[squid-users] Spoofing attack and bouncer stuff

From: Beng Santosa <vcunz2@dont-contact.us>
Date: Sat, 23 Mar 2002 12:58:30 +0700

  Hi, i got a problem.....in my net i had implemented some rules to make any user in
  my net can't access some bandwidth consuming site. I implented the rules in my iptables
  rules and rules in squid too (with sites.blocked.txt)!

  Samples of iptables:

  /sbin/iptables -A PREROUTING -t mangle -d 206.142.53.0/24 -j DROP ###Morpheus
  /sbin/iptables -A PREROUTING -t mangle -d 209.25.178.0/24 -j DROP ###Napigator

  Samples conf in Squid :

  acl blockedsites url_regex -i "/etc/squid/sites.blocked.txt"
  acl unblockedsites url_regex -i "/etc/squid/sites.unblocked.txt"

  http_access deny blockedsites !unblockedsites

  in sites.blocked.txt i've included some sites/url that i want to block

  ..oh..i forgot...i implemented transaparent proxy here...now the problem is
  some user in my net using spoofing here....they uses portscan to scan any
  open proxy in internet (we called x)....after that they using that proxy (x)
  from connection option in explorer....hix.....and my rule not working anymore huaaaaa
  hix....... thus any one can helpp meee pleazeee......i hate this spoofing stuff :P, and somebody
  can explain me about bouncer and how to handle it.....thanx very much

  me,

  beng santosa

  thanxxxx guyssss


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Received on Fri Mar 22 2002 - 23:08:41 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:03 MST