LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Disable an Internet proxy (https://www.linuxquestions.org/questions/linux-security-4/disable-an-internet-proxy-418978/)

raja1979 02-24-2006 12:28 AM
Disable an Internet proxy
 
hi,

I have a network of 100 computers (includes 98 , 2000 ,xp) & 1 linux server (FC4 ). On the network some 30 computers have internet access and the rest do not have internet access, i have blocked there access through iptables and have droped there packets.
The problem is that i doubt that some persons might have installed proxy server & have given access to the people who should not get access to internet through the proxy .

How can i prevent this without doing anything on the clients PCs . what can i do on the linux server so that i can prevent this .

Thanks

/bin/bash 02-24-2006 04:05 AM
Just a thought.
The 100 computers have to go through some type of switch/router. So if the switch/router is programmable then you could try to block any port traffic except what you would expect in normal everyday use.

raja1979 02-24-2006 08:01 AM
But the request comes from the proxy server , because the PC is accessing the internet through the PRoxy Server . and i cannot block the access to the proxy server because that PC on which proxy server has been installed has been permitted for internet access.

/bin/bash 02-24-2006 11:06 AM
What I was saying is you have 100 PC's and 30 can access internet. The computer which you suspect may be acting as proxy is connected to a switch or router or hub. The computer which is accessing internet through the proxy is also connected to a switch or router or hub. So tell the switch or router (most hubs are dumb and you can not program them) to only allow local traffic which you expect in everyday usage, and block all other port traffic.

So basically you are blocking the traffic between the 2 PC's.

raja1979 02-25-2006 02:23 AM
I have two switches but they are not manageable switches . so i cannot filter using the switch.

/bin/bash 02-26-2006 09:22 AM
Well I don't see any way that you can distinguish if web traffic for Computer A is actually a proxy request from Computer B. To your server it will just look like a normal web request. Sorry I can't help.

<edit>However using something like Ethereal you may be able to locate the computers which are acting as proxy servers. But the only way to stop it will involve accessing the client.

raja1979 02-27-2006 12:00 AM
How can i detect the proxy packets using ethereal

do they add some tag ?????????????

PLs Help

raja1979 02-28-2006 12:33 AM
Any Ideas ?????????????????????/

/bin/bash 03-02-2006 03:45 AM
Just as an example.
If you see Computer B making port 80 requests to Computer A then you would suspect Computer A is acting as proxy for Computer B.


All times are GMT -5. The time now is 12:02 AM.