nisartlaa
asked on
PROXY
I am using ISA server for proxy... i blocked unwanted site for users..But some users using other proxies like ultra surf ,hot shield and etc...So how i can block these proxies..Please send solution ASAP...
ASKER
sorry i cant understand ? please explain me,,,which one i want to download and where is import ? am using isa server 2004.
ASKER
what about "repeat some control once a month to control that it's still valid" please explain me..where i want to download this on isa server ?
ASKER
i downloaded 2 files..this file where i can import on the isa server ?
OK,
the zip files contain two xml's files, first with one proxydomains url, and the second with proxy url, when you import those xml pre configurate list, you teach your isa server to block the most common service of annonymaze and proxy to your client, but the security and the tricks to surf free are multiple, and maybe service as ultrasurf has now 100 server that offer proxy service, you with those list block all of them, but in a month ultrasurf publish another 3 server, then you blocking become vulnerabile.
the security it's a continuos concept
then i suggest you, to install a Virtual Macchine with the most common Proxy client, annomyzer ecc, services, and once a month, as a part of your security periodical controls, test those client, to verified that you still blocking.
i'm searching something like a online service that offer the updated list of this services, to reach to do a update list frequently, if i found it, i publish to you :)
it's clear? :)
the zip files contain two xml's files, first with one proxydomains url, and the second with proxy url, when you import those xml pre configurate list, you teach your isa server to block the most common service of annonymaze and proxy to your client, but the security and the tricks to surf free are multiple, and maybe service as ultrasurf has now 100 server that offer proxy service, you with those list block all of them, but in a month ultrasurf publish another 3 server, then you blocking become vulnerabile.
the security it's a continuos concept
then i suggest you, to install a Virtual Macchine with the most common Proxy client, annomyzer ecc, services, and once a month, as a part of your security periodical controls, test those client, to verified that you still blocking.
i'm searching something like a online service that offer the updated list of this services, to reach to do a update list frequently, if i found it, i publish to you :)
it's clear? :)
you can see in this link the proceed to import/export those files
http://www.isaserver.org/articles/2004firewallblocklist.html
http://www.isaserver.org/articles/2004firewallblocklist.html
ASKER
i imported this files and deny this..But still am facing ....some users accessing 3rd party proxys..so please help me...bcos am facing toooo head hack..
it's and interesting and complex things, we can produce something interesting, about it, intead you can use this link to see this link
www.proxy4free.com
you can found the most updates list of potential proxyes. but you have to accept the risk of it, because is a very particular situation, you have to become the most secure possible blocking the most updated list of proxy available on the web, and understand that at now an simple or automatic method to detect doesn't exist
please read this document to
http://www.sans.edu/resources/student_presentations/detecting_anonymous_proxies_handouts.pdf
www.proxy4free.com
you can found the most updates list of potential proxyes. but you have to accept the risk of it, because is a very particular situation, you have to become the most secure possible blocking the most updated list of proxy available on the web, and understand that at now an simple or automatic method to detect doesn't exist
please read this document to
http://www.sans.edu/resources/student_presentations/detecting_anonymous_proxies_handouts.pdf
maybe the most practical and functional method to block this, is block all web traffic, and open the sites that your users needed, but this situation slow the users works. and increase you work because the inform you all time something doesn't work. to request the open of it url..
proposal 1:
use www.proxy4free.com as a updates balcklist, with the proper linux command you can create a linux.txt file updated, it's can be scheduled with a script
Use CURL cmd to copy web page, then GREP, CUT, and SORT to create IP blacklist Repeat for each page of proxies:
curl http://www.proxy4free.com/page1.html > proxy1.html
grep whois\.cgi\?domain\= proxy1.html | cut -d \= -f 3 | cut -d \" -f 1 | sort | uniq > proxy.txt
• Alter accordingly for different sites and when site alters page formatting.
proposal 2.
Detecting a regular expression of glype server proxy request
Example Glype URL:
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143
Format:
{hostname}/browse.php?u={o
Regular Expression to Match:
(browse\.php\?u=).+(&b).*
proposal 3
• The format of the proxy server URL can be turned into a Snort IDS rule
• Example rule for a Glype Proxy:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: “GlypeProxy detected”;
pcre:”/(browse\.php\?u=).+
regards
what do you think?
use www.proxy4free.com as a updates balcklist, with the proper linux command you can create a linux.txt file updated, it's can be scheduled with a script
Use CURL cmd to copy web page, then GREP, CUT, and SORT to create IP blacklist Repeat for each page of proxies:
curl http://www.proxy4free.com/page1.html > proxy1.html
grep whois\.cgi\?domain\= proxy1.html | cut -d \= -f 3 | cut -d \" -f 1 | sort | uniq > proxy.txt
• Alter accordingly for different sites and when site alters page formatting.
proposal 2.
Detecting a regular expression of glype server proxy request
Example Glype URL:
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143
Format:
{hostname}/browse.php?u={o
Regular Expression to Match:
(browse\.php\?u=).+(&b).*
proposal 3
• The format of the proxy server URL can be turned into a Snort IDS rule
• Example rule for a Glype Proxy:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: “GlypeProxy detected”;
pcre:”/(browse\.php\?u=).+
regards
what do you think?
ASKER
http://www.proxy4free.com/page1.html >
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143
Am from saudi Arabia...This link blocked by ISP...So i cant access this sites.
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143
Am from saudi Arabia...This link blocked by ISP...So i cant access this sites.
it's bizarre,
you can use a proxy to reach them.
:(
someone of this site maybe can help you
http://www.google.it/search?client=safari&rls=en&q=proxy4free&ie=UTF-8&oe=UTF-8&redir_esc=&ei=g3_tTL68F4vwsgaBz-iZDw#hl=it&client=safari&rls=en&q=related:www.proxy4free.com/+proxy4free&tbo=1&sa=X&ei=g3_tTNOwI471sgbXvdWXDw&ved=0CB8QHzAA&fp=b981a49becbda3dc
let's me know
you can use a proxy to reach them.
:(
someone of this site maybe can help you
http://www.google.it/search?client=safari&rls=en&q=proxy4free&ie=UTF-8&oe=UTF-8&redir_esc=&ei=g3_tTL68F4vwsgaBz-iZDw#hl=it&client=safari&rls=en&q=related:www.proxy4free.com/+proxy4free&tbo=1&sa=X&ei=g3_tTNOwI471sgbXvdWXDw&ved=0CB8QHzAA&fp=b981a49becbda3dc
let's me know
ASKER
i tried above link,,,all the link is blocked by isp..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
import on your blocked unwanted, and repeat some control once a month to control that it's still valid,