Firewall Wizards mailing list archives

Re: Prevent proxy chaining

From: Michael Still <mikal () stillhq com>
Date: Thu, 9 May 2002 11:34:24 +1000

On Tue, 7 May 2002, Srinivasa Addepalli wrote:

Whenever your firewall gets the port 80 request (SYN), you can
do reverse HTTP connection ie send TCP connect to source IP. If it
succeeds, it can be assumed that, the request came from proxy and
your firewall can log a message to the administartor or possibly
block the request. This scheme does not work, if client machine requires
HTTP server.


I can also have my screening router drop traffic on port 80 from the proxy
I am pointing to upline, which means that this detection method wont work.

Cheers,
Mikal

-- 

Michael Still (mikal () stillhq com)     UMT+10hrs

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Prevent proxy chaining Siebenkaes Stefan (May 07)
- Re: Prevent proxy chaining Stephane Nasdrovisky (May 08)
- Re: Prevent proxy chaining Srinivasa Addepalli (May 08)
  - Re: Prevent proxy chaining Michael Still (May 09)