how can i find out
Results 1 to 7 of 7

Thread: how can i find out

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    9

    how can i find out

    hi guys
    my friend and i are network administrators and want to find whether it is possible to find out
    whether some systems are running illegal proxies and giving access to other systems.These other systems that are not allowed to access the net are illlegally are accessing it. is it possible to find this out .Is the "no. of requests comin from on system being high" the only way to find out that that system might be running a proxy.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Scanning for a proxy is probably the best thing. Where I am, my ISP scans regularly for the running of unnecessary services by members like SMTP, FTP, HTTP and NNTP. So I'd suggest doing that.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    174
    Hey MsM, are those the services a proxy server would be running? I don't know, but I'd be interested in knowing the signature of a proxy (if there is one).

    Looking through the Iana Port #s (http://www.iana.org/assignments/port-numbers), I see a lot of hits on the word proxy. Am I correct in assuming that the proxt service can be set up on any port (just like any other service), so long as the end-user knows what port to connect to? Is there a Windows or Linux standard proxy port?
    Mike Reilly
    bluebeard96@yahoo.com

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    This may be a completely stupid answer, but don't most proxies use port 8080?
    Every now and then, one of you won't annoy me.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Proxies can use any port they are set to (then again so can HTTP) but scanners like NMAP or banner-grabbing scanners can find the proxies. Not that hard. It's common to see Proxies at 8080 or 8000 but nothing says they have to be there.

    Only a really determined user will go about changing the banner. The bulk of your offenders don't get too fancy. And if you have some that are questionable it's not that hard to separate them out from the easy ones: Just connect to the ports they have open that don't meet standard ports (e.g., 6000-6069: XWindows; 111: RPC; 21: FTP; NNTP: 119; POP3: 110; NetBOIS for NT/95/98; 135-139; 2000AD DS: 445; etc.) and see what response you get.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    hey msMittens good idea...
    you could go a step further and run nmap on your whole network...
    then use a script (i've seen some nice Perl scripts ) to parse the logs and connect to those IP(s) and log what ever response they get.... (hopefully there aren't that many of these proxying end-users) so the end result (from the script) should not be that hard to read over, and find out who is doing what...

    btw- if your serious about this, i could help a lil' with the Perl Scripting
    yeah, I\'m gonna need that by friday...

  7. #7
    Junior Member
    Join Date
    Oct 2002
    Posts
    9
    its not necessary that the proxy has to be in a specific port . i had a code in java which acted as a proxy , we can specify the port no. on which it should wait. and if clients contact it on that port it would give the required connection. so what do u have to say for that
    when was the last time you did something for the first time! Do something!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •