Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering

angusINTASYS.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Serge Pimenov: "Re: Yet more Rconsole."
• Previous message: Mnemonix: "A wee caveat - the freeware WAR-ftp server (most versions)"
• In reply to: Jean-Christophe Touvet: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"
• Next in thread: Peter van Dijk: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"

So to summarise:

"Proxy servers can be abused. Ensure that only authorised users can
connect"

Exactly how you do this will depend on your circumstances and software.
Binding the server to the inward-facing NIC in a 'bastion host' config,
ensuring access control features are enabled by default if you are a
vendor and blocking inward traffic to proxy port if you run a firewall or
filtering router.

Perhaps Squid's "X-Forwarded-For: " header is a solution that could be
applied for situations where limiting the access to the server is not a
viable proposition.

A portscanner that bounces through a proxy server, in the style of the
ftp 'bounce' attack is at http://www.intasys.com/~angus/pbs.c

It goes without saying that 90% of "ftp bounce attack" code will only need
very small mods to be used on a WWW proxy.

Regards
        Gus

--
                                angusintasys.com

• Next message: Serge Pimenov: "Re: Yet more Rconsole."
• Previous message: Mnemonix: "A wee caveat - the freeware WAR-ftp server (most versions)"
• In reply to: Jean-Christophe Touvet: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"
• Next in thread: Peter van Dijk: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"