Solved

PROXY

Posted on 2010-11-24
15
1,501 Views
Last Modified: 2012-05-10
I am using ISA server for proxy... i blocked unwanted site for users..But some users using other proxies like ultra surf ,hot shield and etc...So how i can block these proxies..Please send solution ASAP...
0
Comment
Question by:nisartlaa
  • 8
  • 6
15 Comments
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204573
Download the list from here : 3rd Party Proxy Sites ( 7KB / 662 Domains & URL's)

import on your blocked unwanted, and repeat some control once a month to control that it's still valid,
0
 

Author Comment

by:nisartlaa
ID: 34204597
sorry i cant understand ? please explain me,,,which one i want to download and where is import ? am using isa server 2004.
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204604
0
 

Author Comment

by:nisartlaa
ID: 34204622
what about  "repeat some control once a month to control that it's still valid" please explain me..where i want to download this on isa server ?
0
 

Author Comment

by:nisartlaa
ID: 34204648
i downloaded 2 files..this file where i can import on the isa server ?
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204682
OK,

the zip files contain two xml's files, first with one proxydomains url, and the second with proxy url, when you import those xml pre configurate list, you teach your isa server to block the most common service of annonymaze and proxy to your client, but the security and the tricks to surf free are multiple, and maybe service as ultrasurf has now 100 server that offer proxy service, you with those list block all of them, but in a month ultrasurf publish another 3 server, then you blocking become vulnerabile.
the security it's a continuos concept
then i suggest you, to install a Virtual Macchine with the most common Proxy client, annomyzer ecc, services, and once a month, as a part of your security periodical controls, test those client, to verified that you still blocking.

i'm searching something like a online service that offer the updated list of this services, to reach to do a update list frequently, if i found it, i publish to you :)

it's clear? :)
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34204694
you can see in this link the proceed to import/export those files
http://www.isaserver.org/articles/2004firewallblocklist.html

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:nisartlaa
ID: 34205015
i imported this files and deny this..But still am facing ....some users accessing 3rd party proxys..so please help me...bcos am facing toooo head hack..
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205287
it's and interesting and complex things, we can produce something interesting, about it, intead you can use this link to see this link

www.proxy4free.com

you can found the most updates list of potential proxyes. but you have to accept the risk of it, because is a very particular situation, you have to become the most secure possible blocking the most updated list of proxy available on the web, and understand that at now an simple or automatic method to detect doesn't exist

please read this document to
http://www.sans.edu/resources/student_presentations/detecting_anonymous_proxies_handouts.pdf
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205303
maybe the most practical and functional method to block this, is block all web traffic, and open the sites that your users needed, but this situation slow the users works. and increase you work because the inform you all time something doesn't work. to request the open of it url..

0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34205398
proposal 1:

use www.proxy4free.com as a updates balcklist, with the proper linux command you can create a linux.txt file updated, it's can be scheduled with a script
Use CURL cmd to copy web page, then GREP, CUT, and SORT to create IP blacklist  Repeat for each page of proxies:
curl http://www.proxy4free.com/page1.html > proxy1.html
grep whois\.cgi\?domain\= proxy1.html | cut -d \= -f 3 | cut -d \" -f 1 | sort | uniq > proxy.txt
• Alter accordingly for different sites and when site alters page formatting.

proposal 2.
Detecting a regular expression of  glype server proxy request
Example Glype URL:
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143

Format:
{hostname}/browse.php?u={obfuscatedURL}&b={identifier}

Regular Expression to Match:
(browse\.php\?u=).+(&b).*

proposal 3
• The format of the proxy server URL can be turned into a Snort IDS rule
• Example rule for a Glype Proxy:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: “GlypeProxy detected”;
pcre:”/(browse\.php\?u=).+(&b).*/I”; classtype:policy-violation; sid:50015;)

regards

what do you think?


0
 

Author Comment

by:nisartlaa
ID: 34208604
http://www.proxy4free.com/page1.html >
http://www.reverseproxy.us/browse.php?u=Oi8vd3d3Lm15c3BhY2UuY29t&b=143

Am from saudi Arabia...This link blocked by ISP...So i cant access this sites.
0
 
LVL 3

Expert Comment

by:khuphuc
ID: 34209000
0
 

Author Comment

by:nisartlaa
ID: 34213837
i tried  above link,,,all the link is blocked by isp..
0
 
LVL 7

Accepted Solution

by:
JJ2 earned 500 total points
ID: 34280751
Defining a policy in the local PCs via the enterprise antivirus product installed will help block the installation of exe files from USB flash drives.

Ultrasurf's signature is 140300000101 , and installs by .exe
http://jonsnetwork.com/2009/01/blocking-ultrasurf-with-a-sonicwall-application-firewall/

Blocking the signature in ISA server will help by following the link below:
http://www.isaserver.org/tutorials/Configuring-ISA-Server-2006-HTTP-Filter.html
http://technet.microsoft.com/en-us/library/cc302520.aspx

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now