Thank you all for the suggestions. I will try to read up on iptables and add the necessary rules, as well as try to add norhtghost IPs to the blacklist. On another note, I noticed Tor Browser bypasses squid completely. The only search results I found on how to block it with squid date back to 2011. (Amos has a script for that?) Any idea how to block Tor? I downloaded it and ran it and none of its traffic is detected by Squid. > On Dec 23, 2016, at 4:31 AM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > > My suggestion would be to find the holes in the system. > There are couple good networking tools ie: > Iptstate > Iptraf-ng > netstat-nat > conntrackd-tools > > The above tools have the options to see what parts of the IP is not ports such as: > 53 > 80 > 443 > > Which you can control easily. > You can easily add a DROP or REJECT rule in iptables for all new connections on other then these ports as a starter. > It's very simple to write and I think you should dig a bit on iptables so you would be able to understand how it works better to give you a glimpse into the networking security world. > This amazing site and page: > http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables > > Gives a better understanding to iptables and also on networking. > If you need more guidance let me know. > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Sameh Onaissi > Sent: Friday, December 23, 2016 2:03 AM > To: Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> > Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Bypassed Proxy > > I have been trying to replicate what he is doing. > > I have tried 4 or 5 VPN software and none connects, including Hotspot Shield. My iptables seem to be doing the job in that regard (Eliezer helped me set them up) > > > >> On Dec 22, 2016, at 5:14 PM, Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> wrote: >> >> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote: >> >>> The user has hotspot shield installed on his PC, which I believe is a >>> similar extension to the one you mentioned. >> >>> He is getting by squid with some sort of VPN, I thought squid can be >>> configured against such things? >> >> It sounds as though you need to review your firewall (routing) policies. >> >> Anyone who is allowed to use a VPN can effectively bypass all security >> policies on your network. >> >> >> Antony. >> >> -- >> Schrödinger's rule of data integrity: the condition of any backup is >> unknown until a restore is attempted. >> >> Please reply to the list; >> please *don't* CC me. >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users