Penetration Testing mailing list archives
Re: Tool to find hidden web proxy server
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 02 Sep 2004 22:25:32 +0200
El jue, 02 de 09 de 2004 a las 19:56, R. DuFresne escribió:
On 2 Sep 2004, Jose Maria Lopez wrote:El jue, 02 de 09 de 2004 a las 05:36, vinay mangal escribió:Dear all, Thanks for your suggestions. May be I am not able to define my question properly. This problem is strictly with in company internet access firewall and in the LAN only. In a company, policy for Internet access says it is through IP only. The others can not browse the internet. This policy is implemented on firewall. Few smart guys have installed free proxy server running on non default ports and distributed the internet access to their friends. The firewall sees the traffic coming from the authorized IP and does not stop them. We want to know who has installed proxy on there machine. I hope, I am able to clearly define my question. Thanks vinayWhat's happening in your LAN is called firewall tunneling of firewall piercing, and it's one of the security threats one have to deal of when you have a firewall. If the proxies are running in non-standard ports then you should close those ports in the firewall, if you have the default policy to block only some ports you should turn to block all ports and open only the ports you use (80, 21, 22, etc), or at least only admit the packets coming from an established connection, so you never let other machines to initiate connections to non-standard ports from outside your LAN. You could also use a sniffer like ethereal to watch the traffic at your firewall and see what IP addresses are tunneling traffic through standard or non standard ports, you probably can discern normal traffic from tunneled traffic with ethereal.Actually if only doing with with allowing new and or established though, providing ths FW in question is stateful, will not accomplish the task, the way to do this is to only allow in and out from specific IP's that should be serving the content being provided.
But if you allow in and out from specific ports you have at least a second level of security over what the original poster said it had. Only allowing out from some IPs it's possible, but I find it very difficult to make rules for the outer IPs, having in mind the original poster wants to have internet connection from the LAN for that machines.
Either internally scanning the network fr offending services and/or snooping traffic will be enugh to determine who is trying to break policy. There is no trick in this and any of the tools mentioned in the tread should do the trick. Thanks, Ron DuFresne
-- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: Tool to find hidden web proxy server, (continued)
- Re: Tool to find hidden web proxy server grutz (Sep 02)
- RE: Tool to find hidden web proxy server wnorth (Sep 02)
- Re: Tool to find hidden web proxy server vinay mangal (Sep 01)
- Re: Tool to find hidden web proxy server Javier Fernandez-Sanguino (Sep 02)
- Re: Tool to find hidden web proxy server Marc (Sep 02)
- Re: Tool to find hidden web proxy server Martin Mačok (Sep 02)
- Re: Tool to find hidden web proxy server Christine Kronberg (Sep 02)
- Re: Tool to find hidden web proxy server Paulo Henrique Fisch de Brito (Sep 02)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
- Re: Tool to find hidden web proxy server R. DuFresne (Sep 02)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
- Re: Tool to find hidden web proxy server Gary E. Miller (Sep 03)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 03)
- Re: Tool to find hidden web proxy server vinay mangal (Sep 01)
- Re: Tool to find hidden web proxy server Chris Brenton (Sep 02)
- Re: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
- Re: Tool to find hidden web proxy server hashem (Sep 02)
- Re: Tool to find hidden web proxy server Rogan Dawes (Sep 02)
- Re: Tool to find hidden web proxy server Thor (Sep 03)
- RE: Tool to find hidden web proxy server Aditya Deshmukh (Sep 03)
- Re: Tool to find hidden web proxy server Balaji Prasad (Sep 05)