On Wed, Mar 06, 2002 at 01:51:59PM +0530, H M Rajeev wrote:
| No! Not like that.
| Have a look at below.
|
| Authorized users connecting to -----> Squid ----> Firewall -----> Internet
|
| unauthorized users ----->authorized users PC(some proxy is running
| here) ------>Squid ----->Firewall ----> Internet.
|
| squid accept the connection from from authorized PC only. we have blocked
| all other route.
As long as you allow unauthorized users to connect to users as the
users run servers, this kind of thing can, and will, happen. One
way to address it is to disallow servers, and block incoming new
connections to those machines at the firewall (assuming they are
coming in from outside). Of course some kinds of connections, like
FTP, have to come in, and firewalls deal with that. You want to
block the unauthorized proxy use.
-- ----------------------------------------------------------------- | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | phil-nospam@ipal.net | Texas, USA | http://phil.ipal.org/ | -----------------------------------------------------------------Received on Wed Mar 06 2002 - 01:39:47 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:44 MST