Penetration Testing mailing list archives
RE: bypassing employer's proxy to surf anonymously
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Tue, 13 Jun 2006 18:14:27 -0700
Request from the Moderator: Could we focus on what uses bypassing a proxy would serve in regards to pen-testing specifically? Thanks.
-----Original Message----- From: gimeshell () web de [mailto:gimeshell () web de] Sent: Tuesday, June 13, 2006 3:18 PM To: pen-test () securityfocus com Subject: Re: bypassing employer's proxy to surf anonymously On Tue, 13 Jun 2006 12:49:22 -0400 Karyn Pichnarczyk <karyn () sandstorm net> wrote: Hi,If a network is being used to transfer traffic, and something is physically monitoring all traffic (regardless of source/destination port, regardless of protocol, etc) then there's no way toprevent themfrom monitoring your traffic over that network. You'retalking aboutbypassing something in a lower network layer (physical)with somethingin a higher network layer (i.e. Data or Network). It's notgoing tohappen.I got hint to try out hidden data in dns traffic. That's not using any of local proxy's ports and thus might stay unrecognized in log files. Local proxy does only log proxy traffic coming in on ports 3128, 2121, 1080. There is no low-level 'packet-filter-logging'.Now hiding data in unsuspicious packets....depends on yourdefinitionof "unsuspicious" and the level of detail of the network admins are who are monitoring the traffic. If the net admins are usinga networkforensics analysis product you have to get fairly creative to hide your data.There is no packet capturing done. I like to call unsuspicious traffic all traffic which don't go through proxy's ports 3128, 2121, 1080. e.g. hidden data in DNS traffic. regards, gimeshell -------------------------------------------------------------- ---------------- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. -------------------------------------------------------------- ---------------- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.4/363 - Release Date: 6/13/2006
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.4/363 - Release Date: 6/13/2006 ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Re: bypassing employer's proxy to surf anonymously, (continued)
- Re: bypassing employer's proxy to surf anonymously Hubert Seiwert (Jun 13)
- Re: bypassing employer's proxy to surf anonymously alan (Jun 13)
- Re: bypassing employer's proxy to surf anonymously (Jun 13)
- Re: bypassing employer's proxy to surf anonymously dajackman (Jun 13)
- Re: bypassing employer's proxy to surf anonymously (Jun 14)
- Re: bypassing employer's proxy to surf anonymously Karyn Pichnarczyk (Jun 13)
- Re: bypassing employer's proxy to surf anonymously (Jun 13)
- RE: bypassing employer's proxy to surf anonymously Erin Carroll (Jun 13)
- Re: bypassing employer's proxy to surf anonymously Ivan Arce (Jun 13)
- Re: bypassing employer's proxy to surf anonymously (Jun 13)
- Re: bypassing employer's proxy to surf anonymously Hubert Seiwert (Jun 13)
- Re: bypassing employer s proxy to surf anonymously misiu (Jun 13)
- Re: bypassing employer s proxy to surf anonymously Mario Platt (Jun 13)
- Re: bypassing employer s proxy to surf anonymously gimeshell (Jun 14)
- Re: bypassing employer s proxy to surf anonymously Gary E. Miller (Jun 14)
- Re: bypassing employer s proxy to surf anonymously (Jun 15)
- Re: bypassing employer's proxy to surf anonymously Paul Robertson (Jun 13)
- RE: bypassing employer's proxy to surf anonymously alan (Jun 13)
- Re: bypassing employer's proxy to surf anonymously Aaron (Jun 14)