[squid-users] Bypassed Proxy
Sameh Onaissi
sameh.onaissi at solcv.com
Fri Dec 23 17:30:37 UTC 2016
Thank you all for the suggestions.
I will try to read up on iptables and add the necessary rules, as well as try to add norhtghost IPs to the blacklist.
On another note, I noticed Tor Browser bypasses squid completely. The only search results I found on how to block it with squid date back to 2011. (Amos has a script for that?)
Any idea how to block Tor? I downloaded it and ran it and none of its traffic is detected by Squid.
> On Dec 23, 2016, at 4:31 AM, Eliezer Croitoru <eliezer at ngtech.co.il> wrote:
>
> My suggestion would be to find the holes in the system.
> There are couple good networking tools ie:
> Iptstate
> Iptraf-ng
> netstat-nat
> conntrackd-tools
>
> The above tools have the options to see what parts of the IP is not ports such as:
> 53
> 80
> 443
>
> Which you can control easily.
> You can easily add a DROP or REJECT rule in iptables for all new connections on other then these ports as a starter.
> It's very simple to write and I think you should dig a bit on iptables so you would be able to understand how it works better to give you a glimpse into the networking security world.
> This amazing site and page:
> http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
>
> Gives a better understanding to iptables and also on networking.
> If you need more guidance let me know.
>
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Sameh Onaissi
> Sent: Friday, December 23, 2016 2:03 AM
> To: Antony Stone <Antony.Stone at squid.open.source.it>
> Cc: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Bypassed Proxy
>
> I have been trying to replicate what he is doing.
>
> I have tried 4 or 5 VPN software and none connects, including Hotspot Shield. My iptables seem to be doing the job in that regard (Eliezer helped me set them up)
>
>
>
>> On Dec 22, 2016, at 5:14 PM, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
>>
>> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote:
>>
>>> The user has hotspot shield installed on his PC, which I believe is a
>>> similar extension to the one you mentioned.
>>
>>> He is getting by squid with some sort of VPN, I thought squid can be
>>> configured against such things?
>>
>> It sounds as though you need to review your firewall (routing) policies.
>>
>> Anyone who is allowed to use a VPN can effectively bypass all security
>> policies on your network.
>>
>>
>> Antony.
>>
>> --
>> Schrödinger's rule of data integrity: the condition of any backup is
>> unknown until a restore is attempted.
>>
>> Please reply to the list;
>> please *don't* CC me.
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list