securing proxomitron

Hi

Hope this isn't cross-posting, but having just read this about the potential danger of local proxies https://www.wilderssecurity.com/showthread.php?p=257723#post257723

Actually, I've always wondered about the possible hijacking of a local proxy. Therefore, do I need to configure any further rules when I allow proxomitron access to the internet in the application filtering of LnS?

regards
jag

 

Hi,

the issue is that if a trojan is using your proxy software, it can do everything without being detected.
It is so safer to restrict proxymitron to the ports it needs : 80, 443, may be 21 too ?

Anyway I think that Look'n'Stop will ask you about the malware first, but it's better to be safe than sorry.

gkweb.

 

As ever, thanks for the info GK

BTW, in terms of specifying ports, Prox. registers a local tcp port of 8080 and 0 for remote; and my browser firefox registers various such tcp local 1007 & remote 80. Is it the case of restricting only the remote ports that firefox uses via Prox. ? That is, I restrict Prox. to 80 etc.
Bit confused (but that's probably because I don't properly understand how a local proxy works)

regards
jag

 

Hi,

a proxy software when running is listenning locally on a port, on your case 8080.
Your browser, instead of connect to the remote website on the port 80, will instead connect locally to proxymitron and ask it the url of the website.
Then, proxymitron will itself connect to the website remote port 80 using a local free port above 1024, and then will retrieve the data to your browser throught it's first connection on port 8080.

Basically, if you access to every of your site trought your proxy your browser just needs to be allowed to access to TCP 8080 (eventually TCP 53 for rare DNS requests), and UDP port 53 for usual DNS requests.
If your HTTPS (secured websites) does not pass throught proxymitron, then allow the TCP port 443 in addition.

For proxymitron, since it will access to the web, allow it the ports needed for a web browser, that is to say TCP 80 (HTTP), TCP 443 (HTTPS), TCP 21 (FTP), TCP/UDP 53 (DNS).

If for some sites you do not use proxymitron (many does not work well with proxies) don't forget to anyway allow these ports to your browser too.

To make it more clear, it works as follow :

FireFox (port > 1024) -----> 8080 Proximitron (port > 1024) ------> 80 Web
FireFox <-------------------------- Proximitron <----------------------


regards,

gkweb

 

Hey GK, your explanation is greatly appreciated!

cheers
jag