Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a network of 100 computers (includes 98 , 2000 ,xp) & 1 linux server (FC4 ). On the network some 30 computers have internet access and the rest do not have internet access, i have blocked there access through iptables and have droped there packets.
The problem is that i doubt that some persons might have installed proxy server & have given access to the people who should not get access to internet through the proxy .
How can i prevent this without doing anything on the clients PCs . what can i do on the linux server so that i can prevent this .
Just a thought.
The 100 computers have to go through some type of switch/router. So if the switch/router is programmable then you could try to block any port traffic except what you would expect in normal everyday use.
But the request comes from the proxy server , because the PC is accessing the internet through the PRoxy Server . and i cannot block the access to the proxy server because that PC on which proxy server has been installed has been permitted for internet access.
What I was saying is you have 100 PC's and 30 can access internet. The computer which you suspect may be acting as proxy is connected to a switch or router or hub. The computer which is accessing internet through the proxy is also connected to a switch or router or hub. So tell the switch or router (most hubs are dumb and you can not program them) to only allow local traffic which you expect in everyday usage, and block all other port traffic.
So basically you are blocking the traffic between the 2 PC's.
Well I don't see any way that you can distinguish if web traffic for Computer A is actually a proxy request from Computer B. To your server it will just look like a normal web request. Sorry I can't help.
<edit>However using something like Ethereal you may be able to locate the computers which are acting as proxy servers. But the only way to stop it will involve accessing the client.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.