Penetration Testing mailing list archives
RE: Tool to find hidden web proxy server
From: "Wozny, Scott (US - New York)" <swozny () deloitte com>
Date: Wed, 8 Sep 2004 16:19:30 -0400
To point 1, a router wouldn't change the SIP of the packet so the only reason a router would show up in an outbound web 'top talker' list is if it was proxying outbound connections using it's 'approved' IP (more accurately NATing rather than proxying but with the same effect of unauthorized IPs getting web access). In this case this is exactly what the original poster is looking for. I think it's one of the better options to find LIKELY proxy servers or NAT devices without the ability to look at the process table on every device on your network. It is, however, by no means foolproof. Likely you'll catch the most grievous offenders (dozens or hundreds of users on the same proxy) but those giving out access to only a couple of people probably won't pop to the top of your list. Scott -----Original Message----- From: Jose Maria Lopez [mailto:jkerouac () bgsec com] Sent: Friday, September 03, 2004 6:13 PM To: pen-test () securityfocus com Subject: RE: Tool to find hidden web proxy server El vie, 03 de 09 de 2004 a las 10:32, Singh, Yashpal escribió:
1. I think, you monitor the network traffic and see which authorized machines are generating the most of the traffic. And hen you can conclude who is running the proxy server on their machines.
That could be perfectly a router to other network, and maybe you can't see behind that device. This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: Tool to find hidden web proxy server, (continued)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server Christopher Adickes (Sep 04)
- RE: Tool to find hidden web proxy server Bénoni MARTIN (Sep 04)
- Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 07)
- Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Shashank Rai (Sep 08)
- Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 08)
- Re: Rogue activity methodology (was: Tool to find hidden web proxyserver) Dejan Markovic (Sep 09)
- Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 07)