Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Tool to find hidden web proxy server
From: "Burnett, Robert" <burnettr () Fortrex com>
Date: Thu, 2 Sep 2004 15:22:38 -0400

If you span a port on your internal switch (assuming you have an internal switch) and sniff all traffic traveling 
through it, you could ngrep for HTTP CONNECT requests.  This would detect connections to the proxy servers.


Thanks,

Robert Burnett
-----Original Message-----
From: Gary E. Miller [mailto:gem () rellim com]
Sent: Thursday, September 02, 2004 12:34 PM
To: vinay mangal
Cc: Pen
Subject: Re: Tool to find hidden web proxy server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Vinay!

No reason the proxy has to be INSIDE your firewall.  All a user needs is
SSH, OpenVPN, or similar.  Then they can set up an encrypted tunnel
from the local workstation to an external proxy or tunnel gateway.

If the guy setting it up is smart you will have to dig him out the hard
way.  Set up tcpdump or ethereal on your internet gateway.  Do
a capture of ALL the traffic,  then go throught it all, eliminate the
"good" traffic and what is left is the "problem" traffic.

If they are good they can tunnel using DNS/udp or even an IP that is not
TCP, UDP or ICMP.  If they are truly devious they could use Wi-Fi or
Cell Phones to just bypass your firewall completely.

The best way to catch them is to carry a 2x4 and do some MBWA (Management
By Walking Around).   Fire the first guy you catch and the problem will
greatly diminish.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

On Thu, 2 Sep 2004, vinay mangal wrote:

This problem is strictly with in company internet access firewall and in the
LAN only. In a company, policy for Internet access says it is through IP
only. The others can not browse the internet. This policy is implemented on
firewall. Few smart guys have installed free proxy server running on non
default ports and distributed the internet access to their friends. The
firewall sees the traffic coming from the authorized IP and does not stop
them. We want to know who has installed proxy on there machine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBN0uT8KZibdeR3qURAoWvAJ96HjjPr/52Y/YpAkopxw7sBOP+lQCgqJ8l
ZautnaCB4q+WprFinOTY/To=
=wHh+
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault