Stop use of Proxy Bypass

[Abalakin]

I am Handling a small web based business & we have blocked websites like Facebook, orkut, etc. So that during duty hours no one can waste time for other things, but now a days there are many worker have found backdoor to use proxy bypass websites. We even tried to block that websites when we come to know about this sites, but as there are so many so we can track them.

So is there anyway to block this websites or to track them which websites they open so i can block them immediately.

Please Help!

[Milton.J]

On Windows computers, you can use Group Policies to block access to any and all of the settings for Internet Explorer, including the proxy settings.

[Steve123]

IIS is a destination. The configuration issue is in whatever is doing the call (acting like a client). If you are using the built-in .Net communication methods you will need to make the adjustment inside of ... Wait for it ... Internet Explorer.

That little bugger has bitten me more times than I care to remember. I used to have to switch the proxy server settings in IE 5 or 6 times a day as I switched between internal and external servers. Newer versions of IE have a much better "don't use proxy server" set of rules.

As it seems that the user ID used by IIS is using this setting, you'll probably need to search the registry for where the proxy information is stored for each user ID and/or the default.

[Spyrus]

How can hackers bypass proxy servers? Does the process require special tools or software, or are holes in the server itself needed?

The phrase "bypass proxy servers" can mean several things, depending on how the proxy server is used, so let's look at a couple of proxy-deployment architectures and their associated bypass methods. To keep this answer to a manageable size, I'm going to focus on HTTP and HTTPS proxies. But keep in mind that the ideas below apply to other protocols as well.

Organizations often have their internal users connect to the Internet through a proxy server. These proxies provide centralized control points for filtering and analysis, potentially even blocking employees from surfing to inappropriate Web sites. As a performance bump, these proxies typically offer caching support as well. So, how do users bypass proxy servers? There are several approaches.

First, a surprising number of corporate networks with outbound proxies allow HTTP and HTTPS to be sent in two ways: either through the proxy itself, or formulated raw from the desktop, avoiding the proxy. Some of these organizations allow this proxy/non-proxy access because of the preponderance of applications -- often Java applets -- that speak HTTP but are not proxy-aware. To avoid this problem, I prefer to deploy transparent proxies in a network, rather than allow non-proxied Internet access that supports certain applications.

Even with organizations that completely block non-proxied HTTP and HTTPS access, an attacker can still bypass the proxy in a number of ways. To access forbidden sites, an attacker may encode his or her URLs in a variety of different formats, such as the hexadecimal representation of the American Standard Code for Information Interchange (ASCII), rather than the "normal" view. Thus, the Web site www.forums.techarena.in becomes %77%77%77%2e%66%6f%72%62%69%64%64%65%6e%73%74%75%66%66%74%6f%61%76%6f%69%64%2e%63%6f%6d. An attacker could also try to use an IP address instead of a domain name, or use Unicode instead of the "hex" representation. There are hundreds of different obscuring routines, and some of them work against various proxies.

To evade the filtering, an attacker can also try a different protocol altogether. One option here is to retrieve Web pages via email, a service offered at several locations on the Internet, such as the free web2mail.com. A subscriber can email a URL to the service, and its mail server then fetches the page and emails it back so the subscriber can view it in an HTML-enabled email reader; most email readers, in fact, are HTML-enabled.

Attackers can also access blocked content by surfing through an organization's outbound proxy to then go to another proxy, through which one can surf. The first proxy only sees the connection to the second one, and the second one doesn't enable any restrictions. There are thousands of these types of proxies available on the Internet today.

While those are just a few of the most popular methods for bypassing filtering proxies, what if an attacker's goal isn't to dodge filtering proxies, but instead to steal outbound data using HTTP and/or HTTPS? The attacker, for example, might have some spyware running inside an organization, and a Web site running on the outside, hoping to somehow spew internal data to the external server. The only obstacle is a pesky little proxy. In this scenario, where the attacker controls the client and the server, the attacker can simply try another TCP port, or use a variety of tools that try to tunnel data through the proxy.

Another use of proxy servers involves inbound access, the so-called "reverse proxy" deployment. This architecture offers protective filtering, analysis and authentication capabilities for a Web server. To bypass these proxies, attackers can rely on non-standard ports or tunneling tricks, or they can attack the proxy server itself.

Historically, some proxy technologies have suffered from configuration errors or buffer-overflow conditions. By exploiting these flaws, an attacker might be able to take over the proxy device itself, and then reconfigure it so that he or she can get unfettered access to a protected server.

[Big Fish]

I am giving you the list of proxy websites block them all you will be almost cover the all the proxy website blocking.

Download the attachment!.


List updated and cleaned further (13951 domains names).

[Big Fish]

I am giving you the list of proxy websites block them all you will be almost cover the all the proxy website blocking.

Download the attachment!.


List updated and cleaned further (13951 domains names).

[me311]

where is the attachment. I cannot find it please

[vprasad84]

Hello,

You cannot achieve the solution by manually adding the sites. What you need is to have a firewall appliance or a software/subscription which blocks the sites as per categories. You are given many categories within the appliance/software e.g if you block the email category then all sites to email such as yahoo/gmail/rediff, etc will get block. there are many categories which you can block eg porn, nudism, online brokerage, IM, Hacking sites, mp3/video streaming sites, p2p etc etc. i would recommend you fortigate/sonicwall or you can go with bluecoat web filter.

[me311]

dear, thanks for the quick reply. I am currently using fortinet fortigate 200, but the users are bypassing it and using internet proxies to access websites like facebook, youtube etc.

[vprasad84]

ok. is your license active or expired. take the issue with fortinet support. I am using sonicwall tz210 & NSA Series also & it just works fantastics. I have blocked the categories like IM, Hacking Sites, Proxies, Use of Proxy Server, etc. In next renewal instead of renewing fortinet, just get a sonicwall & try.