[squid-users] Bypassed Proxy

Eliezer Croitoru eliezer at ngtech.co.il
Fri Dec 23 09:31:41 UTC 2016 

My suggestion would be to find the holes in the system.
There are couple good networking tools ie:
Iptstate
Iptraf-ng
netstat-nat
conntrackd-tools

The above tools have the options to see what parts of the IP is not ports such as:
53
80
443

Which you can control easily.
You can easily add a DROP or REJECT rule in iptables for all new connections on other then these ports as a starter.
It's very simple to write and I think you should dig a bit on iptables so you would be able to understand how it works better to give you a glimpse into the networking security world.
This amazing site and page:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

Gives a better understanding to iptables and also on networking.
If you need more guidance let me know.

Eliezer 

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Sameh Onaissi
Sent: Friday, December 23, 2016 2:03 AM
To: Antony Stone <Antony.Stone at squid.open.source.it>
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Bypassed Proxy

I have been trying to replicate what he is doing.

I have tried 4 or 5 VPN software and none connects, including Hotspot Shield. My iptables seem to be doing the job in that regard (Eliezer helped me set them up)



> On Dec 22, 2016, at 5:14 PM, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
> 
> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote:
> 
>> The user has hotspot shield installed on his PC, which I believe is a 
>> similar extension to the one you mentioned.
> 
>> He is getting by squid with some sort of VPN, I thought squid can be 
>> configured against such things?
> 
> It sounds as though you need to review your firewall (routing) policies.
> 
> Anyone who is allowed to use a VPN can effectively bypass all security 
> policies on your network.
> 
> 
> Antony.
> 
> --
> Schrödinger's rule of data integrity: the condition of any backup is 
> unknown until a restore is attempted.
> 
>                                                   Please reply to the list;
>                                                         please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list