Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

microsoft proxy server v2.0

Posted on 2002-05-27
6
Medium Priority
?
603 Views
Last Modified: 2012-06-27
I use MS proxy server and it works fine. I know how to block sites using our firewall. But the socks proxy is more complicated. users access sites note through http but through tcp or udp ports. How can i find out which ports they are using so i can block these using my firewall.

thanks

sed
0
Comment
Question by:sedatriza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7038762
Set up full logging on your firewall so you can get an idea of what's going through, then after about a week or so tighten things down, advise your users there's a new firewall and start letting only specific ports through.
Usually you'd let out ports 80 http, 443 https, 53 DNS, 25 SMTP, and let NOTHING in (unless you have internal servers, in which case identify the protocols they use and allow these through)
0
 

Author Comment

by:sedatriza
ID: 7038775
thanks for that.
error in my original question it's winsock and not socks

i can see user activity in the winsock windows and can see these entries in the log files. But it does not tell me which port they are using. I could tighten things down and gradually release them. it would be handy to know what ports are being used.

thanks

sed
0
 

Accepted Solution

by:
buyer earned 600 total points
ID: 7039041
All that should be in the log files. Goto http://rr.sans.org/incident/proxy.php
for descriptions on the logs and whats in them.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:buyer
ID: 7039056
Oh yeah, if you are looking for the source port then MS Proxy doesnt log that (At least Im 95% sure that it doesnt).
0
 
LVL 13

Expert Comment

by:hstiles
ID: 7118032
Users will access sites through ports. HTTP uses TCP port 80, SMTP TCP port 25, DNS lookups UDP port 53, etc...

Blocking websites through MS Proxy would be quite a time consuming task.  Also, I believe you'd have to use the Proxy server as a firewall (i.e. have a direct connection to the net).  If you do have a reasonable firewall in place, it'd be easier to restrict access using Global groups.

i.e. create groups called Web granted (ports 80 and 443 - HTTP and HTTPS), FTP granted (port 21), etc... and place users in these groups to allow them access.  Then modify your fireweall to allow the Proxy server outbound access to these service rather than individual machines.

This is a good way of bolting down internet access with minimal admin overhead.  If a user requires, say, FTP access, simply place them in the relevant group.

If you want to block specific sites, I would look into a specific content filtering solution - some can be quite cheap if all you require is a URL database.  It'll also save you a lot of work maintaining a list of blocked sites, especially as a lot of these questionable sites constantly change their DNS to get around filtering packages.
0
 

Expert Comment

by:SpideyMod
ID: 8623940
Administrative Action - Force Accepted.

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question