Post Reply 
Proxo v Firewall
Apr. 10, 2004, 01:33 PM
Post: #1
 
I was just sittin' here, looking at various different firewalls on my laptop...and it hit me *ow* [beatdown] .....

I saw a filter on the old proxo forum to block all communication to the msn server that controls msn messenger and windows messenger, so already you can make a list and have a rule based firewall (block IP's); but is it possible to block ports? If so, then can you please post the filter here...

I know it wouldn't be a completely good firewall, but you've already got the main features down if you CAN block ports...

Block trojan ports e.g. 666
IP filtering/blocking
The best available HTTP filter'er e.g. block malicious code and filter ads
It might even be possible to have a mediocre Intrusion Detection System, using a list of ports to moniter traffic and use the meta-character $ALERT to inform you of any trojan-ish activity

I'll leave it there and let you all ponder Pervert that thought...

(?`?._)?n?iT?u??(?`?._)
Add Thank You Quote this message in a reply
Apr. 10, 2004, 06:58 PM
Post: #2
 
Interesting...very...interesting.

I think this can be done! But I suck with Header filters, so I'll leave this up to Jak! Cheers
Visit this user's website
Add Thank You Quote this message in a reply
Apr. 10, 2004, 07:38 PM
Post: #3
 
Code:
Interesting...very...interesting.

*Choo*...*Choo*...Luke, I am your father... Eerie [unsure]

I might have part of the code already planned out; in the header filter for blocking URL's you would do something like...

Code:
In = FALSE
Out = TRUE
Key = "Firewall: Beta (Out)"
URL = "$LST(FirewallList)"
Replace = "\k"

HOWEVER!!!!.................I haven't tested it on IP's; if someone would be willing to test it fully, it would be greatly appreciated. (If you do, please tell me how it turns out)

If i were to set out the list for URL's or IP's like this...

Code:
### Firewall List Test

hacker-site.net
# OR
132.465.798.157

would a port blocking list work like this or not?...

Code:
### Firewall PORT List Test

*:666
# OR
*:32*6

*PHEW* Well, that's enuff of a brain buzz, time to persuade my grandad if I can have a forty... Cheers

(?`?._)?n?iT?u??(?`?._)
Add Thank You Quote this message in a reply
Apr. 10, 2004, 07:52 PM
Post: #4
 
That would be an awsome filter! Jak's good with headers and I'm sure JD5000 would have some contributions.

�{=(~�::[Shea]::��~)=}�
How 'bout you sideburns, you want some of this milk?
This fading text is pretty cool, eh? I bet you wish you had some.
Add Thank You Quote this message in a reply
Apr. 10, 2004, 09:53 PM
Post: #5
 
If this is possible, wouldn't it be easier to have an allow list instead of a block list. There's a lot more ports used by trojans than by other programs.

�{=(~�::[Shea]::��~)=}�
How 'bout you sideburns, you want some of this milk?
This fading text is pretty cool, eh? I bet you wish you had some.
Add Thank You Quote this message in a reply
Apr. 10, 2004, 10:23 PM
Post: #6
 
Whatever floats your boat m8 Smile!

(?`?._)?n?iT?u??(?`?._)
Add Thank You Quote this message in a reply
Apr. 10, 2004, 11:21 PM
Post: #7
 
Hi "~Gang~",
I like the idea about setting Proxo up with port blocking and IP blocking. It' is possible to block IPs, . .there's a filter that can capture an IP range, I've got it wrote down somewhere in My Note-book. I'm not sure about Port blocking. Proxo being a "proxy" eventhough it's run as a local proxy can only filter Http & Https protocols. I've actually chained "messengers" to run through Proxo with it filtering Http elements in the data stream. Like when ICQ "logs in" eventhough that it's like telnet, it' still trys to grab User-Agents and other header fields. But I'm not sure that it can filter SMTP & POP for e-mails which is where most trogans are picked up at.

