Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proxy Port detection

from [Steve Crapo] Network Security [Permanent Link]
Subject: Re: Proxy Port detection
Date: Thu, 23 Dec 2004 14:46:25 -0500 
URL requests that are not going through a proxy just request the
subpage, such as " GET /index.html " in the HTTP header for example,
they do not include the host site. When going through a proxy that is
configured through a browser, the request includes the full URL "GET
http://www.test.com/index.html " 

So you could filter outbound requests that include the full URL in the
HTTP headers GET request. This will not help you if they use the
web-based proxies like proxify.com or anonymizer.com though, you will
have to block those sites manually by address.



There is a way to grey out the proxy settings inside 'LAN settings'
field so that the users can not change it as well. Desktop policies is
out my area, but I found these REG keys in some articles on the web.
Seems to work, but you would have to have a method of pushing registry
changes to your users.

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel]
"Autoconfig"=dword:00000001
"Proxy"=dword:00000001

Setting these values to 1 greys them out, 0 unlocks it.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
"ProxyEnable"=dword:00000000

Setting it to 0 is no proxy enabled.

Not foolproof, but probably helpful.






John Madden <chiwawa999@yahoo.com> 12/22/2004 10:45:07 AM >>>

Hi,

In our enterprise we have URL filtering capabilities
and we restrict the usual sites (Porn, Sports,
Gambling etc..)

We do not use a proxy, so everyone goes directly to
the internet. 

I believe that some users put in their proxy settings
an anonymous proxy using port 80 (which is obviously
allowed) and in that manner avoid the restriction of
the URL filtering.

First thoughts:

- Blocking all the anonymous proxy is imposible and  
would be a full time job
- The use of a proxy is not an option right now

Is there any way to detect this type of traffic
(HTTP-Proxy) ?

I'm sure someone had this problem before...

Any help would be appreciated.

Thanks


                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: what is required for an engineer to become an SECURITY engineer, Ravi Kumar
Next by Date:  Re: Proxy Port detection, Ivan Coric
Previous by Thread:  Re: Proxy Port detection, Alexander Klimov
Next by Thread:  Re: Proxy Port detection, Ivan Coric
Indexes:  [Date] [Thread] [Top] [All Lists]