[squid-users] SSL_bump and source IP

Eliezer Croitoru eliezer at ngtech.co.il
Thu Feb 2 10:31:47 UTC 2017


Have you considered an external_acl that will help you to do this by the mac address or by another way like a "bypass" portal?
With mac addresses DB you can know if the device is from one manufacturer or another.
The hackers in your network will always find a way to bypass ssl bump eventually since there are other ports but it's something.
I am not sure but if there was a way to find them by the form of the TLS hello then I believe it would be simple enough to identify these but I am not sure how possible is that.
I can write a pseudo in ruby that will help to identify vendors by MAC address based on:
https://github.com/royhills/arp-scan/blob/master/get-oui
https://github.com/joemiller/mac-to-vendor

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of FredB
Sent: Thursday, February 2, 2017 10:03 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] SSL_bump and source IP

So how I can manage computers without my CA ? (eg: laptop temporary connected) In my situation I have also some smartphones in some case, connected to my squids, how I can exclude them from SSLBump ?
I have already some ACL based on authentication (user azerty = with/without some rules)  

FredBb

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list