[Dshield] Open proxy servers again on the rise.

John D. lists at webcrunchers.com
Thu Aug 21 21:01:53 GMT 2003


>hi Jon,
>
>How do we restrcit users from accessing these open proxy servers, is there
>any URL filtering tool which has a database of the same.

The simple way would be to use a Crunchbox,  it does that automatically as long as a snort rule exists that would detect it.

Alternate solution is just to setup your firewall to block ALL unknown ports and open up the ones you need.  Unfortunately,  the port usage changes on these proxies and you have to open up ONLY those ports you need,  or have listeners on.

I would even go deeper.   As per my earlier posting,  putting up a honeypot to catch the perpetrator would be MY choice.  I would do that,  but (sigh) I'm unemployed and have few Boxen to donate to this purpose.
>
>We are very keen to block users from accessing these sites.Do give your
>suggestions please.

I hope my previous comments are valid.

John





More information about the list mailing list