Hi Isoel,
There is a solution, but it relies upon your network not being switched (or
at least the part that you want to monitor / restrict).
My suggestion is to setup a packet sniffer, and to configure it to alert you
to traffic containing keywords that are used in a request to an http proxy.
Once you have set this up, exclude the IP address of your real proxy from
the monitoring. Anyone who is running a proxy and getting requests will now
show up in the logged packets.
I know that some sniffers have the ability to block traffic based on
criteria (I think I saw this feature in SessionWall when I trialed it once,
this product goes by a different name now). If you had something capable of
doing this then you would be able to successfully control rouge users.
This may be more effort than it's worth, and you might just be better off
talking to the user, or to management. The only other alternative that I can
think of is some sort of host based firewall, but the problem here is that
it would probably be quite easy for the user to sabotage it....
Let me know how you get on
Cheers,
Alex Hague
-----Original Message-----
From: Isoel Piñeiro Martínez [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 21 February 2001 07:40
To: '[EMAIL PROTECTED]'
Subject: Inside protection ?!
I have almost 200 PCs in our LAN, some of wish have full access to the
Internet, some other to our Intranet , and some people can go nowhere. I'm
using Gauntlet 5.5 on NT4.0, SP5.
That way, using policies I define what each computer can do. I use DHCP
reservation for the people that can go to the Internet.
I've found recently one end user computer that have access to the Internet
running a proxy (Proxy+), and giving access trough it's IP address to his
friends. Is there some way to prevent this?
Thanks in advance.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
