Lundbohm agreed the potential for unauthorized internet access in schools by way of Triangle Boy has decreased since SafeWeb changed its marketing focus.
“This is not a problem that is overtaking the world,” he said. But the development is significant because it marks just one of many new wrinkles school IT directors are sure to face as controversial products continue to burn quiet paths around advanced web-filtering tools.
“It’s like the virus business,” said Lundbohm. “You go to bed thinking you have found a way to stop all the viruses, then you wake and find there are still more problems to deal with. It’s a cat-and-mouse game.”
8e6 Technologies Inc.
Crowley Independent School District
Fortres Grand Inc.