Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Find web proxy servers

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: Find web proxy servers
Date: Thu, 27 Oct 2005 09:13:13 -0400 
At 08:54 AM 10/27/2005, Shahid Sharif wrote:

Hi,

Are there any checks that I can enable to look specifically for web proxies in my environment?

Thank you
Shahid Sharif


It depends what you want to find. If you want to find a specific web proxy
tool like "squid", Nessus should find them through service discovery. If
you are more interested in just finding anything that can proxy a web
or even TCP connection, you should start by looking at plugins 10192,
10195 and 10194.

There are also a several vulnerabilities in commercial and open source proxy
tools. Just typing the word 'proxy' into the search interface at:

http://www.nessus.org/plugins/index.php?view=search

is also a good way to find out other web proxy issues you might be interested
in your environment for.

If you are looking to audit proxies that are supposed to be there, you can
also tune your scans to look just for the common web and web proxy ports.
But if you are looking for things that may have been installed by spyware,
perhaps to relay SPAM mail, you should consider doing a full port scan.

For example, we've seen a lot of backdoor web-proxy programs installed on
ports above 32,000 used by the evil SPAMers.

Hope this helps.

Ron Gula, CTO
Tenable Network Security


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Find web proxy servers, Shahid Sharif
Next by Date:  New Plugin output, Michael Gargiullo
Previous by Thread:  Find web proxy servers, Shahid Sharif
Next by Thread:  New Plugin output, Michael Gargiullo
Indexes:  [Date] [Thread] [Top] [All Lists]