Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proxies

From: nosp <nosp () xades com>
Date: Fri, 31 Oct 2003 17:56:53 +0000
On Fri, 2003-10-31 at 17:20, Earl Keyser wrote:

Besides suspending them, we made one technological change. Outgoing
ports 8000, 8080, 8888 and 3128 are now blocked at the firewall.

Can anyone suggest further refinements to reduce this kind of abuse? I
know some proxies run on port 80, but I'll have to live with that.


Make their IE's autoconfigure to a proxy server you set up, then
disallow all internal --> external HTTP connections bar from your
proxy?  Maybe your cisco cache engine = proxy server in which case,
presumably the problem is you can't prevent them changing their proxy
settings?  You can "encourage" them by preventing internal --> external
HTTP access, I suppose (just based on ports is the crude way).  But if
you don't want to do that you may have to inspect each connection
initiation packet to see if it's HTTP...since it's not hard to spread
the traffic out over any port.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: