Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PROXY

Posted on 2010-11-24
15
1,517 Views
Last Modified: 2012-05-10
I am using ISA server for proxy... i blocked unwanted site for users..But some users using other proxies like ultra surf ,hot shield and etc...So how i can block these proxies..Please send solution ASAP...
0
Comment
Question by:nisartlaa
  • 8
  • 6
15 Comments
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204573
Download the list from here : 3rd Party Proxy Sites ( 7KB / 662 Domains & URL's)

import on your blocked unwanted, and repeat some control once a month to control that it's still valid,
0
 

Author Comment

by:nisartlaa
ID: 34204597
sorry i cant understand ? please explain me,,,which one i want to download and where is import ? am using isa server 2004.
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204604
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 

Author Comment

by:nisartlaa
ID: 34204622
what about  "repeat some control once a month to control that it's still valid" please explain me..where i want to download this on isa server ?
0
 

Author Comment

by:nisartlaa
ID: 34204648
i downloaded 2 files..this file where i can import on the isa server ?
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204682
OK,

the zip files contain two xml's files, first with one proxydomains url, and the second with proxy url, when you import those xml pre configurate list, you teach your isa server to block the most common service of annonymaze and proxy to your client, but the security and the tricks to surf free are multiple, and maybe service as ultrasurf has now 100 server that offer proxy service, you with those list block all of them, but in a month ultrasurf publish another 3 server, then you blocking become vulnerabile.
the security it's a continuos concept
then i suggest you, to install a Virtual Macchine with the most common Proxy client, annomyzer ecc, services, and once a month, as a part of your security periodical controls, test those client, to verified that you still blocking.

i'm searching something like a online service that offer the updated list of this services, to reach to do a update list frequently, if i found it, i publish to you :)

it's clear? :)
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204694
you can see in this link the proceed to import/export those files
http://www.isaserver.org/articles/2004firewallblocklist.html

0
 

Author Comment

by:nisartlaa
ID: 34205015
i imported this files and deny this..But still am facing ....some users accessing 3rd party proxys..so please help me...bcos am facing toooo head hack..
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205287
it's and interesting and complex things, we can produce something interesting, about it, intead you can use this link to see this link

www.proxy4free.com

you can found the most updates list of potential proxyes. but you have to accept the risk of it, because is a very particular situation, you have to become the most secure possible blocking the most updated list of proxy available on the web, and understand that at now an simple or automatic method to detect doesn't exist

please read this document to
http://www.sans.edu/resources/student_presentations/detecting_anonymous_proxies_handouts.pdf
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205303
maybe the most practical and functional method to block this, is block all web traffic, and open the sites that your users needed, but this situation slow the users works. and increase you work because the inform you all time something doesn't work. to request the open of it url..

0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205398
proposal 1:

use www.proxy4free.com as a updates balcklist, with the proper linux command you can create a linux.txt file updated, it's can be scheduled with a script
Use CURL cmd to copy web page, then GREP, CUT, and SORT to create IP blacklist  Repeat for each page of proxies:
curl http://www.proxy4free.com/page1.html > proxy1.html
grep whois\.cgi\?domain\= proxy1.html | cut -d \= -f 3 | cut -d \" -f 1 | sort | uniq > proxy.txt
• Alter accordingly for different sites and when site alters page formatting.

proposal 2.
Detecting a regular expression of  glype server proxy request
Example Glype URL:
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143

Format:
{hostname}/browse.php?u={obfuscatedURL}&b={identifier}

Regular Expression to Match:
(browse\.php\?u=).+(&b).*

proposal 3
• The format of the proxy server URL can be turned into a Snort IDS rule
• Example rule for a Glype Proxy:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: “GlypeProxy detected”;
pcre:”/(browse\.php\?u=).+(&b).*/I”; classtype:policy-violation; sid:50015;)

regards

what do you think?


0
 

Author Comment

by:nisartlaa
ID: 34208604
http://www.proxy4free.com/page1.html
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143 

Am from saudi Arabia...This link blocked by ISP...So i cant access this sites.
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34209000
0
 

Author Comment

by:nisartlaa
ID: 34213837
i tried  above link,,,all the link is blocked by isp..
0
 
LVL 7

Accepted Solution

by:
JJ2 earned 500 total points
ID: 34280751
Defining a policy in the local PCs via the enterprise antivirus product installed will help block the installation of exe files from USB flash drives.

Ultrasurf's signature is 140300000101 , and installs by .exe
http://jonsnetwork.com/2009/01/blocking-ultrasurf-with-a-sonicwall-application-firewall/

Blocking the signature in ISA server will help by following the link below:
http://www.isaserver.org/tutorials/Configuring-ISA-Server-2006-HTTP-Filter.html
http://technet.microsoft.com/en-us/library/cc302520.aspx

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to open a YouTube Video 4 330
ISA 2006 Server question 3 510
TMG Proxy issues 1 549
ActiveSync issues 16 151
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question