Another thing that I see is, that Your firewall is up front and in between Proxo and Your Browser. (Browser--->PRoxo---->Firewall)
So the firewall should be configured to block the ports and strain out the what bugs it can before it gets to Proxo. But if PRoxo can be set up for this, it would be a Heck of a second layer, just in case some gets by the fire-wall.

But one other thing You might want to thing along these lines. And this is certainly just a personal opinion. I think the more different uses that You set PRoxo up to do, the "less" efficient and unstable it might become. Like PRoxo incorperates the ability to "rotate Proxies", however, when I was using Remote Proxies several years ago, I used a program called "Multi-Proxy"<--(Click-On-Name) and just chained Proxo & Multi-Proxy together. Worked Great!

I think that it's a great idea to see if Proxo can be configured for Port blocking. I have been amazed over and over again by "Scott's Proxomitron". Someday I hope "Scott" will drop in over here and at least make an appearance.

We were all planning to have the "First Annual PRoxomitron Summit" this year. I was going to "fly over the big Pond" just in hopes to see some of My PRoxo-Friends. Can You imagine 3 or 4 days camped out on the side of a hill some where, setting up a some high-power RAID servers, wireless network everone together, set around the 55 gal. barrel with the fire going, cooking outside, and do nothing but set around "Cyber camp-fire" & share ideas with people like ARNE, Neon-Bunny, HpGuru, Jor, Alto-Sax, JD5000, Bess,Tegg-Head and all the other really great script writers! We were hoping that "Scott" would show up, but it all fell apart. They were My "Proxo-Family" for so long, they took in an a "wild mutt" full of fleaz & tickx, . . .and made him a brother and treated him just like one of the Familly-members of the PRoxo-Clan. *tears*

Well so much for strolling down memory lane. "~It's on-ward and up-ward, the top is in view, there's a crown of bright glory awaiting for You.~" Smile!

I will look for my note-book on Proxo, and look at some of the filter elements to see if something can be put together.
Best Wishes,
"~JaK~" [smoke]
Add Thank You Quote this message in a reply
Apr. 11, 2004, 08:58 AM
Post: #8
 
Quote:It' is possible to block IPs, . .there's a filter that can capture an IP range, I've got it wrote down somewhere in My Note-book.
Thanks in advance if you can find it...

Quote:(Browser--->PRoxo---->Firewall)
I think you can have: (Browser--->Firewall--->Proxo)

Quote:I used a program called "Multi-Proxy"
I think there is a filter in your config. pack that let's you do something like this: Visit http://www.google.com; proxo grabs IP of site; proxo uses that IP as it's own to spoof your's; reset's with SHEA's batch file.
Well, that seems alot better and more 'auto-mated' than getting anon. IP's from 20 year old sites, placing over 2000 IP's in "Multi-Proxy" after an hour of sweating (copy; paste...copy; paste) and only get 5 slow, non-anon. and failing public proxies. So there is really no point in chaining to a mediocre program that proxo can do 10 times better, faster and just all around way more cool.

Quote:Proxo being a "proxy" eventhough it's run as a local proxy can only filter Http & Https protocols. I've actually chained "messengers" to run through Proxo with it filtering Http elements in the data stream.
I forgot about the whole; HTTP + HTTPS only thing. [huh]

^^^^^^^^^
[offtopic] You just gave me another idea if this works, [lol], can you monitor real-time data streams? Because if you can monitor them, can you capture them and playback?

(?`?._)?n?iT?u??(?`?._)
Add Thank You Quote this message in a reply
Apr. 11, 2004, 05:31 PM
Post: #9
 
Excuse me....

I seem to remember jabbering with Scott a long time ago about using Proxo to filter email. His exact words, which are duplicated in context in the Help file (But I'm too lazy to go look it up right now. :P ) were: "Proxo only monitors Port 80, and Port 443 if you install the SSL package. It isn't possible to make Proxo monitor Port 110 (POP3)."

