LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-26-2006, 10:39 AM   #1
sanjay_mishra
LQ Newbie
 
Registered: Jul 2006
Location: Pune, India
Distribution: Suse, Debian
Posts: 4

Rep: Reputation: 0
how can i block a proxy


i am working as a system administrator in an institution. i have blocked many malicious sites. but people are still accessing them using some proxy. how can i overcome this problem.

Last edited by sanjay_mishra; 07-26-2006 at 10:41 AM.
 
Old 07-26-2006, 11:01 AM   #2
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
could you tell us a little more about your setup? how many users? what are you using to block the malicous sites, how do you know they're accessing a remote proxy? If you check your gateway's outgoing logs, you could probably find the ip address of the remote proxy they're using. You could probably then filter the proxy's ip using the same system you use to filter web sites.
 
Old 07-26-2006, 03:43 PM   #3
cachemonet
Member
 
Registered: Jan 2006
Distribution: Various versions of Red Hat Fedora Core and Ubuntu
Posts: 40

Rep: Reputation: 15
If you are using iptabkes as your firewall you can add teh geoip extensions. They block based upon contry code and they have a country code for proxies. Check out patch-o-matic at http://www.netfilter.org/ It is a bit more complicted than that but, if you decide to go this route, I can help a bit more later.
 
Old 07-27-2006, 03:32 AM   #4
sanjay_mishra
LQ Newbie
 
Registered: Jul 2006
Location: Pune, India
Distribution: Suse, Debian
Posts: 4

Original Poster
Rep: Reputation: 0
blocking proxy

Quote:
Originally Posted by msound
could you tell us a little more about your setup? how many users? what are you using to block the malicous sites, how do you know they're accessing a remote proxy? If you check your gateway's outgoing logs, you could probably find the ip address of the remote proxy they're using. You could probably then filter the proxy's ip using the same system you use to filter web sites.
i am using debian distro and squid proxy server.
i blocked sites using the file /etc/squid/sitesBlocked . i can see the ip-addresses of proxies in logfiles, and blocked some also, but anyone can find other proxies by searching on google. how many of them can i block. these sites are thousands in number.

Last edited by sanjay_mishra; 07-27-2006 at 03:34 AM.
 
Old 07-27-2006, 04:28 AM   #5
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
there seems to be no simple answer for this, atleast i haven't found one. you can by default block all sites and then open the good sites one by one but its helluva difficult and impractical. in another way, you can attempt to block all the nasty proxy sites, but how many? your best choice would be to, plug-out the network cable of the defaulters and warn them not to go against the rules else, let the defaulter(s) system be a standalone for sometime till the lesson drives home. That threat works!
 
Old 07-27-2006, 05:12 AM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
you could install dansguardian along with your squid... it comes with a phraselist for proxies...

having said that, the most effective thing would be to whitelist websites, like prozac suggested - if it's possible for you...
 
Old 07-27-2006, 05:33 AM   #7
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
yes i too use dansguardian and sarg...and offcourse you will have to impose the policies on your users..like banning them if found bypassing the filter.
 
Old 07-27-2006, 12:29 PM   #8
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
And of course, you have to look at your motivations and goal in the end. Which 'malicious sites' are people going out of their way to access?

This may be a case for policy, not technology.
 
Old 09-28-2006, 01:09 AM   #9
Farrukh Fida
Member
 
Registered: Jun 2006
Location: Dubai
Distribution: Cent OS
Posts: 34

Rep: Reputation: 15
Quote:
Originally Posted by sanjay_mishra
i am working as a system administrator in an institution. i have blocked many malicious sites. but people are still accessing them using some proxy. how can i overcome this problem.
Here I want to ask that Transparent proxy setting is not working in your scenario
like if 192.168.1.1 is your gateway or proxy and ports are 3128 or 8080 either then

iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 3128 -p TCP -j DROP

iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 8080 -p TCP -j DROP

We must also make sure that nobody will try to cheat and connect to the internet directly (IP-masquerade) to download web pages:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080


Have an easy Life.....

Last edited by Farrukh Fida; 09-28-2006 at 01:11 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to block a proxy from Apache kitek Linux - Security 3 04-24-2006 04:46 AM
block incoming proxy? vicious_pucca Linux - Newbie 5 03-22-2006 07:23 PM
Want to block an ip without proxy shipon_97 Linux - Newbie 2 03-14-2006 04:07 AM
block msn in transparent proxy faraza Linux - Networking 1 01-18-2006 03:45 PM
block access to other proxy servers jymbo Linux - Networking 4 07-06-2004 02:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration