Searching \ for '[OT:] Proxy ?not working?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=proxy+not+working
Search entire site for: 'Proxy ?not working?'.

Exact match. Not showing close matches.
PICList Thread
'[OT:] Proxy ?not working?'
2004\08\27@101932 by Carlos A. Marcano V.

flavicon
face
                       
     Hi folks. I have a situation that is really driving me crazy. A
friend of mine is trying to manage a little lan at his workplace. It has
about 10 computers conected using Windoze 95, 98, and XP as the OS´s. He is
running the web server and uses a proxy to grant the internet acces. Users
must login through an application called Watchguard to gain acces to
internet. When somebody tries to get to a not allowable site (like porn
sites) he gets the "This URL is blocked by the firewall" sign. Everything
seems to be working fine, except that a user begin to tell him that he
could get to any site he wanted and my friend could not do anything about
it. My friend felt confident and told him that was not possible, so they
started a friendly bet: every Monday and Wednesday the user have to call my
friend and bring him to his PC and if he shows him any banned site on the
browser my friend must buy him lunch that day. No "imported sites count"
(as in a cdrom or floppy or any other media), so they have a gentlemen pact
on that the site must be opened using my friend´s lan. So far my poor
friend have had to pay for about a month now. The user told him he will
tell him the secret next year! so you must imagine how my friend is
feelling now. Luckily this is just a friendly bet but my friend is
concerned about the security implications this could bring. I must admit I
am not capable of doig anything about this because my knowledge in the
field is very low so I thought maybe any of you guys could help. Thanks in
advance for your time and help!

Regards,

*Carlos Marcano*
-Guri, Venezuela-        

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email spam_OUTlistservTakeThisOuTspammitvma.mit.edu with SET PICList DIGEST in the body

2004\08\27@113029 by M. Adam Davis

flavicon
face
If you can tell us how the proxy and network are set up then we might be
able to help.

What machine(s) connect directly to the internet connection?
Which machine (if any) does DHCP and NAT?
How is the network wired (what machines connect where)?

I'd check the logs on the proxy, and possibly employ a sniffer as a
first step (assuming the configuration is actually sound).

-Adam

Carlos A. Marcano V. wrote:

{Quote hidden}

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listservspamKILLspammitvma.mit.edu with SET PICList DIGEST in the body

2004\08\27@113443 by Wouter van Ooijen

face picon face
> Hi folks. I have a situation that is really driving me crazy.

If your friend is sufficiently technical there are numerous ways to
circumvent almost any filter. If the filter works on URL-basis a public
proxy could be used. If public proxies are blocked your friend might be
able to run one himself, maybe on his ADSL-connected home computer. If
the filter is (also) content-based the traffic could be somehow
encrypted.

Wouter van Ooijen

-- -------------------------------------------
Van Ooijen Technische Informatica: http://www.voti.nl
consultancy, development, PICmicro products

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email .....listservKILLspamspam.....mitvma.mit.edu with SET PICList DIGEST in the body

2004\08\27@114555 by Carlos A. Marcano V.

flavicon
face
Ok, I will ask for details and come back later... Thanks!

Regards,

*Carlos Marcano*
-Guri, Venezuela-

----------- Mensaje Original --------------

De: M. Adam Davis [EraseMEadampicspam_OUTspamTakeThisOuTUBASICS.COM]
Para: PICLISTspamspam_OUTMITVMA.MIT.EDU [@spam@PICLISTKILLspamspamMITVMA.MIT.EDU]
Cc:
Asunto: Re: [OT:] Proxy ?not working?
Fecha: 27/08/2004 11:31:45
Mensaje:


                               If you can tell us how the proxy and network are set up then we might
be
able to help.

What machine(s) connect directly to the internet connection?
Which machine (if any) does DHCP and NAT?
How is the network wired (what machines connect where)?

I'd check the logs on the proxy, and possibly employ a sniffer as a
first step (assuming the configuration is actually sound).

-Adam

Carlos A. Marcano V. wrote:

{Quote hidden}

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email RemoveMElistservTakeThisOuTspammitvma.mit.edu with SET PICList DIGEST in the body





--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email spamBeGonelistservspamBeGonespammitvma.mit.edu with SET PICList DIGEST in the body

2004\08\27@141413 by Carlos A. Marcano V.

flavicon
face
Wouter said:

>If your friend is sufficiently technical there are numerous ways to
>circumvent almost any filter. If the filter works on URL-basis a public
>proxy could be used. If public proxies are blocked your friend might be
>able to run one himself, maybe on his ADSL-connected home computer. If
>the filter is (also) content-based the traffic could be somehow
>encrypted.

 So I will have to tell my friend to stop the bet or he will finish ruined!

