; SonicWALL Security Center
SonicWALL Comprehensive Internet Security
Home
SonicALERT
Search
Search TipsSitemap

Support

Go to All Categories list.
Go to All Applications list.

Category: PROXY-ACCESS

Proxy-Access Category Description

This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent unauthorized access to proxy servers. Proxy servers help provide users inside a network with freedom of access to outside network services, often by circumventing a firewall. The traffic detected by these signatures is not a threat in and of itself, but it can represent a violation of network policy and possibly open the network to future attacks.

These signatures detect several different types of proxy server traffic ranging from higher security to lower security including outbound access to SOCKS servers, various programs that provide tunneling services, and generic attempts to access HTTP proxies outside the network. SOCKS connections require some form of authentication, and represent comparatively less risk than other proxy connections. Tunneling services, on the other hand, can open holes in the firewall that recieve less scrutiny than other traffic moving into the network. Other HTTP attempts can signal that the user is using services like Instant Messengers or Peer-to-Peer filesharing clients in violation of company policy. Some types of proxies can provide remote administrative access for users outside the network to workstations inside the network and evade a perimeter firewall.

SonicWALL signatures in this category are considered low-priority and are set by default to detect this type of network traffic. These signatures can be enabled if proxy access is in violation of network policy.

  Encrypted Key Exchange -- Random Encryption (Skype,UltraSurf,Emule)
  Non-SSL traffic over SSL port -- Traffic Anomaly Detection
  Encrypted Key Exchange UDP Random Encryption(UltraSurf)
  Hotspot Shield -- UDP Traffic 1 [Reqs 5 and 7]
  Freegate -- Traffic 1 [Reqs SIDs 5 & 7]
  JAP -- Client Activity 1
  JAP -- Client Activity 2
  HTTP-Tunnel -- Connection Setup
  NinjaCloak -- HTTP Activity
  NinjaCloak -- SSL Traffic
  FastViewer -- Client/Server Initialization
  Sensepost ReDuh -- HTTP Activity
  Tor -- Client Activity 3
  Anon.me -- Browsing Activity 1
  Anon.me -- Browsing Activity 2
  CantBustMe -- Browsing Activity 1
  CantBustMe -- Browsing Activity 2
  HideMyAss -- Browsing Activity 1
  HideMyAss -- Browsing Activity 2
  WPAD -- Get Data Request
  Invisible Surfing -- Browsing Activity 1
  Invisible Surfing -- Browsing Activity 2
  ProxyStart -- Browsing Activity 1
  ProxyStart -- Browsing Activity 2
  SiteSurf -- Browsing Activity 1
  SiteSurf -- Browsing Activity 2
  Unblocked.org -- Browsing Activity 1
  Unblocked.org -- Browsing Activity 2
  Avoidr -- Browsing Activity 1
  Avoidr -- Browsing Activity 2
  KProxy -- Browsing Activity 1
  KProxy -- Browsing Activity 2
  KProxy -- SSL Traffic 1
  Megaproxy -- SSL Traffic
  Surrogafier -- HTTP Activity
  Vtunnel -- Browsing Activity 1
  Vtunnel -- Browsing Activity 2
  SOCKS 5 -- Outbound Proxy Access
  SOCKS 4 -- Outbound Access Granted
  Hotspot Shield -- UDP Traffic 3 [Reqs 5 and 7]
  Hotspot Shield -- SSL Traffic 1 [Reqs 5 and 7]
  Hopster -- Client Connection
  Your Freedom -- Client Activity 1
  Your Freedom -- Client Activity 2
  Your Freedom -- Client Activity 3
  Your Freedom -- Client Activity 4
  Zelune Proxy -- HTTP Activity
  Glype -- Traffic
  CGIProxy -- Inbound Traffic
  CoralCDN -- Browsing Activity 1
  CoralCDN -- Browsing Activity 2
  SurfingToday Proxy -- Browsing Activity 1
  SurfingToday Proxy -- Browsing Activity 2
  NTR Connect -- Host Activity
  Google Web Accelerator -- Client Activity
  Hotspot Shield -- HTTP Activity 2 [Reqs 5 and 7]
  Hotspot Shield -- SSL Traffic 2 [Reqs 5 and 7]
  SonicWall Unblock Proxy -- Browsing Activity 1
  Freegate -- Traffic 2 [Reqs SIDs 5 & 7]
  SonicWall Unblock Proxy -- Browsing Activity 2
  Hotspot Shield -- UDP Traffic 2 [Reqs 5 and 7]
