LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-29-2005, 02:00 AM   #1
abhi_crusader
LQ Newbie
 
Registered: Sep 2005
Posts: 5

Rep: Reputation: 0
blocking hopster and proxifier


Please help in for blocking hopster and proxifier on my Linux Enterprise 3 AS

Hi Everybody !

My Proxy Works on Linux Enterprise Advance Server 3. I want to block HOPSTER, PROXIFIER, PROXYCAP, HTTP-TUNNEL. How do i block it please suggest me as i am in a need of hurry please.
 
Old 09-30-2005, 01:47 PM   #2
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
I think that is kind of tricky. You need an application firewall of some sort that can understand the HTTP protocol.

Maybe you can limit the user to sending GET,POST and CONTINUE. However if the user uses a https proxy it will be harder as it is encrypted.

Check these:
http://www.balabit.com/products/oss/tproxy/
http://www.balabit.com/products/zorp_gpl/
 
Old 09-30-2005, 02:16 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
i think all of those firewall-bypassers use SSL encryption... hence there's not much Zorp or any application gateway will be able to do - AFAIK - the encryption pretty much denies you the ability to analyze packets at the application level and you will need to do something at a lower level...

having said that, maybe you could create a Zorp rule that says something like "deny any packet that is encrypted"... that way whenever someone tries to establish an encrypted connection through your firewall (on tcp port 80, for example) zorp will knock them down...

of course you'd want to allow people to connect to legit HTTPS sites via TCP port 443 at the very least (for web surfing), so you'd need to come-up with something for that - maybe filter (using iptables) the outgoing TCP/443 traffic to certain external IPs only, or use a Squid ACL to restrict the HTTPS traffic to certain domains only...

anyways, just a thought...


Last edited by win32sux; 09-30-2005 at 03:46 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Please help in for blocking hopster and proxifier on my Linux Enterprise 3 AS abhi_crusader Linux - Security 1 09-24-2005 03:55 PM
Hopster menace ppuru Linux - Security 7 12-13-2004 09:25 PM
IP Blocking Help mortsahl Linux - Security 2 04-26-2004 09:29 AM
Blocking porn shea1roh Linux - Software 0 08-14-2003 09:11 PM
IP blocking merlin371 Linux - Networking 2 08-04-2003 11:42 AM


All times are GMT -5. The time now is 11:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration