Re: Tool to find hidden web proxy server

From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 09/02/04

  • Next message: Chris Brenton: "Re: Tool to find hidden web proxy server" 
    Date: Thu, 2 Sep 2004 13:56:10 -0400 (EDT)
To: Jose Maria Lopez <jkerouac@bgsec.com>

    On 2 Sep 2004, Jose Maria Lopez wrote:

    > El jue, 02 de 09 de 2004 a las 05:36, vinay mangal escribió:
    > > Dear all,
    > >
    > > Thanks for your suggestions. May be I am not able to define my question
    > > properly.
    > >
    > > This problem is strictly with in company internet access firewall and in the
    > > LAN only. In a company, policy for Internet access says it is through IP
    > > only. The others can not browse the internet. This policy is implemented on
    > > firewall. Few smart guys have installed free proxy server running on non
    > > default ports and distributed the internet access to their friends. The
    > > firewall sees the traffic coming from the authorized IP and does not stop
    > > them. We want to know who has installed proxy on there machine.
    > >
    > > I hope, I am able to clearly define my question. Thanks
    > >
    > >
    > > vinay
    >
    > What's happening in your LAN is called firewall tunneling of firewall
    > piercing, and it's one of the security threats one have to deal of when
    > you have a firewall. If the proxies are running in non-standard ports
    > then you should close those ports in the firewall, if you have the
    > default policy to block only some ports you should turn to block all
    > ports and open only the ports you use (80, 21, 22, etc), or at least
    > only admit the packets coming from an established connection, so you
    > never let other machines to initiate connections to non-standard ports
    > from outside your LAN.
    >
    > You could also use a sniffer like ethereal to watch the traffic at your
    > firewall and see what IP addresses are tunneling traffic through
    > standard or non standard ports, you probably can discern normal traffic
    > from tunneled traffic with ethereal.

    Actually if only doing with with allowing new and or established though,
    providing ths FW in question is stateful, will not accomplish the task,
    the way to do this is to only allow in and out from specific IP's that
    should be serving the content being provided.

    Either internally scanning the network fr offending services and/or
    snooping traffic will be enugh to determine who is trying to break policy.
    There is no trick in this and any of the tools mentioned in the tread
    should do the trick.

    Thanks,

    Ron DuFresne 

    -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
  • Next message: Chris Brenton: "Re: Tool to find hidden web proxy server"

    Relevant Pages

    • Re: Tool to find hidden web proxy server
      ... > This problem is strictly with in company internet access firewall and in the ... policy for Internet access says it is through IP ... > default ports and distributed the internet access to their friends. ... The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. ...
      (Pen-Test)
    • Re: Returned vulnerabilities, Messenger Spam, pls. HELP
      ... You should not enable XP's firewall if you are also running ... check for verification I achieved stealth status for all ports it can check. ... As a result for one or two days there was no Messenger Spam on my screen. ... But the messenger spam returned in a series and rechecked security did find ...
      (microsoft.public.windowsxp.security_admin)
    • RE: NAT, Internet access and security
      ... NAT, Internet access and security ... if your system is secure a firewall is redundant. ... They have NO firewalls in place and are not implimenting NAT. ...
      (Security-Basics)
    • Re: P2P and Firewall
      ... > wireless network use. ... First off, firewalls are for security. ... them specific ports to use and configuring the firewall to allow them to use ... Bottom line, it's my opinion that the two, firewall and p2p, tend to be ...
      (comp.security.firewalls)
    • Re: network auditing
      ... You could have all the security holes under the sun and a firewall riddled wit holes, but if the hacker can get a valid user/pass combo they won't even bother to 'hack' away and maybe flag themselves up. ... Also, don't just look at what ports are open, look at what kinds of access you have from outside. ... I was just reading the thread on the "NASA security Audit" ...
      (Security-Basics)