From: Balaji Prasad (bp1974@comcast.net)
Date: Thu Sep 02 2004 - 01:10:21 EDT
Vinay:
Couple of options for you ... based on the size and connectivity of your
network:
Option 1. (Requires no change to FW policy)
1. If your LAN is hub based, the skip to step 3. If there is a central
switch go to step 2.
2. Most high-end switches have an option for port mirroring. If yours
has one, then connect a linux box with tcpdump/ethereal/ntop to the
mirrored port.
3. If you are using ntop or any other network packet monitoring tool,
you will notice one or more systems originating a disproportionately
higher volume of http traffic. Those are your rogue proxy servers
Option 2.(Small change to FW policy)
Install a policy that does the following:
a. Your default policy will be to block all traffic out of your network.
b. Prohibits all traffic to destination:port80 or destination:port443 if
not originating from your proxy server.
c. You will need to punch holes in your FW one by one to allow all
authorized services (SMTP,IMAP,DNS etc.)
This way you will end up with a more secure installation in general.
Balaji
On Thu, 2 Sep 2004 09:06:44 +0530, vinay mangal <vinay.mangal@eil.co.in>
wrote:
> Dear all,
>
> Thanks for your suggestions. May be I am not able to define my question
> properly.
>
> This problem is strictly with in company internet access firewall and in
> the
> LAN only. In a company, policy for Internet access says it is through IP
> only. The others can not browse the internet. This policy is implemented
> on
> firewall. Few smart guys have installed free proxy server running on non
> default ports and distributed the internet access to their friends. The
> firewall sees the traffic coming from the authorized IP and does not stop
> them. We want to know who has installed proxy on there machine.
>
> I hope, I am able to clearly define my question. Thanks
>
>
> vinay
>
>
> ----- Original Message -----
> From: "wnorth" <wnorth@verizon.net>
> To: "'vinay mangal'" <vinay.mangal@eil.co.in>; "'Pen'"
> <pen-test@securityfocus.com>
> Sent: Wednesday, September 01, 2004 11:41 PM
> Subject: RE: Tool to find hidden web proxy server
>
>
>> I'm not sure of a tool, but simply scanning your network for TCP/8080 or
>> TCP/80 or TCP/8000 may give you the results you are looking for. Simple
> NMAP
>> would work.
>>
>> -Wes
>>
>> -----Original Message-----
>> From: vinay mangal [mailto:vinay.mangal@eil.co.in]
>> Sent: Wednesday, September 01, 2004 4:27 AM
>> To: Pen
>> Subject: Tool to find hidden web proxy server
>>
>> Dear all,
>>
>> I am looking for a tool to find the hidden web proxy server in my local
>> network.
>>
>> Any hint will be useful.
>>
>> with regards
>> Vinay
>>
>>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking
> course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:03 EDT