So how are you guys gonna get Proxo to look at, let alone block, any other ports? Dead


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Apr. 11, 2004, 06:49 PM
Post: #10
 
Hi "~Oddysey~",
You "Ole Sweet-heart", . .Big Teeth
Been missing seeing You on-line the last few days. How is the paper coming? I've looked at a few "block-lists" that You were talking about in the other thread. Interesting stuff, I hadn't even heard about using block lists for the e-mails, but I've beening studying up and reading about it. I'm glad that You mentioned it. Lookin' forward to reading Your thoughts and ideas on it.

Well, I wasn't sure which ports that PRoxo monitored, but I've tried to chain it up to just about everything that You could to see how that it worked out and I knew that Http & Https was the only thing that it will filter and only https if You have the ssl.dll files.

But I have seen filters written for PRoxo that will match or Not-Match IP ranges, I got some of the elements written out in my note-book. I have to write notes, I've got a good memory, . . .it's just short! Smile! As soon as I "remember" where I've got it put up at, . . .I want to look at the section on filtering IP ranges.

"~Belthazor~" the "fake IPs" are contained in one of the blocklists that My Filter Set uses to "spoof" the sites with. I wish that it could "capture" the IPs of the sites but it just scans a list of them and picks one at psuedo-random, appends it to the URL of the site, and then Proxo just reads the Header/URL from the list and forwards it back out to the server, . . .and of course that's what the server logs.

I'm hoping that either Scott comes out of retirement, or that some Young Programmer will "pick up the PRoxo Ball" and get it rolling again. I would like to see some of the features that You mentioned incorperated in "PRoxo". I'll tell You what I would like to see, is a "Proxo O/S".

Well, just my two cents worth, You all have a Great Evening, and Happy EASTER
"~JaK~"[smoke]
Add Thank You Quote this message in a reply
Apr. 12, 2004, 03:26 AM
Post: #11
 
Jak;

Blowing smoke up my skirts again, I see. [lol] Better be careful, or people will start talking 'bout us. :o

I've posted another idea into this thread. It deals with a CGI Proxy server, and I've proposed the idea of running such a beast on the cheatandwin server. You may or may not be able to mine it for ideas on how to learn the IP of a "currently visited" site.

Another idea, have you ever considered DDNS? A Dynamic DNS service has to know what IP you are currently using, so if you can snatch their codelet, you might be able to reverse engineer it to get the IP of, once again, a "currently visited" site. There used to be a DDNS dot ORG, but that seems to be gone now. Try NO-IP, and see what you think.

Just some thoughts from someone who used to think that Memory was one of the four major food groups. Now I know better.... it's a suburb of Topeka, KS. :o [rolleyes] :P


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Apr. 12, 2004, 03:56 AM
Post: #12
 
belthazor;
Quote:.... can you monitor real-time data streams? Because if you can monitor them, can you capture them and playback?
You might give this site a shot: All Streaming Media.

If that doesn't trip your trigger, do a Google search on "capture streaming video". The above site wasn't the very first that came up, but it looked like the best fit for your purposes. Wink The first site that Google returned was [url=http://emoney.al.ru/capture-streaming-video-and-audio/"]this[/url], but it looks like a souped version of the above page, hosted on a Russian site/server. If one's down, try the other.


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Apr. 12, 2004, 07:43 AM
Post: #13
 
PERFECT! Smile! Thanks dude, i'm using Net Transport...it's doody :P

(?`?._)?n?iT?u??(?`?._)
Add Thank You Quote this message in a reply
Aug. 04, 2008, 11:23 PM
Post: #14
RE: Proxo v Firewall
Mad with Teeth Mad with Teeth [teethmad]hey, our school keeps blocking bebo, myspace and things like that, can anyone help me with a proxo that hasn't been blocked or a way around it?
Quote this message in a reply
Aug. 05, 2008, 07:33 AM
Post: #15
RE: Proxo v Firewall
Proxomitron filters only HTTP and HTTPS, not other protocols and not other ports. It is not a replacement for a firewall, it is an extra layer of security to use in addition to a firewall.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: