?
Solved

Windows 2003 Server a Proxy without me knowing how

Posted on 2008-06-18
4
Medium Priority
?
219 Views
Last Modified: 2013-12-23
I ran nessus and it found the following vulnerability:
Synopsis: The proxy allows the users to perform CONNECT requests like CONNECT http://cvs.nessus.org:23/

This request give to the person who make it the ability
to have an interactive session.
This problem may allow attackers to go through your
firewall, by connecting to sensitive ports like 23 (telnet)
using your proxy, or it can allow internal users to bypass the firewall
rules and connect to ports they should not be allowed to.

Solution reconfigure your proxy so that it refuses CONNECT requests.

Risk Factor : High

How can I make the configuration shange suggestted in the solution or all together turn off this proxy?
0
Comment
Question by:LanceJohnson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 21827311
humm.... do you have Telnet service enabled on your W2K3 box?

just run NET START to see if TELNET is there.
0
 

Author Comment

by:LanceJohnson
ID: 21842689
I will check on Monday
0
 

Author Comment

by:LanceJohnson
ID: 21965689
Telnet service is enabled
0
 
LVL 37

Accepted Solution

by:
bbao earned 1500 total points
ID: 21971193
that's why you could get this kind of warnings?

if you don't need TELNET, just remove this service from Control Panel | Installed Programs.

hope it helps,
bbao
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question