Regards,

*Carlos Marcano*
-Guri, Venezuela-

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email TakeThisOuTlistservEraseMEspamspam_OUTmitvma.mit.edu with SET PICList DIGEST in the body

2004\08\27@142904 by Alan Schnittman

picon face
Hi,

   HTTP tunneling software is used to get past proxy servers and firewalls to access remote servers on ports that are otherwise blocked.  I think this could also be set up to allow access to otherwise blocked web sites.  I use HTTPort <http://www.htthost.com/> but there are many choices for such software.  The system works best with a cooperative "host" outside the protected network.  If the user discussed in your message is using tunneling with a dedicated host, the network manager might be able to identify it with a network sniffer (try Ethereal <http://www.ethereal.com/> for example) and block it.  Note, however, that there are public hosts and other arrangement which may make blocking such access difficult.  The cure is partly physical security (don't let rogue computers connect to your network) as you don't know what software they might be running.  The other part of the cure is to prevent the users from installing software on computers already on the network.

-- Alan


At 09:19 AM 8/27/2004, Carlos Marcano wrote:
{Quote hidden}

=======================================================================
 Alan Schnittman  | Brainchild Evolution, Inc | RemoveMEschnittspamTakeThisOuTmindspring.com
-----------------------------------------------------------------------
           prototype design & development | computer interface
  embedded control | analog & digital circuits | software development
-----------------------------------------------------------------------

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listservEraseMEspam.....mitvma.mit.edu with SET PICList DIGEST in the body

2004\08\27@143527 by Carlos A. Marcano V.

flavicon
face
Alan said:

>   HTTP tunneling software is used to get past proxy servers and firewalls
>to access remote servers on ports that are otherwise blocked.  I think
this
>could also be set up to allow access to otherwise blocked web sites.  I
use
>HTTPort <http://www.htthost.com/> but there are many choices for such
>software.  The system works best with a cooperative "host" outside the
>protected network.  If the user discussed in your message is using
>tunneling with a dedicated host, the network manager might be able to
>identify it with a network sniffer (try Ethereal
<http://www.ethereal.com/>
>for example) and block it.  Note, however, that there are public hosts and
>other arrangement which may make blocking such access difficult.  The cure
>is partly physical security (don't let rogue computers connect to your
>network) as you don't know what software they might be running.  The other
>part of the cure is to prevent the users from installing software on
>computers already on the network.

So I guess my friend will have to do some sniffing on the traffic and
maybe search in the user's PC looking for that kind of software... Sounds
pretty invasive but security comes first, doesn't it? ;)

Thanks Alan, regards,

*Carlos Marcano*
-Guri, Venezuela-

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email EraseMElistservspammitvma.mit.edu with SET PICList DIGEST in the body

2004\08\27@150717 by Alan Schnittman

picon face
It certain circumstances, I agree, security should come first.  It is
invasive.  That is IMHO partially why most computers are so
insecure.  Refer to the other current thread on this list (something about
viruses and spyware) about not using the "administrator" account for
day-to-day use.  In a secured system the user would be denied access to OS
functions such as installing software and changing system settings, the
BIOS would be password protected and feature a chassis-open alarm, the
computer would be locked to the table to prevent off-site manipulation or
substitution, and there would be no removable media such as floppy drive,
CD-ROM, or (now) USB.  All of these capabilities have been available for
PC-type computers for at least 15 years or so.  It takes a *lot* of
planning to set up a secure workplace that does not hinder the work.  Most
don't want to spend time doing that work or to pay for such planning.  It
is easy to make excuses for exceptions  or to circumvent security for
expedience.  One client of mine has a simple policy, if the computer(s)
used for a project can not be secured to the office standard, it does *not*
get connected to the network.


At 01:36 PM 8/27/2004, Carlos Marcano wrote:

>  So I guess my friend will have to do some sniffing on the traffic and
>maybe search in the user's PC looking for that kind of software... Sounds
>pretty invasive but security comes first, doesn't it? ;)



=======================================================================
 Alan Schnittman  | Brainchild Evolution, Inc | RemoveMEschnittEraseMEspamEraseMEmindspring.com
-----------------------------------------------------------------------
           prototype design & development | computer interface
  embedded control | analog & digital circuits | software development
-----------------------------------------------------------------------

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email RemoveMElistservspam_OUTspamKILLspammitvma.mit.edu with SET PICList DIGEST in the body

2004\08\28@051228 by Peter L. Peres

picon face

He is likely using a second, external web/web proxy. Possibly set up at
his own office or home ;-). Nice idea.

Peter
_______________________________________________
http://www.piclist.com
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

More... (looser matching)
- Last day of these posts
- In 2004 , 2005 only
- Today
- New search...