?
Solved

Our students are using some sort of script to bypass our school proxy servers.

Posted on 2004-11-05
8
Medium Priority
?
9,248 Views
Last Modified: 2010-08-05
Our students are using some sort of script to bypass our school proxy servers.

See it in action at http://www.dxlp.com/

I see that the form data is posting to http://dxlp.com/cgiproxy/nph-proxy.cgi/010110A/x-proxy/start

Anyone know how I can disallow the use of this script from our schools?

Of course, I could block the domain on our proxy and/or on iPrism BUT that won't prevent the kids from simply moving the script to a different domain...

Thanks
drs


0
Comment
Question by:smetterd
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12507316
I'd pick one day in  the week and start to route the traffic for that Domain to a webserver that I controlled.

The page displayed would say something like

"Busted! You have been caught attempting to bypass the school's Proxy Server. The date, time and originating IP have been logged, and you will be tracked down using this information."

I'd also have the web page start playing a LOUD siren-like noise and appropriate accompanying verbiage, like "Step away from the computer! Place your hands on your head and turn around slowly!"

But then I'm a sadistic SOB.
0
 
LVL 2

Author Comment

by:smetterd
ID: 12507507
But that won't prevent them from using an anonymizer on a different domain. Is there a way to block the access to the anonymizer script itself?
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 2000 total points
ID: 12507611
No, it won't, but they won't be doing any surfing until they clean out their underwear. :-)

Instead of blocking on Domain Name, just determine the IP address and null-route that IP address (or range) at your border router(s).
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
LVL 37

Expert Comment

by:bbao
ID: 12508099
if your gateway supports content filtering or at least URL filtering, you can do it by identifying the specific string such as "cgiproxy/nph-proxy.cgi/" in the outgoing web requests. hope it helps, bbao
0
 
LVL 2

Author Comment

by:smetterd
ID: 12509217
tried that bbao, but didn't work for some reason... no biggie...
THanks to all.
0
 

Expert Comment

by:kj52
ID: 12571919
hehehe hey smetterd... you're never gonna stop us... we the proud students of stisd will never prevail!!! it's more then just blocking the domain i have more than 10 proxies set up already... plus there's more then one proxy script out there you know...
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12572114
Careful, kj52..... pride goeth before a fall.

And bragging is about the stupidest thing a cracker can do.....
0
 

Expert Comment

by:kj52
ID: 12573800
No no, see it was'nt me though.... plus i've never used dxlp either... they only use it to play games which I find kindda childish... but still just like i said above... they only way to be sucessful is to have a hit list counter and view it every week then go and check the top ones for anything bad.  I have nothing against our library admin... I don't even know him. but I kindda have a issue with athority and when some one tries to take my power away from me i'll try anything posible to get it back.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question