[squid-users] Re: how to implement access control using connetcing hostname and port

From: babajaga <augustus_meyer_at_yahoo.de>
Date: Fri, 11 Jul 2014 03:06:51 -0700 (PDT)

> i get a new proxy address (eg,3121212.proxy.com) and a port number(in the
range of 30000). it's not the listening port.<
It is not their listening port ? I doubt it, how else could you use it ?
I can think about some type of DNS rotation, they use. When their proxy.com
at any time slot points to another of their IPs out of the pool reserved for
this domain, they modify their DNS A-record for next time slot, to use
another IP.

And, when having a second pool of IPs, they might also rotate the
nnnn.proxy.com (CNAME) within their DNS-record. Using some type of
redirection, they finally always point to the same physical proxy.

Because of the IP rotation, the GFW will have problems to dynamically detect
this service by means of traffic to same IP. However, the vast amount of DNS
requests for proxy.com might be a hint, as the TTL must be just the (short)
time slot.

Intruders into the service will need to scan the correct IPs/ports during
correct time slot, and then have access only during this time slot. Even
this might be minimized by checking intruders IP characteristics, like
country. Or integrate some type of port-scan detection, to block this
potential intruder.
So more or less safe, unless a lot of effort is invested figuring out the
DNS tricks.

So it is not a question, that such a scheme is possible to be done using
squid. Because the real effort has to be invested in DNS manipulation.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-implement-access-control-using-connetcing-hostname-and-port-tp4666818p4666842.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Jul 11 2014 - 10:06:54 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 11 2014 - 12:00:04 MDT