Full Disclosure mailing list archives
Re: Proxies
From: nosp <nosp () xades com>
Date: Fri, 31 Oct 2003 17:56:53 +0000
On Fri, 2003-10-31 at 17:20, Earl Keyser wrote:
Besides suspending them, we made one technological change. Outgoing ports 8000, 8080, 8888 and 3128 are now blocked at the firewall. Can anyone suggest further refinements to reduce this kind of abuse? I know some proxies run on port 80, but I'll have to live with that.
Make their IE's autoconfigure to a proxy server you set up, then disallow all internal --> external HTTP connections bar from your proxy? Maybe your cisco cache engine = proxy server in which case, presumably the problem is you can't prevent them changing their proxy settings? You can "encourage" them by preventing internal --> external HTTP access, I suppose (just based on ports is the crude way). But if you don't want to do that you may have to inspect each connection initiation packet to see if it's HTTP...since it's not hard to spread the traffic out over any port. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Proxies Earl Keyser (Oct 31)
- Re: Proxies Jan Meijer (Oct 31)
- Re: Proxies Ben Nelson (Oct 31)
- Re: Proxies Gary E. Miller (Oct 31)
- Re: Proxies nosp (Oct 31)
- Re: Proxies Charles E. Hill (Oct 31)
- Re: Proxies Valdis . Kletnieks (Oct 31)
- Re: Proxies Ben Nelson (Oct 31)
- Re: Proxies Richard Spiers (Oct 31)
- RE: Proxies adam.richards (Oct 31)
- Re: Proxies Ben Nelson (Oct 31)
- Re: Proxies Richard Spiers (Oct 31)
- Re: Proxies Jakob Lell (Oct 31)
- <Possible follow-ups>
- RE: Proxies Bassett, Mark (Oct 31)
- RE: Proxies S G Masood (Oct 31)