Solved

Bypassing Proxy logs

Posted on 2001-06-28
10
801 Views
Last Modified: 2013-12-19
Hello all

In our setup we have MS proxy 2.0 and we run Surfcontrol for Monitoring browsing . Some of my users do not get logged. Is there any way one can bypass Surfcontrol monitoring . If yes how can it be done and how to control it.

Ragards
0
Comment
Question by:Shoeb_786
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 9

Expert Comment

by:TTom
ID: 6234881
Sounds to me like something is amiss in your configuration.  You should be able to require users to go through the proxy server in order to get to the net.  On the other hand, MS Proxy has a number of different "gateway" services.  If they are all enabled, it is a matter of finding which one is not passing through Surfcontrol (I know that there is a Socks service.)

I'll be interested in hearing what others have to say.

I haven't played with Proxy Server in a long time, but I remember the multiple services allowing things to escape being logged.

Bottom line is that you need to get into your proxy server and start shutting down services until you find which one the users are using to get out.

Tom
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6235065
If you have the proxy client installed, but your browser is not using the Proxy settings and you are handing out DNS servers through DHCP, you can bypass the logging by using a winsock connection to HTTP instead of a proxy HTTP.
0
 
LVL 9

Expert Comment

by:TTom
ID: 6235246
geoffryn:

Sounds like what I remembered was happening in our case, but DHCP was not involved.  It's still a case of using the winsock connection (with the Proxy client).

If you shut down the winsock service on the Proxy, that should take care of it, no?

Tom
0
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

 
LVL 11

Expert Comment

by:geoffryn
ID: 6235282
Yes, but it will also turn off all other services like telnet, ftp and POP through the proxy.
0
 
LVL 9

Expert Comment

by:TTom
ID: 6235343
That should certainly take care of a lot of potential problems. <G>
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6239119
Are you sure that the Clients are not disabling the Proxy client in the control panel.
Perhaps they are using netscape rather than IE ?

I hope this helps !
0
 

Author Comment

by:Shoeb_786
ID: 6243802
They use Winsock Proxy client . There are many users who use winsock client but they still get logged in Surfcontrol but a few are not ... . Are there any tools or utils that help in bypassing proxy monitoring

0
 
LVL 3

Accepted Solution

by:
DanR earned 50 total points
ID: 6267549
If you have the proxy name or IP address set in the browser (in IE 5, Tools|Options, Connections tab, LAN settings button), then those users cannot use the Web Proxy and will use the WinSock proxy if the proxy client is installed on that machine (and the browser is WinSock-capable, which IE and Netscape are).  Internet filters like Surfcontrol sit on top of the Web Proxy, so WinSock clients bypass them.

So to fix your problem, you have some choices:

1) Make sure the browsers are configured to use the Web Proxy.  Of course, users could always delete that info....

2) As TTom suggested, stop the WinSock Proxy service.  As geoffryn said, you will lose telnet, etc. (Though I seem to remember that the Web Proxy can handle FTP downloads but not uploads.)

3) Uninstall the WinSock client (Contol Panels, Add/Remove Programs) or stop the WinSock client (Control Panels, WSP Client) on the offending workstations.  Then those workstations lose telnet, etc.

But if you just want logs, you don't need a filter; the Web proxy and WinSock proxy both keep logs.  Of course, Surfcontrol probably highlights the naughty sites for you....  Look on the Proxy server in c:\WINNT\System32\msplogs.  Web proxy logs are W3xxxx.log, WinSock are Wsxxxx.log, where xxxx is the date.  If you don't see them, you can set it up in Internet Service Manager by getting the Web and/or WinSock Properties, and going to the logging tab.  You can see a screen shot at http://www.windowsitlibrary.com/Content/405/27/4.html

Maybe you can convince Surfcontrol to look at the Wsxxxx.log files?
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6896701
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> You cannot delete a question with comments, special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click the Help Desk link on the left for Member Guidelines, Member Agreement and the Question/Answer process for further information, if needed.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and keep them all current with updates as the collaboration effort continues, to track all your open and locked questions at this site.  If you are an EE Pro user, use the Power Search option to find them.  Anytime you have questions which are LOCKED with a Proposed Answer but does not serve your needs, please reject it and add comments as to why.  In addition, when you do grade the question, if the grade is less than an A, please add a comment as to why.  This helps all involved, as well as future persons who may access this item in the future to seek help.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20025706.html
http://www.experts-exchange.com/questions/Q.20097915.html
http://www.experts-exchange.com/questions/Q.20142779.html
http://www.experts-exchange.com/questions/Q.20161363.html
http://www.experts-exchange.com/questions/Q.20168061.html
http://www.experts-exchange.com/questions/Q.20172718.html
http://www.experts-exchange.com/questions/Q.20226645.html
http://www.experts-exchange.com/questions/Q.20253981.html
http://www.experts-exchange.com/questions/Q.20253030.html
http://www.experts-exchange.com/questions/Q.20251000.html
http://www.experts-exchange.com/questions/Q.20175479.html




PLEASE DO NOT AWARD THE POINTS TO ME.  
 
------------>  EXPERTS:  Please leave any comments regarding your closing recommendations if this item remains inactive another seven (7) days.  Also, if you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643

Moderators will finalize this question if still open in 7 days, by either moving this to the PAQ (Previously Asked Questions) at zero points, deleting it or awarding expert(s) when recommendations are made, or an independent determination can be made.  Expert input is always appreciated to determine the fair outcome.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange

P.S.  For any year 2000 questions, special attention is needed to ensure the first correct response is awarded, since they are not in the comment date order, but rather in Member ID order.
0
 
LVL 5

Expert Comment

by:Netminder
ID: 6975386
Admin notified of user neglect. Force-accepted by

Netminder
CS Moderator

TTom: points for you at http://www.experts-exchange.com/jsp/qShow.jsp?ta=winntnet&qid=20294647
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question