  StupidCensorship -- Browsing Activity 1
  StupidCensorship -- Browsing Activity 2
  Glype -- Traffic 2
  NewFastWorkingProxies -- Browsing Activity
  HTTP Proxy -- HTTPS Proxy
  Vtunnel -- Browsing Activity 3
  Hotspot Shield -- HTTP Activity 1 [Reqs 5 and 7]
  Steganos -- SSL Traffic 1
  Steganos -- Client Activity
  Guardster -- Browsing Activity
  DameWare Mini Remote Control -- TCP Activity
  Tor -- Client Activity 1
  Tor -- Client Activity 2
  Tor -- Inbound Activity
  Toonel.net -- Client Activity
  Tor -- Client Activity 5
  HTTP Proxy -- HTTP Proxy GET
  00unblock -- Browsing Activity 1
  Hotspot Shield -- Client Activity 1 [Reqs 5 and 7]
  Hotspot Shield -- Client Activity 2 [Reqs 5 and 7]
  Youngzsoft CCProxy -- Server Activity
  Ultrasurf -- Proxy Access 01 [Reqs SID 5]
  Ultrasurf -- Proxy Access 02 [Reqs SID 5]
  Bypass -- HTTP bypass.cc
  Bypassthat -- Client Activity
  MouseMatrix.com -- SSL Traffic
  Peacefire -- HTTPS Circumventor Proxy 1
  Peacefire -- HTTP Circumventor Proxy
  Ultrasurf -- Proxy Access 03 [Reqs SID 5]
  Ultrasurf -- Proxy Access 05 [Reqs SID 5]
  Ultrasurf -- Proxy Access 04 [Reqs SID 5]
  Ultrasurf -- Proxy Access 10 [Reqs SIDs 5 & 6]
  JonDo Proxy -- SSL Connection
  httptunnel -- HTTP Proxy Wrapper
  httptunnel -- Tunnel Open
  httptunnel -- Tunnel Open 2
  Hopster -- Client Connection 2
  HTTP-Tunnel -- Connection Keep Alive
  HTTP-Tunnel -- Connection Keep Alive 2
  HTTP-Tunnel -- Connection Data
  HTTP Proxy -- Proxy Request
  Tor -- Client Activity 3
  Tor -- Client Activity 3
  Xunyou -- Login Activity 1
  Xunyou -- Login Activity 2
  Xunyou -- Login Activity 3
  Ultrasurf -- Proxy Access 06 [Reqs SID 5 and DPI-SSL CI]
  Psiphon -- Client Activity 1
  ExpatShield -- HTTP anchorfree.com
  ExpatShield -- DNS anchorfree.com
  ExpatShield -- UDP Activity 1
  ExpatShield -- TCP Activity 1
  Tor -- Client Activity 4
  Spotflux -- DNS Query
  Spotflux -- HTTP Activity 1
  Spotflux -- TCP Activity
  Spotflux -- UDP Activity
  Scotty Transporter -- Proxy Activity 1
  GAppProxy -- HTTP Activity 1
  GAppProxy -- HTTP Activity 2
  GAppProxy -- HTTP Activity 3
  Private Internet Access VPN -- UDP Activity 1
  Private Internet Access VPN -- HTTP Activity 1
  Private Internet Access VPN -- TCP Activity 1
  HTTP Proxy -- HTTP Proxy POST
  Ivacy VPN -- SSL Activity
  Tor -- Client Activity 4
  KProxy -- SSL Traffic 2
  KProxy -- SSL Traffic 3
  OpenDoor -- HTTPS Proxy Activity 1
  OpenDoor -- HTTPS Proxy Activity 2
  OpenDoor -- HTTPS Proxy Activity 3
  OpenDoor -- HTTPS Proxy Activity 4
  OpenDoor -- HTTPS Proxy Activity 5
  Ultrasurf -- Proxy Access 11 [Reqs SIDs 5 & 6]
  Bitvise SSH (Tunnelier) -- SSH Client
  Bitvise SSH (Tunnelier) -- SSH Server
  aquaproxy.net -- Browsing Activity 1
  aquaproxy.net -- Browsing Activity 2
  Burp Proxy -- HTTPS Default SSL Certificate
  ZenMate SSLVPN Proxy -- HTTPS Activity 1
  Ultrasurf -- Proxy Access 07 [Reqs SID 5]
  Google Chrome Data Compression Proxy -- HTTPS Activity 1
  Google Chrome Data Compression Proxy -- HTTPS Activity 2
  GetPrivate VPN -- DNS Query
  GetPrivate VPN -- HTTP activity
  Tor -- Client Activity 5
  Tor -- Client Activity 6
  Hotspot Shield -- DNS Query 1 [Reqs 5 and 7]
  Hotspot Shield -- DNS Query 2 [Reqs 5 and 7]
  Hotspot Shield -- DNS Query 3 [Reqs 5 and 7]
  Psiphon -- Client Activity 2
  Ultrasurf -- Proxy Access 08 [Reqs SID 5]
  Ultrasurf -- Proxy Access 09 [Reqs SID 5]
  VPN Express -- DNS Query
  VPN Express -- HTTP Activity
  ExpressVPV -- DNS Query
  TunnelBear VPN -- DNS Query
  TunnelBear VPN -- HTTPS Activity 1
  Tor -- Client Activity 7
  Tor -- Client Activity 7
  TunnelBear VPN -- HTTPS Activity 2
  TunnelBear VPN -- UDP Traffic
  Ngrok -- DNS Query
  Ngrok -- HTTPS Activity


Relevant Information
IPS Alert Level
Low
Medium
High


Home | Products | Applications | Markets | Support | How to Buy | Channel Partners | Company

Comprehensive Internet Security ® 2003 SonicWALL, Inc. | Privacy Statement