Home page logo
/

basics logo Security Basics mailing list archives

Re: Proxy Port detection
From: "Steve Crapo" <CrapoS () dor state fl us>
Date: Thu, 23 Dec 2004 14:46:25 -0500

URL requests that are not going through a proxy just request the
subpage, such as " GET /index.html " in the HTTP header for example,
they do not include the host site. When going through a proxy that is
configured through a browser, the request includes the full URL "GET
http://www.test.com/index.html " 

So you could filter outbound requests that include the full URL in the
HTTP headers GET request. This will not help you if they use the
web-based proxies like proxify.com or anonymizer.com though, you will
have to block those sites manually by address.



There is a way to grey out the proxy settings inside 'LAN settings'
field so that the users can not change it as well. Desktop policies is
out my area, but I found these REG keys in some articles on the web.
Seems to work, but you would have to have a method of pushing registry
changes to your users.

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel]
"Autoconfig"=dword:00000001
"Proxy"=dword:00000001

Setting these values to 1 greys them out, 0 unlocks it.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
"ProxyEnable"=dword:00000000

Setting it to 0 is no proxy enabled.

Not foolproof, but probably helpful.





John Madden <chiwawa999 () yahoo com> 12/22/2004 10:45:07 AM >>>
Hi,

In our enterprise we have URL filtering capabilities
and we restrict the usual sites (Porn, Sports,
Gambling etc..)

We do not use a proxy, so everyone goes directly to
the internet. 

I believe that some users put in their proxy settings
an anonymous proxy using port 80 (which is obviously
allowed) and in that manner avoid the restriction of
the URL filtering.

First thoughts:

- Blocking all the anonymous proxy is imposible and  
would be a full time job
- The use of a proxy is not an option right now

Is there any way to detect this type of traffic
(HTTP-Proxy) ?

I'm sure someone had this problem before...

Any help would be appreciated.

Thanks


                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]