Firewall Wizards mailing list archives
Re: Prevent proxy chaining
From: "Stephane Nasdrovisky" <stephane.nasdrovisky () uniway be>
Date: Tue, 07 May 2002 16:35:03 +0200
You may check http headers such as x-refferer, forwarded-by,... and other headers added by proxies. Unfortunatly, every proxy add its own header and may even not add headers at all. Such a filter would leave you with some false negatives (you'll not catch hackers). An other alternative would be to check there is only one agent type per ip address. As a single user may use netscape and ie on the same computer, you'll get a high false positive rate. Additionaly your customer's proxy or personal firewall may hide agent type or any other http header, thus, high false negative rate. You could also check for the source port. NT (and many others) are using a low sourceport, between 1024 and 2-3000 (considering the workstation is shutdown every day). There is a chance proxy servers are not rebooted so often, so blocking proxy access from ports higher than 4000 or 5000 would block proxies... and unix workstations. Has for the previous solution, high false and negative rates. You could also scan the client's ip for an open 1080,8080,8000 or 80 port during the first proxy access and discard this address for a while if it answers something. You'll get high negative rates as (personal) firewalls would block such connections. You should check you contracts allows you to scan your customers As far as I can imagine, there are no efficient way of blocking proxy chaining. I guess you want to avoid companies with 10 or 20 pcs using a low-end internet connection instead of purchasing a business access. Most (personal guess) of these companies have low IT knowledge and the first solution should fit your need.
How can I identify wether the client is a client or a proxy?
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Prevent proxy chaining Siebenkaes Stefan (May 07)
- Re: Prevent proxy chaining Stephane Nasdrovisky (May 08)
- Re: Prevent proxy chaining Srinivasa Addepalli (May 08)
- Re: Prevent proxy chaining Michael Still (May 09)