Re: Tool to find hidden web proxy server
From: Jose Maria Lopez (jkerouac_at_bgsec.com)
Date: 09/02/04
- Previous message: Murtland, Jerry: "Instant Messenger"
- In reply to: R. DuFresne: "Re: Tool to find hidden web proxy server"
- Next in thread: Gary E. Miller: "Re: Tool to find hidden web proxy server"
- Reply: Gary E. Miller: "Re: Tool to find hidden web proxy server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: 02 Sep 2004 22:25:32 +0200
El jue, 02 de 09 de 2004 a las 19:56, R. DuFresne escribió:
> On 2 Sep 2004, Jose Maria Lopez wrote:
>
> > El jue, 02 de 09 de 2004 a las 05:36, vinay mangal escribió:
> > > Dear all,
> > >
> > > Thanks for your suggestions. May be I am not able to define my question
> > > properly.
> > >
> > > This problem is strictly with in company internet access firewall and in the
> > > LAN only. In a company, policy for Internet access says it is through IP
> > > only. The others can not browse the internet. This policy is implemented on
> > > firewall. Few smart guys have installed free proxy server running on non
> > > default ports and distributed the internet access to their friends. The
> > > firewall sees the traffic coming from the authorized IP and does not stop
> > > them. We want to know who has installed proxy on there machine.
> > >
> > > I hope, I am able to clearly define my question. Thanks
> > >
> > >
> > > vinay
> >
> > What's happening in your LAN is called firewall tunneling of firewall
> > piercing, and it's one of the security threats one have to deal of when
> > you have a firewall. If the proxies are running in non-standard ports
> > then you should close those ports in the firewall, if you have the
> > default policy to block only some ports you should turn to block all
> > ports and open only the ports you use (80, 21, 22, etc), or at least
> > only admit the packets coming from an established connection, so you
> > never let other machines to initiate connections to non-standard ports
> > from outside your LAN.
> >
> > You could also use a sniffer like ethereal to watch the traffic at your
> > firewall and see what IP addresses are tunneling traffic through
> > standard or non standard ports, you probably can discern normal traffic
> > from tunneled traffic with ethereal.
>
> Actually if only doing with with allowing new and or established though,
> providing ths FW in question is stateful, will not accomplish the task,
> the way to do this is to only allow in and out from specific IP's that
> should be serving the content being provided.
But if you allow in and out from specific ports you have at least a
second level of security over what the original poster said it had.
Only allowing out from some IPs it's possible, but I find it very
difficult to make rules for the outer IPs, having in mind the original
poster wants to have internet connection from the LAN for that
machines.
>
> Either internally scanning the network fr offending services and/or
> snooping traffic will be enugh to determine who is trying to break policy.
> There is no trick in this and any of the tools mentioned in the tread
> should do the trick.
>
> Thanks,
>
> Ron DuFresne
-- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
- Previous message: Murtland, Jerry: "Instant Messenger"
- In reply to: R. DuFresne: "Re: Tool to find hidden web proxy server"
- Next in thread: Gary E. Miller: "Re: Tool to find hidden web proxy server"
- Reply: Gary E. Miller: "Re: Tool to find hidden web proxy server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
