RE: Tool to find hidden web proxy server

From: Wozny, Scott (US - New York) (swozny@deloitte.com)
Date: Wed Sep 08 2004 - 16:19:30 EDT

• Next message: Jose Maria Lopez: "Re: Patch management tool"
• Previous message: Nicolas Montoza: "Re: Achilles proxy for linux"
• Maybe in reply to: vinay mangal: "Tool to find hidden web proxy server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To point 1, a router wouldn't change the SIP of the packet so the only reason a router would show up in an outbound web 'top talker' list is if it was proxying outbound connections using it's 'approved' IP (more accurately NATing rather than proxying but with the same effect of unauthorized IPs getting web access). In this case this is exactly what the original poster is looking for. I think it's one of the better options to find LIKELY proxy servers or NAT devices without the ability to look at the process table on every device on your network. It is, however, by no means foolproof. Likely you'll catch the most grievous offenders (dozens or hundreds of users on the same proxy) but those giving out access to only a couple of people probably won't pop to the top of your list.

Scott

-----Original Message-----
From: Jose Maria Lopez [mailto:jkerouac@bgsec.com]
Sent: Friday, September 03, 2004 6:13 PM
To: pen-test@securityfocus.com
Subject: RE: Tool to find hidden web proxy server

El vie, 03 de 09 de 2004 a las 10:32, Singh, Yashpal escribió:
> 1. I think, you monitor the network traffic and see which authorized machines are generating the most of the traffic. And hen you can conclude who is running the proxy server on their machines.
>

That could be perfectly a router to other network, and maybe you can't
see behind that device.

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Jose Maria Lopez: "Re: Patch management tool"
• Previous message: Nicolas Montoza: "Re: Achilles proxy for linux"
• Maybe in reply to: vinay mangal: "Tool to find hidden web proxy server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:04 EDT