|
|
 |
Sonicwall Signatures
Go to All Categories list.
Go to All Applications list.
Category: PROXY-ACCESSProxy-Access Category Description
This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent unauthorized access to proxy servers. Proxy servers help provide users inside a network with freedom of access to outside network services, often by circumventing a firewall. The traffic detected by these signatures is not a threat in and of itself, but it can represent a violation of network policy and possibly open the network to future attacks.
These signatures detect several different types of proxy server traffic ranging from higher security to lower security including outbound access to SOCKS servers, various programs that provide tunneling services, and generic attempts to access HTTP proxies outside the network. SOCKS connections require some form of authentication, and represent comparatively less risk than other proxy connections. Tunneling services, on the other hand, can open holes in the firewall that recieve less scrutiny than other traffic moving into the network. Other HTTP attempts can signal that the user is using services like Instant Messengers or Peer-to-Peer filesharing clients in violation of company policy. Some types of proxies can provide remote administrative access for users outside the network to workstations inside the network and evade a perimeter firewall.
SonicWALL signatures in this category are considered low-priority and are set by default to detect this type of network traffic. These signatures can be enabled if proxy access is in violation of network policy.
| | Encrypted Key Exchange -- Random Encryption (Skype,UltraSurf, eMule) | | | Non-SSL traffic over SSL port -- Traffic Anomaly Detection | | | Encrypted Key Exchange -- UDP Random Encryption (UltraSurf) | | | Freegate -- HTTPS Activity 1 [Reqs SIDs 5, 7] | | | NinjaCloak -- HTTP Activity | | | NinjaCloak -- HTTPS Activity | | | Megaproxy -- HTTPS Activity 1 | | | WPAD -- HTTP Activity (Get Data) | | | KProxy -- HTTP Activity 1 | | | KProxy -- HTTP Activity 2 | | | KProxy -- HTTPS Activity 1 | | | Megaproxy -- HTTPS Activity 2 | | | PHProxy -- HTTP Activity | | | SOCKS 5 -- Server Response | | | SOCKS 4 -- Server Response | | | ProxEasy -- HTTP Activity | | | Hopster -- TCP Activity | | | OVH -- HTTPS Activity (ovh.com) | | | OnWorks -- HTTPS Activity | | | Vultr -- HTTPS Activity | | | Your Freedom -- TCP Activity 1 | | | Your Freedom -- TCP Activity 2 | | | Glype -- HTTP Activity 1 | | | Freegate -- HTTPS Activity 2 [Reqs SIDs 5, 7] | | | Glype -- HTTP Activity 2 | | | Guardster -- HTTP Activity | | | Tor -- Client Request 1 | | | Tor -- Client Request 2 | | | Tor -- Server Response | | | Tor -- Client Request 5 | | | HTTP Proxy -- GET Method | | | OVH -- HTTPS Activity (ovhcloud.com) | | | Youngzsoft CCProxy -- Server Response | | | HTTP Proxy -- Request URI (FTP) | | | Ultrasurf -- HTTP Activity 3 [Reqs SIDs 5, 6, HTTP Proxy sigs, DPI-SSL CI] | | | Ultrasurf -- UDP Activity 1 [Reqs SIDs 5, 6, HTTP Proxy sigs, DPI-SSL CI] | | | JonDo Proxy -- TCP Activity | | | httptunnel -- Client Request (Proxy Wrapper) | | | httptunnel -- Client Request (Tunnel Open) | | | HTTP Proxy -- App Message (Keep Alive) | | | Tor -- Client Request 3 | | | Psiphon -- TCP Activity 1 [Reqs SID 5 and DPI-SSL CI] | | | Tor -- Client Request 4 | | | Spotflux -- DNS Query | | | Spotflux -- TCP Activity | | | Spotflux -- UDP Activity | | | HTTP Proxy -- POST Method | | | KProxy -- HTTPS Activity 2 | | | OpenDoor -- HTTPS Activity | | | Bitvise SSH -- Client Request | | | Bitvise SSH -- Server Response | | | Burp Proxy -- HTTPS Activity | | | Tor -- Client Request 6 | | | Psiphon -- TCP Activity 2 [Reqs SID 5 and DPI-SSL CI] | | | Tor -- Client Request 7 | | | Ngrok -- DNS Query | | | Psiphon -- TCP Activity 6 [Reqs SID 5 and DPI-SSL CI] | | | Psiphon -- UDP Activity 1 [Reqs SID 5 and DPI-SSL CI] | | | PD-Proxy -- DNS Query | | | Ultrasurf -- HTTP Activity 1 | | | Browsec -- HTTPS Activity 1 | | | JonDo Proxy -- HTTPS Activity | | | Psiphon -- TCP Activity 5 [Reqs SID 5 and DPI-SSL CI] | | | I2P -- HTTP Activity 1 [Reqs SIDs 5, 7] | | | I2P -- HTTP Activity 2 [Reqs SIDs 5, 7] | | | Ultrasurf -- HTTP Activity 2 [Reqs SIDs 5, 6, HTTP Proxy sigs, DPI-SSL CI] | | | Psiphon -- TCP Activity 4 [Reqs SID 5 and DPI-SSL CI] | | | Psiphon -- TCP Activity 3 [Reqs SID 5 and DPI-SSL CI] | | | Appsverse Photon -- TCP Activity | | | Appsverse Photon -- HTTP Activity 1 [Reqs DPI-SSL CI] | | | Appsverse Photon -- HTTP Activity 2 | | | Appsverse Photon -- HTTP Activity 3 | | | Psiphon -- UDP Activity 2 [Reqs SID 5 and DPI-SSL CI] | | | FreeMyBrowser -- HTTPS Activity | | | HTTP Proxy -- Authorization | | | Ultrahook -- HTTP Activity | | | Psiphon -- TCP Activity 7 [Reqs SID 5 and DPI-SSL CI] | | | Browsec -- HTTPS Activity 2 |
|
|
|
