Protect RCs with your own proxy server!

TSonicWarp9 · #1 08-13-2004, 08:16 AM

If you want to protect your staff RCs, then create a proxy server on your High speed cable or faster connection.

Make sure you need a username and password to use the Proxy, or else anyone would be able to use them.

Once you have a proxy address working, have your staff insert the information in their browser properties. (Such as MSIE5&6). Then set the IP range for your proxy for each member. This makes it so any outside intruder cannot connect due to an incorrect IP address.

Scott · #2 08-13-2004, 09:09 AM

What's wrong with the standard method of IP Ranges?

ThinkDifferent · #3 08-13-2004, 09:26 AM

Yeah, saying /openrights <acc> and inserting an IP is much easier :P

matt8891 · #4 08-13-2004, 03:53 PM

Maybe a proxy is more "secure"....In SOME way....Ive also heard of people changing their IP adresses. But im not sure if it actually works.

XiLe · #5 08-13-2004, 04:32 PM

The idea of the proxy server is pretty nice. Unfortunately, Graal "leeb hax0rs" steal passwords. They could just as easily steal the proxy password, and then they have all the staff on your server's RCs in their grasp. It would be better to stick with standard IP ranges, in my opinion. And yes, LordVyse, you can 'spoof' an IP range with illegal programs.

Crono · #6 08-13-2004, 05:54 PM

Yeah, Tortoise does that all the time.

Lance · #7 08-13-2004, 08:11 PM

This is by far the stupidest way to bypass RC's security features I have ever read. If you can set their range to your proxy and ask for trouble, you can set their IP range on RC and be more safe.

TSonicWarp9 · #8 08-18-2004, 04:58 AM

Perhaps none of you fully understand the technology behind the idea of the Proxy server. But if you wish, feel free to use it or not use it, but you can load more then one proxy address at a time and give each individual his or her on proxy IP.

Stealing Proxy passwords is far more complicated then stealing a Graal RC password.
If setup correctly, a proxy password can be encrypted in 256bit. Much higher then Graals encryption.

I run a proxy server and I give my friends individual proxy IP address to access vital information on my web server, and out of thousands of attacks, none of them have yet gotten close to cracking through and mine is only set to 128 encryption.

Spark910 · #9 08-18-2004, 12:38 PM

Quote:

Originally Posted by TSonicWarp9

If setup correctly,

Yeah, but if it's not it would be less secure :X

HoudiniMan · #10 08-19-2004, 02:24 AM

Rather than cracking your password, it's much more likely they'd find the password in a text file on a stupid user's computer and simply have to enter it.

Python523 · #11 08-19-2004, 03:02 AM

Quote:

Originally Posted by TSonicWarp9

Perhaps none of you fully understand the technology behind the idea of the Proxy server. But if you wish, feel free to use it or not use it, but you can load more then one proxy address at a time and give each individual his or her on proxy IP.

Stealing Proxy passwords is far more complicated then stealing a Graal RC password.
If setup correctly, a proxy password can be encrypted in 256bit. Much higher then Graals encryption.

I run a proxy server and I give my friends individual proxy IP address to access vital information on my web server, and out of thousands of attacks, none of them have yet gotten close to cracking through and mine is only set to 128 encryption.

-___________________-
People don't brute force graal passwords, pal. Staff are idiots who get trojans and have their passwords stolen.

Deek2 · #12 08-19-2004, 04:40 AM

Wow, a few brain cells of mine died after reading this. For a second there I thought this was a good idea.

GrowlZ1010 · #13 08-19-2004, 06:11 PM

Proxies are useful for some things, but this misfeature just makes life easier for those who would seek to compromise your server. Which of these two scenarios looks easier to you?

"Hmm! I can break GrowlZ' randomly-generated password, then somehow find a way to spoof a TCP connection as coming from me even if GrowlZ is offline and I can't dupe his computer into communicating with me instead of listserver.graalonline.com!"
or..
"I'll get this idiot's password and proxy password over Windows File Sharing then I'll log into his RC with no IP spoofing whatsoever needed. Yay!"

Every little helps. And proxies do have legitimate uses in some things, without a doubt. But IP ranges are there for a reason and should be used whereever possible.

Curt1zzle · #14 08-20-2004, 08:00 PM

Quote:

Originally Posted by Python523

-___________________-
People don't brute force graal passwords, pal. Staff are idiots who get trojans and have their passwords stolen.

LOLLOLOLOL.

..lol

Crono · #15 08-20-2004, 08:02 PM

Quote:

Originally Posted by Python523

-___________________-
People don't brute force graal passwords, pal. Staff are idiots who get trojans and have their passwords stolen.

Or keylogged