securing proxomitron

Discussion in 'LnS English Forum' started by jag1967, Sep 15, 2004.

Thread Status:
Not open for further replies.
  1. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Hi

    Hope this isn't cross-posting, but having just read this about the potential danger of local proxies https://www.wilderssecurity.com/showthread.php?p=257723#post257723

    Actually, I've always wondered about the possible hijacking of a local proxy. Therefore, do I need to configure any further rules when I allow proxomitron access to the internet in the application filtering of LnS?

    regards
    jag
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    the issue is that if a trojan is using your proxy software, it can do everything without being detected.
    It is so safer to restrict proxymitron to the ports it needs : 80, 443, may be 21 too ?

    Anyway I think that Look'n'Stop will ask you about the malware first, but it's better to be safe than sorry.

    gkweb.
     
  3. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    As ever, thanks for the info GK

    BTW, in terms of specifying ports, Prox. registers a local tcp port of 8080 and 0 for remote; and my browser firefox registers various such tcp local 1007 & remote 80. Is it the case of restricting only the remote ports that firefox uses via Prox. ? That is, I restrict Prox. to 80 etc.
    Bit confused (but that's probably because I don't properly understand how a local proxy works)

    regards
    jag
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    a proxy software when running is listenning locally on a port, on your case 8080.
    Your browser, instead of connect to the remote website on the port 80, will instead connect locally to proxymitron and ask it the url of the website.
    Then, proxymitron will itself connect to the website remote port 80 using a local free port above 1024, and then will retrieve the data to your browser throught it's first connection on port 8080.

    Basically, if you access to every of your site trought your proxy your browser just needs to be allowed to access to TCP 8080 (eventually TCP 53 for rare DNS requests), and UDP port 53 for usual DNS requests.
    If your HTTPS (secured websites) does not pass throught proxymitron, then allow the TCP port 443 in addition.

    For proxymitron, since it will access to the web, allow it the ports needed for a web browser, that is to say TCP 80 (HTTP), TCP 443 (HTTPS), TCP 21 (FTP), TCP/UDP 53 (DNS).

    If for some sites you do not use proxymitron (many does not work well with proxies) don't forget to anyway allow these ports to your browser too.

    To make it more clear, it works as follow :

    FireFox (port > 1024) -----> 8080 Proximitron (port > 1024) ------> 80 Web
    FireFox <-------------------------- Proximitron <----------------------


    regards,

    gkweb
     
  5. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Hey GK, your explanation is greatly appreciated!

    cheers
    jag
     
Thread Status:
Not open for further replies.