[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1067623013.7977.9.camel@earth.xades.com>
From: nosp at xades.com (nosp)
Subject: Proxies
On Fri, 2003-10-31 at 17:20, Earl Keyser wrote:
> Besides suspending them, we made one technological change. Outgoing
> ports 8000, 8080, 8888 and 3128 are now blocked at the firewall.
>
> Can anyone suggest further refinements to reduce this kind of abuse? I
> know some proxies run on port 80, but I'll have to live with that.
Make their IE's autoconfigure to a proxy server you set up, then
disallow all internal --> external HTTP connections bar from your
proxy? Maybe your cisco cache engine = proxy server in which case,
presumably the problem is you can't prevent them changing their proxy
settings? You can "encourage" them by preventing internal --> external
HTTP access, I suppose (just based on ports is the crude way). But if
you don't want to do that you may have to inspect each connection
initiation packet to see if it's HTTP...since it's not hard to spread
the traffic out over any port.
Powered by blists - more mailing lists