Security Basics mailing list archives
RE: Network Misuse
From: "Kevin Ortloff" <Kevin.Ortloff () j2global com>
Date: Fri, 17 Aug 2007 13:22:03 -0700
Also, the best way to do this is to use DNS forwarders to a address like 0.0.0.0. This will prevent the connection all together. Be aware that yahoo and MSN has a website out there that does not use normal IM ports. It's over port 80. But in a proxy, you can deny the site. ars.oscar.aol.com AOL Instant Messenger (AIM) login.oscar.aol.com AOL Instant Messenger (AIM) relay.msg.yahoo.com Yahoo! Messenger scs.msg.yahoo.com Yahoo! Messenger scsa.msg.yahoo.com Yahoo! Messenger scsb.msg.yahoo.com Yahoo! Messenger scsc.msg.yahoo.com Yahoo! Messenger scsd.msg.yahoo.com Yahoo! Messenger messenger.hotmail.com MSN Messenger messenger.msn.com MSN Messenger gateway.messenger.hotmail.com MSN Messenger talk.google.com Google Talk A few websites to block Meebo.com webmessenger.msn.com webmessenger.yahoo.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nikhil Wagholikar Sent: Thursday, August 16, 2007 8:16 PM To: security-basics () securityfocus com Subject: Re: Network Misuse Hi Mohamad, Kurt Buff's suggestion is very fantastic & upto the point; just connect to remote registry of client's machine & have a look into the registry key which he has mentioned. However, in a domain based environment, its always good to disallow users to change their IE's proxy settings. Step 1. Set a global group policy "proxy settings" either for all users or for particular OU by navigating to: User's Configuration/Windows Settings/Internet Explorer Maintenance/Connection/ Under this, we have a policy called "Proxy Settings". Set this to whatever is suitable. Step 2. Then disallow globally or user's in that particular OU (whichever you planed for), by navigating to: User's Configuration/Administrative Templates/Windows Components/Internet Explorer/ Here 'Enable' the setting called "Disable Changing Proxy Settings". And you are done. Get relaxed since from now onwards, no global user or users within modified OU (whichever you had set for) will ever be able to change or switch to any other proxy server & hence will not be able to use any software like Yahoo or MSN Messenger. ------- Nikhil Wagholikar Information Security Analyst NII Consulting Web: http://www.niiconsulting.com On 8/15/07, Mohamad Mneimneh <Mohamad.Mneimneh () dargroup com> wrote:
Hi List, I am seeing users on my LAN using unauthorized sw such as msn
messenger.
By default, this service is blocked for the average user. I am suspecting that these users have set another proxy in their IE browser
than that of the local site, possibly the proxy of one on the company's remote sites where no such restrictions exist, or even worse
using some tunneling mechanism. My question is: Is there any way to obtain the Internet Explorer's proxy settings remotely so I can confirm this? Thanks, -Mohamad.
Current thread:
- Network Misuse Mohamad Mneimneh (Aug 16)
- Re: Network Misuse Kurt Buff (Aug 16)
- Re: Network Misuse Tima Soni (Aug 17)
- RE: Network Misuse Hayden Searle (Aug 17)
- Donning an investigative hat WALI (Aug 17)
- Re: Network Misuse Nikhil Wagholikar (Aug 17)
- RE: Network Misuse Kevin Ortloff (Aug 17)
- <Possible follow-ups>
- Re: Network Misuse vordemkrieg (Aug 20)
- RE: Network Misuse Dereck Martin (Aug 20)
- Re: Network Misuse Kurt Buff (Aug 16)