Firewall Wizards mailing list archives
Re: Prevent proxy chaining
From: Srinivasa Addepalli <srao () intotoinc com>
Date: Tue, 7 May 2002 07:42:25 -0700 (PDT)
As I understand, you want to differentiate the client-to-proxy and proxy-to-proxy traffic. Typically proxies run on port 80 too. Whenever your firewall gets the port 80 request (SYN), you can do reverse HTTP connection ie send TCP connect to source IP. If it succeeds, it can be assumed that, the request came from proxy and your firewall can log a message to the administartor or possibly block the request. This scheme does not work, if client machine requires HTTP server. Srini On Mon, 6 May 2002, Siebenkaes Stefan wrote:
Hi there, what actions do you take to prevent proxy-chaining? Due to billing and security reasons we do not want to let people build own proxy servers to chain them via our central proxy farm. How can I identify wether the client is a client or a proxy? Is there a best practice? I could watch volume or hits/second, but AFAIK theres no need for a proxy to identify as proxy... Bye, Stefan -- Stefan Siebenkaes Systemingenieur Security Systemarchitektur & Plattformen ITELLIUM Systems & Services GmbH Hundingstrasse 11b 90431 Nuernberg Germany Tel.: +49-911-14-20209 Fax.: +49-911-14-26433 mailto:stefan.siebenkaes () itellium com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- Srinivasa Rao Addepalli Intoto Inc. (Enabling Security Infrastructure) 3160, De La Cruz Blvd #100 Santa Clara, CA USA _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Prevent proxy chaining Siebenkaes Stefan (May 07)
- Re: Prevent proxy chaining Stephane Nasdrovisky (May 08)
- Re: Prevent proxy chaining Srinivasa Addepalli (May 08)
- Re: Prevent proxy chaining Michael Still (May 09)