LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-28-2005, 03:22 AM   #1
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
some bypass my firewall!


hello
i recently joined up the sysdept in my workplace. firewall here uses a mix of squid and iptables to block/accept certain kind of traffics and/or give access to some user to access certain sites or use messengers. i have found out an interesting thing going on here but. some users with no priveleges to access hotmail and msn msgr are still using it and i have no clue as to how they are doing this. we have blocked the dport of restricted sites for all the users except some and they shouldn't have access to them. still i can't figure it out. can somebody guide me as to how they are doing it and what can i do to block them permanently? the reason for blocking such sites are unknown to me so only the management knows.
 
Old 10-28-2005, 05:54 AM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,174
Blog Entries: 4

Rep: Reputation: 428Reputation: 428Reputation: 428Reputation: 428Reputation: 428
Could they be using their own proxy servers? An anonymizer? You need to look at their traffic logs.

Slightly harsh but you could just boot them from the network for irregular use and make them tell you what they did when they come to complain. If they signed an agreement to not bypass security restrictions and they are doing that, you have every right to boot them.
 
Old 10-28-2005, 07:34 AM   #3
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Hi

Does using a tunnel in http violates the policy?
What should a policy mention to forbid this?
I have lots of friends that do this in my company and I'm really wondering..

Talk before booting maybe .. If this reappears, boot
 
Old 10-29-2005, 07:22 AM   #4
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
They must be using something like this:

https://www.proxyweb.net
www.zensur.freerk.com
http://www.peacefire.org/bypass/Proxy/akamai.html


Why not use SquidGuard or DANS guardian

Last edited by ~=gr3p=~; 10-29-2005 at 07:26 AM.
 
Old 10-30-2005, 01:45 AM   #5
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Original Poster
Rep: Reputation: 32
i think this is it. i am checking my access.log files for any occurences of the sites that i have collected through visiting sites provided by gr3p. i will write back if i find something interesting...
 
Old 10-30-2005, 10:17 PM   #6
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Original Poster
Rep: Reputation: 32
i found out an unusual site -unipeak.com which provides webproxy service to anomously surf the web. there are hundreds of similar sites in the web like proxyweb.net,rajorthought.com etc.. that provide this kind of service. anyway i got to the core of it. thanx everybody.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
security bypass fid def Linux - Newbie 16 08-24-2005 09:28 AM
Can route through bypass firewall? Randomandy Linux - Networking 1 08-15-2005 08:33 PM
How do I bypass GRUB? minrich Suse/Novell 4 06-06-2005 07:28 PM
Bypass proxy hotplainrice Linux - Networking 1 02-26-2005 06:13 AM
How can I bypass certain permissions? jnassiri Mandriva 8 08-14-2004 06:40 PM


All times are GMT -5. The time now is 05:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration