[squid-users] Bypassed Proxy

Yuri Voinov yvoinov at gmail.com
Fri Dec 23 17:43:43 UTC 2016 


23.12.2016 23:30, Sameh Onaissi пишет:
> Thank you all for the suggestions.
>
> I will try to read up on iptables and add the necessary rules, as well as try to add norhtghost IPs to the blacklist.
AFAIK not IPs, but network ranges. And you require to regullarry update
it, to keep up-to-date, and made enough exceptions - to work innocent sites.
>
> On another note, I noticed Tor Browser bypasses squid completely. The only search results I found on how to block it with squid date back to 2011. (Amos has a script for that?)
> Any idea how to block Tor? I downloaded it and ran it and none of its traffic is detected by Squid.
Bridged Tor?! Cool story, bro. Ever China government, with Great China
Firewall, can't block Tor.

PS. Personal advice. Forget about blocking Tor. Forever. It desined to
prevent any blocking. And good designed.
>
>
>
>
>
>> On Dec 23, 2016, at 4:31 AM, Eliezer Croitoru <eliezer at ngtech.co.il> wrote:
>>
>> My suggestion would be to find the holes in the system.
>> There are couple good networking tools ie:
>> Iptstate
>> Iptraf-ng
>> netstat-nat
>> conntrackd-tools
>>
>> The above tools have the options to see what parts of the IP is not ports such as:
>> 53
>> 80
>> 443
>>
>> Which you can control easily.
>> You can easily add a DROP or REJECT rule in iptables for all new connections on other then these ports as a starter.
>> It's very simple to write and I think you should dig a bit on iptables so you would be able to understand how it works better to give you a glimpse into the networking security world.
>> This amazing site and page:
>> http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
>>
>> Gives a better understanding to iptables and also on networking.
>> If you need more guidance let me know.
>>
>> Eliezer 
>>
>> ----
>> Eliezer Croitoru
>> Linux System Administrator
>> Mobile: +972-5-28704261
>> Email: eliezer at ngtech.co.il
>>
>>
>> -----Original Message-----
>> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Sameh Onaissi
>> Sent: Friday, December 23, 2016 2:03 AM
>> To: Antony Stone <Antony.Stone at squid.open.source.it>
>> Cc: squid-users at lists.squid-cache.org
>> Subject: Re: [squid-users] Bypassed Proxy
>>
>> I have been trying to replicate what he is doing.
>>
>> I have tried 4 or 5 VPN software and none connects, including Hotspot Shield. My iptables seem to be doing the job in that regard (Eliezer helped me set them up)
>>
>>
>>
>>> On Dec 22, 2016, at 5:14 PM, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
>>>
>>> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote:
>>>
>>>> The user has hotspot shield installed on his PC, which I believe is a 
>>>> similar extension to the one you mentioned.
>>>> He is getting by squid with some sort of VPN, I thought squid can be 
>>>> configured against such things?
>>> It sounds as though you need to review your firewall (routing) policies.
>>>
>>> Anyone who is allowed to use a VPN can effectively bypass all security 
>>> policies on your network.
>>>
>>>
>>> Antony.
>>>
>>> --
>>> Schrödinger's rule of data integrity: the condition of any backup is 
>>> unknown until a restore is attempted.
>>>
>>>                                                  Please reply to the list;
>>>                                                        please *don't* CC me.
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
What is the fundamental difference between the programmer and by a fag?
Fag never become five times to free the memory of one object. Fag will
not use two almost identical string libraries in the same project. Fag
will never write to a mixture of C and C ++. Fag will never pass objects
by pointer. Now you know why these two categories so often mentioned
together, and one of them is worse :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161223/4e4f5f59/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161223/4e4f5f59/attachment.sig>

More information about the squid-users mailing list