This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slippery port-80 packets sneakin' around the HTTP proxy!

I did a little more research on the port-80 traffic that's sneakin' by the proxy. I just checked the PF logs for yesterday and today, and there are 70 "rogue" packets.

Seven are from our SBS 2003 server to one Google IP.

Six are from (non-existent, I think) 10.x.x.67 to Google and two to Viet Nam.

The other 57 are from my desktop to Viet Nam, Google, Berlin, etc. I leave my unit running, so the packets continued while I was out of the office until 2009:10:15-04:01:24 this morning.

Cheers - Bob

This thread was automatically locked due to age.

0 RFCat_vk_01 over 16 years ago

Hi Bob,
I fixed that problem by having a filter block everything from port 1 to 1030 or in other words an allow filter from 1031 and above. Then create special case rules.
Some of the dumb programs have no idea about proxy use, especially Microsoft updates.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago

Yeah, Ian, but I'm running the HTTP Proxy in transparent mode. How would those programs know how to sneak past that?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel