Tracing the URLs?

**RITESH GAUR** · April 28th, 2006, 01:37 PM

What’s wrong if I want to know any possibility of such activities?

Or let me frame the question in different way……Is it possible that a user in my office is using some software (or kinda stuff) which will hide his all or /and some activities such as going to pornographic websites downloading movies etc.

If there is a way you may tell me or not tell me its yr choice. At least you can put some msg about the possibility. ;-)

***IKnowNot*** · April 28th, 2006, 01:49 PM

Occupation faculty+student

working on Masters?

Why did I point out this profile? I don’t know, seemed like the thing to do when I read:

You're asking security professionals how to elude the audit process? Are you kidding me?

You want to know how to avoid having your URL history logged by a proxy? Don't use it. ...

But something else came to mind, for morganlefay and RITESH GAUR , maybe it is not relevant, but:

Even if the proxy doesn’t cache/log it, where are you getting your DNS from? Is it logged there?

**Spekter1080** · April 28th, 2006, 01:49 PM

Originally posted here by Tiger Shark
There goes that impression I had of Mistress LeFay being a mature adult....

I liked it...lol

But as for the issue on proxies, I have only a moderate amount of experience with them. However, the proxies that I have worked with perform in accordance to what the others have said. As for the office situation (1st post, page 2) I have a question. Ritesh, did you contact the proxie's admin?

***morganlefay*** · April 28th, 2006, 02:15 PM

It all depends on how the user is getting out to the internet...and if the user is some how bypassing the proxy...if that is possible.

You are not providing enough "technical" details for us to answer your questions???

Yes ...if you use a proxy ...it can be logged.

Try answering some questions...

Are you Admin of the squid??

How is the internet connection setup???

Careful...we will not help you bypass a policy of someone elses network

I lose my patience easily lately...Mr Horse has also warned you...and hes a mod

You're lucky that you haven't been negged into a blackhole by now.

MLF

**nihil** · April 28th, 2006, 06:13 PM

Morgana~ is correct when she says:

It all depends on how the user is getting out to the internet...and if the user is some how bypassing the proxy...if that is possible.

The first assumption one has to make is that if you connect to an organisation's network, that connection will be detected and that it will be logged

This leaves three basic options:

1. Use an external proxy server (anonymous public proxy, for example)
2. Use VPN (virtual pr0n network

)
3. Buy a 56.6Kb dial-up modem and use a standard telephone line

In the first instance, the connection to the proxy will show up in the local logs, but what happens after that will only be in the remote server's logs.

The VPN will be logged, but probably not locally, other than the connection to it.

A telephone dial-up connection will not be logged as it is outside the network. However it is safe to assume that an organisation that logs its network activity also monitors its telephone calls, and the repeated and lengthy calls to the ISP would stand out like a sore thumb.

Those would be the basic ways that a user would attempt to avoid detailed logging by a local server.

**RITESH GAUR** · April 29th, 2006, 03:24 AM

Thanx nihil ;-)

That's why we ask questions, Locked only on logs...... I was almost forget the 3rd option. See he is not telling me how to do, the question was of a kind "IS IT Possible? if yes how is it possible".

{MAy be I must frame the questions in different ways..so that they must tell what I want... ?}

If I am admin and working with squid? I will never say "but I am not shure about the squid's logs?" :P

Thanx everyone I appreciate your participation! :-)

***i2c*** · April 30th, 2006, 09:47 AM

Use Tor, it encrypts traffic before your first hop to your first onion router, so that way the traffic won't be easily readable at the cache.

i2c

**rmlj63** · April 30th, 2006, 11:20 AM

I did some checking up on your questions and like what everyone here knows yes it is possible, the question I would pose to you is what is your intent. You ask the question posing as a sys admin. As if we haven't heard that one before, I would have to ask you how long have you worked with Unix? I love the OS myself, there are some great sites out there that will help you to secure your proxy even better than what you thought it capable as for Squid.

If you are the one trying to cover your tracks Squid is a tough one. If you don't think so check it out
here. If you do have a guy you think is getting out There are a lot more tools available to you than just a proxy. As were mentioned before, physical security as well as filtering, etc...

Hope this helps, if not you're probably not looking for the bad guy.

**nihil** · April 30th, 2006, 11:52 AM

Hi,

I could well be wrong, but I did not see RITESH as asking something "naughty". The questions refer to technology that could be used for security purposes or to circumvent them?

I don't think that it is a question of protecting the actual content of the data flow, just its direction?

I have used this approach for permanent non-staff workers and visitors. It keeps them off our network, or in their own "tunnel" (the MoD like that

)

We are obviously talking about a situation where there is some trust at least............ as in they got through the razor wire without cutting it?

In other words, I am reading it as "what are authorised and safe ways around a general policy?"

But, it could also be "how might users abuse the system?"

I guess I just sort of "reverse engineered" my answer from the enabling experiences that I have had, to meet the potential circumvention question.

Thread: Tracing the URLs?

Thread Tools

Display

Posting Permissions