Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-26-2006, 10:39 AM
|
#1
|
LQ Newbie
Registered: Jul 2006
Location: Pune, India
Distribution: Suse, Debian
Posts: 4
Rep:
|
how can i block a proxy
i am working as a system administrator in an institution. i have blocked many malicious sites. but people are still accessing them using some proxy. how can i overcome this problem.
Last edited by sanjay_mishra; 07-26-2006 at 10:41 AM.
|
|
|
07-26-2006, 11:01 AM
|
#2
|
Member
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465
Rep:
|
could you tell us a little more about your setup? how many users? what are you using to block the malicous sites, how do you know they're accessing a remote proxy? If you check your gateway's outgoing logs, you could probably find the ip address of the remote proxy they're using. You could probably then filter the proxy's ip using the same system you use to filter web sites.
|
|
|
07-26-2006, 03:43 PM
|
#3
|
Member
Registered: Jan 2006
Distribution: Various versions of Red Hat Fedora Core and Ubuntu
Posts: 40
Rep:
|
If you are using iptabkes as your firewall you can add teh geoip extensions. They block based upon contry code and they have a country code for proxies. Check out patch-o-matic at http://www.netfilter.org/ It is a bit more complicted than that but, if you decide to go this route, I can help a bit more later.
|
|
|
07-27-2006, 03:32 AM
|
#4
|
LQ Newbie
Registered: Jul 2006
Location: Pune, India
Distribution: Suse, Debian
Posts: 4
Original Poster
Rep:
|
blocking proxy
Quote:
Originally Posted by msound
could you tell us a little more about your setup? how many users? what are you using to block the malicous sites, how do you know they're accessing a remote proxy? If you check your gateway's outgoing logs, you could probably find the ip address of the remote proxy they're using. You could probably then filter the proxy's ip using the same system you use to filter web sites.
|
i am using debian distro and squid proxy server.
i blocked sites using the file /etc/squid/sitesBlocked . i can see the ip-addresses of proxies in logfiles, and blocked some also, but anyone can find other proxies by searching on google. how many of them can i block. these sites are thousands in number.
Last edited by sanjay_mishra; 07-27-2006 at 03:34 AM.
|
|
|
07-27-2006, 04:28 AM
|
#5
|
Member
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753
Rep:
|
there seems to be no simple answer for this, atleast i haven't found one. you can by default block all sites and then open the good sites one by one but its helluva difficult and impractical. in another way, you can attempt to block all the nasty proxy sites, but how many? your best choice would be to, plug-out the network cable of the defaulters and warn them not to go against the rules else, let the defaulter(s) system be a standalone for sometime till the lesson drives home. That threat works!
|
|
|
07-27-2006, 05:12 AM
|
#6
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
you could install dansguardian along with your squid... it comes with a phraselist for proxies...
having said that, the most effective thing would be to whitelist websites, like prozac suggested - if it's possible for you...
|
|
|
07-27-2006, 05:33 AM
|
#7
|
Member
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227
Rep:
|
yes i too use dansguardian and sarg...and offcourse you will have to impose the policies on your users..like banning them if found bypassing the filter.
|
|
|
07-27-2006, 12:29 PM
|
#8
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
And of course, you have to look at your motivations and goal in the end. Which 'malicious sites' are people going out of their way to access?
This may be a case for policy, not technology.
|
|
|
09-28-2006, 01:09 AM
|
#9
|
Member
Registered: Jun 2006
Location: Dubai
Distribution: Cent OS
Posts: 34
Rep:
|
Quote:
Originally Posted by sanjay_mishra
i am working as a system administrator in an institution. i have blocked many malicious sites. but people are still accessing them using some proxy. how can i overcome this problem.
|
Here I want to ask that Transparent proxy setting is not working in your scenario
like if 192.168.1.1 is your gateway or proxy and ports are 3128 or 8080 either then
iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 3128 -p TCP -j DROP
iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 8080 -p TCP -j DROP
We must also make sure that nobody will try to cheat and connect to the internet directly (IP-masquerade) to download web pages:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Have an easy Life.....
Last edited by Farrukh Fida; 09-28-2006 at 01:11 AM.
|
|
|
All times are GMT -5. The time now is 10:07 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|