Hi Junix, It's really difficult to administer a network when users are technically capable of doing things. However, the first two things that came into my mind (for you to at least have a sane counter measure) are:
1. Internet usage quota - By providing such, the user who will try to setup his/her own proxy server will end up serving his own quota. If this will not deter that sneeky bs, at least he/she cannot use/steal any bandwidth that is not allocated for him/her. 2. Port scan - Scan your network on a regular basis, eg. create a script which will only report proxy services. hth, Kenneth Junix Gaspar wrote: > Hello People of Linux, > > I hope everybody is fine. > > I have these problem where some of my users would setup a proxy server > to extend there Internet use to there personal PC. > What we have done is to use MAC/IP filtering, Proxy Authentication. I > even block them in the switch to make sure that only authorized PC > will participate in my network. > So far it worked to limit the users to only use only organizations > provided PC. > > However, some have setup Proxy Server. With this, they were able to > propagate the use of Internet to there non authorized PC. > > However, since they are located in a place where IT staff visits are > limited (we need to either fly 1.5hour by helicopter and/or 4 hours > convoy), we were limited in physically making sure that authorised PC > are only used. > > I am using linux/squid/dansguardian and I was hoping that there is a > way to block a connection if the said connection is from a Proxy/NAT > connection. > > And thats it. Hopefully somebody have some something in mind. > > By the way, please dont tell me to fix our Company Policy because its > already specified that it is illegal for them to do it. Even if we > caught them, they will just have a rotation in man power and its a new > batch of people to work with, and... > Google is not able to give me any good results also. > > Thanks, > JGaspar > ------------------------------------------------------------------------ > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
