[squid-users] Bypassed Proxy
eliezer at ngtech.co.il
Fri Dec 23 09:31:41 UTC 2016
My suggestion would be to find the holes in the system.
There are couple good networking tools ie:
The above tools have the options to see what parts of the IP is not ports such as:
Which you can control easily.
You can easily add a DROP or REJECT rule in iptables for all new connections on other then these ports as a starter.
It's very simple to write and I think you should dig a bit on iptables so you would be able to understand how it works better to give you a glimpse into the networking security world.
This amazing site and page:
Gives a better understanding to iptables and also on networking.
If you need more guidance let me know.
Linux System Administrator
Email: eliezer at ngtech.co.il
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Sameh Onaissi
Sent: Friday, December 23, 2016 2:03 AM
To: Antony Stone <Antony.Stone at squid.open.source.it>
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Bypassed Proxy
I have been trying to replicate what he is doing.
I have tried 4 or 5 VPN software and none connects, including Hotspot Shield. My iptables seem to be doing the job in that regard (Eliezer helped me set them up)
> On Dec 22, 2016, at 5:14 PM, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote:
>> The user has hotspot shield installed on his PC, which I believe is a
>> similar extension to the one you mentioned.
>> He is getting by squid with some sort of VPN, I thought squid can be
>> configured against such things?
> It sounds as though you need to review your firewall (routing) policies.
> Anyone who is allowed to use a VPN can effectively bypass all security
> policies on your network.
> Schrödinger's rule of data integrity: the condition of any backup is
> unknown until a restore is attempted.
> Please reply to the list;
> please *don't* CC me.
> squid-users mailing list
> squid-users at lists.squid-cache.org
squid-users mailing list
squid-users at lists.squid-cache.org
More information about the squid-users