lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nosp at xades.com (nosp)
Subject: Proxies

On Fri, 2003-10-31 at 17:20, Earl Keyser wrote:
> Besides suspending them, we made one technological change. Outgoing
> ports 8000, 8080, 8888 and 3128 are now blocked at the firewall.
> 
> Can anyone suggest further refinements to reduce this kind of abuse? I
> know some proxies run on port 80, but I'll have to live with that.

Make their IE's autoconfigure to a proxy server you set up, then
disallow all internal --> external HTTP connections bar from your
proxy?  Maybe your cisco cache engine = proxy server in which case,
presumably the problem is you can't prevent them changing their proxy
settings?  You can "encourage" them by preventing internal --> external
HTTP access, I suppose (just based on ports is the crude way).  But if
you don't want to do that you may have to inspect each connection
initiation packet to see if it's HTTP...since it's not hard to spread
the traffic out over any port.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