LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   blocking hopster and proxifier (http://www.linuxquestions.org/questions/linux-security-4/blocking-hopster-and-proxifier-368027/)

abhi_crusader 09-29-2005 01:00 AM

blocking hopster and proxifier
 
Please help in for blocking hopster and proxifier on my Linux Enterprise 3 AS

Hi Everybody !

My Proxy Works on Linux Enterprise Advance Server 3. I want to block HOPSTER, PROXIFIER, PROXYCAP, HTTP-TUNNEL. How do i block it please suggest me as i am in a need of hurry please.

Krugger 09-30-2005 12:47 PM

I think that is kind of tricky. You need an application firewall of some sort that can understand the HTTP protocol.

Maybe you can limit the user to sending GET,POST and CONTINUE. However if the user uses a https proxy it will be harder as it is encrypted.

Check these:
http://www.balabit.com/products/oss/tproxy/
http://www.balabit.com/products/zorp_gpl/

win32sux 09-30-2005 01:16 PM

i think all of those firewall-bypassers use SSL encryption... hence there's not much Zorp or any application gateway will be able to do - AFAIK - the encryption pretty much denies you the ability to analyze packets at the application level and you will need to do something at a lower level...

having said that, maybe you could create a Zorp rule that says something like "deny any packet that is encrypted"... that way whenever someone tries to establish an encrypted connection through your firewall (on tcp port 80, for example) zorp will knock them down...

of course you'd want to allow people to connect to legit HTTPS sites via TCP port 443 at the very least (for web surfing), so you'd need to come-up with something for that - maybe filter (using iptables) the outgoing TCP/443 traffic to certain external IPs only, or use a Squid ACL to restrict the HTTPS traffic to certain domains only...

anyways, just a thought...



All times are GMT -5. The time now is 08:54 AM.