Quote:
Originally Posted by sulekha
so how can a sys admin remotely detect if a particular user is bypassing proxy settings using SOCKS 5 protocol ?
|
Missing Forward / Via headers? The source address not being what he is expecting? Remote ephemeral port usage (/proc/sys/net/ipv4/ip_local_port_range) not matching that of a heavily used server (vs regular workstation use)? Also please note (help with) circumventing network policies and restrictions isn't a valid topic on LQ.