Solved

PROXY

Posted on 2010-11-24
15
1,512 Views
Last Modified: 2012-05-10
I am using ISA server for proxy... i blocked unwanted site for users..But some users using other proxies like ultra surf ,hot shield and etc...So how i can block these proxies..Please send solution ASAP...
0
Comment
Question by:nisartlaa
  • 8
  • 6
15 Comments
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204573
Download the list from here : 3rd Party Proxy Sites ( 7KB / 662 Domains & URL's)

import on your blocked unwanted, and repeat some control once a month to control that it's still valid,
0
 

Author Comment

by:nisartlaa
ID: 34204597
sorry i cant understand ? please explain me,,,which one i want to download and where is import ? am using isa server 2004.
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204604
0
ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

 

Author Comment

by:nisartlaa
ID: 34204622
what about  "repeat some control once a month to control that it's still valid" please explain me..where i want to download this on isa server ?
0
 

Author Comment

by:nisartlaa
ID: 34204648
i downloaded 2 files..this file where i can import on the isa server ?
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204682
OK,

the zip files contain two xml's files, first with one proxydomains url, and the second with proxy url, when you import those xml pre configurate list, you teach your isa server to block the most common service of annonymaze and proxy to your client, but the security and the tricks to surf free are multiple, and maybe service as ultrasurf has now 100 server that offer proxy service, you with those list block all of them, but in a month ultrasurf publish another 3 server, then you blocking become vulnerabile.
the security it's a continuos concept
then i suggest you, to install a Virtual Macchine with the most common Proxy client, annomyzer ecc, services, and once a month, as a part of your security periodical controls, test those client, to verified that you still blocking.

i'm searching something like a online service that offer the updated list of this services, to reach to do a update list frequently, if i found it, i publish to you :)

it's clear? :)
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204694
you can see in this link the proceed to import/export those files
http://www.isaserver.org/articles/2004firewallblocklist.html

0
 

Author Comment

by:nisartlaa
ID: 34205015
i imported this files and deny this..But still am facing ....some users accessing 3rd party proxys..so please help me...bcos am facing toooo head hack..
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205287
it's and interesting and complex things, we can produce something interesting, about it, intead you can use this link to see this link

www.proxy4free.com

you can found the most updates list of potential proxyes. but you have to accept the risk of it, because is a very particular situation, you have to become the most secure possible blocking the most updated list of proxy available on the web, and understand that at now an simple or automatic method to detect doesn't exist

please read this document to
http://www.sans.edu/resources/student_presentations/detecting_anonymous_proxies_handouts.pdf
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205303
maybe the most practical and functional method to block this, is block all web traffic, and open the sites that your users needed, but this situation slow the users works. and increase you work because the inform you all time something doesn't work. to request the open of it url..

0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205398
proposal 1:

use www.proxy4free.com as a updates balcklist, with the proper linux command you can create a linux.txt file updated, it's can be scheduled with a script
Use CURL cmd to copy web page, then GREP, CUT, and SORT to create IP blacklist  Repeat for each page of proxies:
curl http://www.proxy4free.com/page1.html > proxy1.html
grep whois\.cgi\?domain\= proxy1.html | cut -d \= -f 3 | cut -d \" -f 1 | sort | uniq > proxy.txt
• Alter accordingly for different sites and when site alters page formatting.

proposal 2.
Detecting a regular expression of  glype server proxy request
Example Glype URL:
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143

Format:
{hostname}/browse.php?u={obfuscatedURL}&b={identifier}

Regular Expression to Match:
(browse\.php\?u=).+(&b).*

proposal 3
• The format of the proxy server URL can be turned into a Snort IDS rule
• Example rule for a Glype Proxy:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: “GlypeProxy detected”;
pcre:”/(browse\.php\?u=).+(&b).*/I”; classtype:policy-violation; sid:50015;)

regards

what do you think?


0
 

Author Comment

by:nisartlaa
ID: 34208604
http://www.proxy4free.com/page1.html
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143 

Am from saudi Arabia...This link blocked by ISP...So i cant access this sites.
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34209000
0
 

Author Comment

by:nisartlaa
ID: 34213837
i tried  above link,,,all the link is blocked by isp..
0
 
LVL 7

Accepted Solution

by:
JJ2 earned 500 total points
ID: 34280751
Defining a policy in the local PCs via the enterprise antivirus product installed will help block the installation of exe files from USB flash drives.

Ultrasurf's signature is 140300000101 , and installs by .exe
http://jonsnetwork.com/2009/01/blocking-ultrasurf-with-a-sonicwall-application-firewall/

Blocking the signature in ISA server will help by following the link below:
http://www.isaserver.org/tutorials/Configuring-ISA-Server-2006-HTTP-Filter.html
http://technet.microsoft.com/en-us/library/cc302520.aspx

0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft ISA server 2006 2 695
RDP to TMG Firewall 6 296
TMG 2010 is not able access other network 3 197
Block access to Facebook using TMG 2010 1 238
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question