Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Tool to find hidden web proxy server
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 02 Sep 2004 18:55:53 +0200

El jue, 02 de 09 de 2004 a las 05:36, vinay mangal escribió:
Dear all,

Thanks for your suggestions. May be I am not able to define my question
properly.

This problem is strictly with in company internet access firewall and in the
LAN only. In a company, policy for Internet access says it is through IP
only. The others can not browse the internet. This policy is implemented on
firewall. Few smart guys have installed free proxy server running on non
default ports and distributed the internet access to their friends. The
firewall sees the traffic coming from the authorized IP and does not stop
them. We want to know who has installed proxy on there machine.

I hope, I am able to clearly define my question. Thanks


vinay

What's happening in your LAN is called firewall tunneling of firewall
piercing, and it's one of the security threats one have to deal of when
you have a firewall. If the proxies are running in non-standard ports
then you should close those ports in the firewall, if you have the
default policy to block only some ports you should turn to block all
ports and open only the ports you use (80, 21, 22, etc), or at least
only admit the packets coming from an established connection, so you
never let other machines to initiate connections to non-standard ports
from outside your LAN.

You could also use a sniffer like ethereal to watch the traffic at your
firewall and see what IP addresses are tunneling traffic through
standard or non standard ports, you probably can discern normal traffic
from tunneled traffic with ethereal.


-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]