• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1552
  • Last Modified:

PROXY

I am using ISA server for proxy... i blocked unwanted site for users..But some users using other proxies like ultra surf ,hot shield and etc...So how i can block these proxies..Please send solution ASAP...
0
nisartlaa
Asked:
nisartlaa
  • 8
  • 6
1 Solution
 
khuphucCommented:
Download the list from here : 3rd Party Proxy Sites ( 7KB / 662 Domains & URL's)

import on your blocked unwanted, and repeat some control once a month to control that it's still valid,
0
 
nisartlaaAuthor Commented:
sorry i cant understand ? please explain me,,,which one i want to download and where is import ? am using isa server 2004.
0
 
khuphucCommented:
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
nisartlaaAuthor Commented:
what about  "repeat some control once a month to control that it's still valid" please explain me..where i want to download this on isa server ?
0
 
nisartlaaAuthor Commented:
i downloaded 2 files..this file where i can import on the isa server ?
0
 
khuphucCommented:
OK,

the zip files contain two xml's files, first with one proxydomains url, and the second with proxy url, when you import those xml pre configurate list, you teach your isa server to block the most common service of annonymaze and proxy to your client, but the security and the tricks to surf free are multiple, and maybe service as ultrasurf has now 100 server that offer proxy service, you with those list block all of them, but in a month ultrasurf publish another 3 server, then you blocking become vulnerabile.
the security it's a continuos concept
then i suggest you, to install a Virtual Macchine with the most common Proxy client, annomyzer ecc, services, and once a month, as a part of your security periodical controls, test those client, to verified that you still blocking.

i'm searching something like a online service that offer the updated list of this services, to reach to do a update list frequently, if i found it, i publish to you :)

it's clear? :)
0
 
khuphucCommented:
you can see in this link the proceed to import/export those files
http://www.isaserver.org/articles/2004firewallblocklist.html

0
 
nisartlaaAuthor Commented:
i imported this files and deny this..But still am facing ....some users accessing 3rd party proxys..so please help me...bcos am facing toooo head hack..
0
 
khuphucCommented:
it's and interesting and complex things, we can produce something interesting, about it, intead you can use this link to see this link

www.proxy4free.com

you can found the most updates list of potential proxyes. but you have to accept the risk of it, because is a very particular situation, you have to become the most secure possible blocking the most updated list of proxy available on the web, and understand that at now an simple or automatic method to detect doesn't exist

please read this document to
http://www.sans.edu/resources/student_presentations/detecting_anonymous_proxies_handouts.pdf
0
 
khuphucCommented:
maybe the most practical and functional method to block this, is block all web traffic, and open the sites that your users needed, but this situation slow the users works. and increase you work because the inform you all time something doesn't work. to request the open of it url..

0
 
khuphucCommented:
proposal 1:

use www.proxy4free.com as a updates balcklist, with the proper linux command you can create a linux.txt file updated, it's can be scheduled with a script
Use CURL cmd to copy web page, then GREP, CUT, and SORT to create IP blacklist  Repeat for each page of proxies:
curl http://www.proxy4free.com/page1.html > proxy1.html
grep whois\.cgi\?domain\= proxy1.html | cut -d \= -f 3 | cut -d \" -f 1 | sort | uniq > proxy.txt
• Alter accordingly for different sites and when site alters page formatting.

proposal 2.
Detecting a regular expression of  glype server proxy request
Example Glype URL:
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143

Format:
{hostname}/browse.php?u={obfuscatedURL}&b={identifier}

Regular Expression to Match:
(browse\.php\?u=).+(&b).*

proposal 3
• The format of the proxy server URL can be turned into a Snort IDS rule
• Example rule for a Glype Proxy:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: “GlypeProxy detected”;
pcre:”/(browse\.php\?u=).+(&b).*/I”; classtype:policy-violation; sid:50015;)

regards

what do you think?


0
 
nisartlaaAuthor Commented:
http://www.proxy4free.com/page1.html
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143 

Am from saudi Arabia...This link blocked by ISP...So i cant access this sites.
0
 
nisartlaaAuthor Commented:
i tried  above link,,,all the link is blocked by isp..
0
 
JJ2Commented:
Defining a policy in the local PCs via the enterprise antivirus product installed will help block the installation of exe files from USB flash drives.

Ultrasurf's signature is 140300000101 , and installs by .exe
http://jonsnetwork.com/2009/01/blocking-ultrasurf-with-a-sonicwall-application-firewall/

Blocking the signature in ISA server will help by following the link below:
http://www.isaserver.org/tutorials/Configuring-ISA-Server-2006-HTTP-Filter.html
http://technet.microsoft.com/en-us/library/cc302520.aspx

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now