Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Tool to find hidden web proxy server

From: Christine Kronberg <Christine_Kronberg () genua de>
Date: Thu, 2 Sep 2004 10:34:55 +0200 (CEST)

  Hi,


This problem is strictly with in company internet access firewall and in the
LAN only. In a company, policy for Internet access says it is through IP
only. The others can not browse the internet. This policy is implemented on
firewall. Few smart guys have installed free proxy server running on non
default ports and distributed the internet access to their friends. The
firewall sees the traffic coming from the authorized IP and does not stop
them. We want to know who has installed proxy on there machine.


  What about setting up snort sensors to sniff the LAN for HTTP proxy
  traffic by excluding the "good" IPs as sources? Or the other way round:
  Configuring the IDS to sniff HTTP Proxy connections to the "good" IPs?
  This should bring up those who connect to those proxies as well as the
  proxies themselves.

  Cheers,


                                                         Chris Kronberg.


--
GeNUA mbH


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: