Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-24-2006, 12:28 AM
|
#1
|
|
LQ Newbie
Registered: Dec 2005
Posts: 15
Rep: 
|
Disable an Internet proxy
hi,
I have a network of 100 computers (includes 98 , 2000 ,xp) & 1 linux server (FC4 ). On the network some 30 computers have internet access and the rest do not have internet access, i have blocked there access through iptables and have droped there packets.
The problem is that i doubt that some persons might have installed proxy server & have given access to the people who should not get access to internet through the proxy .
How can i prevent this without doing anything on the clients PCs . what can i do on the linux server so that i can prevent this .
Thanks
|
|
|
|
|
02-24-2006, 04:05 AM
|
#2
|
|
Senior Member
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802
Rep: 
|
Just a thought.
The 100 computers have to go through some type of switch/router. So if the switch/router is programmable then you could try to block any port traffic except what you would expect in normal everyday use.
|
|
|
|
|
02-24-2006, 08:01 AM
|
#3
|
|
LQ Newbie
Registered: Dec 2005
Posts: 15
Original Poster
Rep:
|
But the request comes from the proxy server , because the PC is accessing the internet through the PRoxy Server . and i cannot block the access to the proxy server because that PC on which proxy server has been installed has been permitted for internet access.
|
|
|
|
|
02-24-2006, 11:06 AM
|
#4
|
|
Senior Member
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802
Rep:
|
What I was saying is you have 100 PC's and 30 can access internet. The computer which you suspect may be acting as proxy is connected to a switch or router or hub. The computer which is accessing internet through the proxy is also connected to a switch or router or hub. So tell the switch or router (most hubs are dumb and you can not program them) to only allow local traffic which you expect in everyday usage, and block all other port traffic.
So basically you are blocking the traffic between the 2 PC's.
|
|
|
|
|
02-25-2006, 02:23 AM
|
#5
|
|
LQ Newbie
Registered: Dec 2005
Posts: 15
Original Poster
Rep:
|
I have two switches but they are not manageable switches . so i cannot filter using the switch.
|
|
|
|
|
02-26-2006, 09:22 AM
|
#6
|
|
Senior Member
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802
Rep:
|
Well I don't see any way that you can distinguish if web traffic for Computer A is actually a proxy request from Computer B. To your server it will just look like a normal web request. Sorry I can't help.
<edit>However using something like Ethereal you may be able to locate the computers which are acting as proxy servers. But the only way to stop it will involve accessing the client.
Last edited by /bin/bash; 02-26-2006 at 09:25 AM.
|
|
|
|
|
02-27-2006, 12:00 AM
|
#7
|
|
LQ Newbie
Registered: Dec 2005
Posts: 15
Original Poster
Rep:
|
How can i detect the proxy packets using ethereal
do they add some tag ?????????????
PLs Help
|
|
|
|
|
02-28-2006, 12:33 AM
|
#8
|
|
LQ Newbie
Registered: Dec 2005
Posts: 15
Original Poster
Rep:
|
Any Ideas ?????????????????????/
|
|
|
|
|
03-02-2006, 03:45 AM
|
#9
|
|
Senior Member
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802
Rep:
|
Just as an example.
If you see Computer B making port 80 requests to Computer A then you would suspect Computer A is acting as proxy for Computer B.
|
|
|
|
All times are GMT -5. The time now is 05:00 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
