Home page logo

basics logo Security Basics mailing list archives

RE: Network Misuse
From: "Kevin Ortloff" <Kevin.Ortloff () j2global com>
Date: Fri, 17 Aug 2007 13:22:03 -0700

Also, the best way to do this is to use DNS forwarders to a address like This will prevent the connection all together. Be aware that
yahoo and MSN has a website out there that does not use normal IM ports.
It's over port 80. But in a proxy, you can deny the site.

ars.oscar.aol.com                          AOL Instant Messenger (AIM)
login.oscar.aol.com                        AOL Instant Messenger (AIM)

relay.msg.yahoo.com                        Yahoo! Messenger
scs.msg.yahoo.com                          Yahoo! Messenger
scsa.msg.yahoo.com                         Yahoo! Messenger
scsb.msg.yahoo.com                         Yahoo! Messenger
scsc.msg.yahoo.com                         Yahoo! Messenger
scsd.msg.yahoo.com                         Yahoo! Messenger

messenger.hotmail.com                      MSN Messenger
messenger.msn.com                          MSN Messenger
gateway.messenger.hotmail.com              MSN Messenger

talk.google.com                            Google Talk 

A few websites to block


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Nikhil Wagholikar
Sent: Thursday, August 16, 2007 8:16 PM
To: security-basics () securityfocus com
Subject: Re: Network Misuse

Hi Mohamad,

Kurt Buff's suggestion is very fantastic & upto the point; just connect
to remote registry of client's machine & have a look into the registry
key which he has mentioned.

However, in a domain based environment, its always good to disallow
users to change their IE's proxy settings.

Step 1. Set a global group policy "proxy settings" either for all users
or for particular OU by navigating to:

User's Configuration/Windows Settings/Internet Explorer

Under this, we have a policy called "Proxy Settings". Set this to
whatever is suitable.

Step 2. Then disallow globally or user's in that particular OU
(whichever you planed for), by navigating to:

User's Configuration/Administrative Templates/Windows
Components/Internet Explorer/

Here 'Enable' the setting called "Disable Changing Proxy Settings".

And you are done.

Get relaxed since from now onwards, no global user or users within
modified OU (whichever you had set for) will ever be able to change or
switch to any other proxy server & hence will not be able to use any
software like Yahoo or MSN Messenger.

Nikhil Wagholikar
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com

On 8/15/07, Mohamad Mneimneh <Mohamad.Mneimneh () dargroup com> wrote:
Hi List,

I am seeing users on my LAN using unauthorized sw such as msn
By default, this service is blocked for the average user. I am 
suspecting that these users have set another proxy in their IE browser

than that of the local site, possibly the proxy of one on the 
company's remote sites where no such restrictions exist, or even worse

using some tunneling mechanism.

My question is: Is there any way to obtain the Internet Explorer's 
proxy settings remotely so I can confirm this?



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]