Re: Tool to find hidden web proxy server

From: Rogan Dawes (discard_at_dawes.za.net)
Date: 09/02/04

  • Next message: Gary E. Miller: "Re: Tool to find hidden web proxy server"
    Date: Thu, 02 Sep 2004 09:08:55 +0200
    To: vinay mangal <vinay.mangal@eil.co.in>
    
    

    vinay mangal wrote:

    > Dear all,
    >
    > Thanks for your suggestions. May be I am not able to define my question
    > properly.
    >
    > This problem is strictly with in company internet access firewall and in the
    > LAN only. In a company, policy for Internet access says it is through IP
    > only. The others can not browse the internet. This policy is implemented on
    > firewall. Few smart guys have installed free proxy server running on non
    > default ports and distributed the internet access to their friends. The
    > firewall sees the traffic coming from the authorized IP and does not stop
    > them. We want to know who has installed proxy on there machine.
    >
    > I hope, I am able to clearly define my question. Thanks
    >
    >
    > vinay

    In that case, you should be looking for traffic destined for a proxy
    server in your network.

    e.g.
    ngrep "HTTP/1" dst net yournetwork

    or something similar.

    Of course, if your network is switched, you will not see the traffic you
    need unless your sniffer is attached to a mirrored port on your switch.

    My recommendation is to have the security policy redistributed (if it
    already contains such prohibitions) or updated, and then point out to
    all your users that contravention of the security policy is a firing
    offence.

    Your best bet to identify violators is to use (a variation of) the ngrep
    mentioned above, but make sure that you are seeing the necessary traffic
    via the switched port.

    Hope this helps.

    Rogan

    -- 
    Rogan Dawes
    *ALL* messages to discard@dawes.za.net will be dropped, and added
    to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------
    

  • Next message: Gary E. Miller: "Re: Tool to find hidden web proxy server"

    Relevant Pages

    • Re: Tool to find hidden web proxy server
      ... Internet access and check your logs for corresponding machines. ... >>To: Pen>>Subject: Tool to find hidden web proxy server>>>>Dear all,>>>>I am looking for a tool to find the hidden web proxy server in my local>>network. ... Check out our Advanced Hacking course,> learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • Re: "automatic" updates not working?
      ... internet access please? ... discovered that either the switch or router was mucking me about. ... fiddling with dns settings. ...
      (Ubuntu)
    • RE: Adding a second network card to exisiting SBS 2k3
      ... If you check out this article you should be able to switch over to a dual ... nic situation without any trouble: ... 825763 How to configure Internet access in Windows Small Business Server ...
      (microsoft.public.windows.server.sbs)
    • Re: "automatic" updates not working?
      ... internet access please? ... discovered that either the switch or router was mucking me about. ... fiddling with dns settings. ...
      (Ubuntu)
    • Property Grid IE hosting
      ... I am using property grid in my usercontrol and hosting it in IE and ... using the strong name and switched of the security policy using caspol ... But I don't want to completlty switch of security policy..Is there a ... by using caspol command or programmatically can we do this .. ...
      (microsoft.public.dotnet.languages.vb.controls)