[Dshield] Open proxy servers again on the rise.

Johannes B. Ullrich jullrich at sans.org
Thu Aug 21 22:35:45 GMT 2003


> The simple way would be to use a Crunchbox,  
> it does that automatically as long as a snort
>  rule exists that would detect it.

hehe. I would like to see that snort rule. Proxy servers come in many
different shapes. In paritcular if you have someone use a transparent
proxy, chances are the only way to find out is by looking at all the
traffic going to a particular target IP.

Best way to avoid proxies is to setup your own (e.g. Squid).
See the discussion for a few days ago for details.



-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20030821/808d478d/attachment.bin


More information about the list mailing list