[squid-users] Bypassed Proxy

Eliezer Croitoru eliezer at ngtech.co.il
Fri Dec 23 09:31:41 UTC 2016

My suggestion would be to find the holes in the system.
There are couple good networking tools ie:

The above tools have the options to see what parts of the IP is not ports such as:

Which you can control easily.
You can easily add a DROP or REJECT rule in iptables for all new connections on other then these ports as a starter.
It's very simple to write and I think you should dig a bit on iptables so you would be able to understand how it works better to give you a glimpse into the networking security world.
This amazing site and page:

Gives a better understanding to iptables and also on networking.
If you need more guidance let me know.


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Sameh Onaissi
Sent: Friday, December 23, 2016 2:03 AM
To: Antony Stone <Antony.Stone at squid.open.source.it>
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Bypassed Proxy

I have been trying to replicate what he is doing.

I have tried 4 or 5 VPN software and none connects, including Hotspot Shield. My iptables seem to be doing the job in that regard (Eliezer helped me set them up)

> On Dec 22, 2016, at 5:14 PM, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote:
>> The user has hotspot shield installed on his PC, which I believe is a 
>> similar extension to the one you mentioned.
>> He is getting by squid with some sort of VPN, I thought squid can be 
>> configured against such things?
> It sounds as though you need to review your firewall (routing) policies.
> Anyone who is allowed to use a VPN can effectively bypass all security 
> policies on your network.
> Antony.
> --
> Schrödinger's rule of data integrity: the condition of any backup is 
> unknown until a restore is attempted.
>                                                   Please reply to the list;
>                                                         please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list