I'm a novice at this. I set up Wingate using defaults, and now I'm getting machines outside of my subnet logging into the guest account and chewing up all my licenses (I have the 6-user license).
How do I stop machines outside my subnet (192.168.0.1 - 255) from accessing the guest account?
The service that is being requested is the SOCKS service - whatever that is.
I've disabled the Guest account, but now no one can access the web via Wingate.
Getting pounded from China on guest account
Moderator: Qbik Staff
7 posts
• Page 1 of 1
Getting pounded from China on guest account
by tjgolla » Jan 28 08 9:35 am
- tjgolla
- Posts: 2
- Joined: Jan 28 08 9:30 am
by tjgolla » Jan 28 08 6:27 pm
I finally reloaded WinGate, configured all the NICs, and it all seems to be working nicely.
I checked the bindings for SOCKS, and several other services, and none were bound to an "external" adapter. I'm not sure how that happened, but I'll be sure and check all that stuff in the future.
Thanks for the help!
I checked the bindings for SOCKS, and several other services, and none were bound to an "external" adapter. I'm not sure how that happened, but I'll be sure and check all that stuff in the future.
Thanks for the help!
- tjgolla
- Posts: 2
- Joined: Jan 28 08 9:30 am
Similar Problem
by aRiyano » Apr 07 08 1:33 pm
Hi, Sorry if it might luk as i'm disturbing this thread.
But i think this is the best place to put this in. I have a similar problem, and i've checked, nothing is binded in the Socks tab. I even stopped the service on Socks.
To try what i also did was unplugged the proxy server and tried using my laptop as the proxy, and the same thing started. Can sum1 help me out ?
Thanks and Regards,
Aj.
But i think this is the best place to put this in. I have a similar problem, and i've checked, nothing is binded in the Socks tab. I even stopped the service on Socks.
To try what i also did was unplugged the proxy server and tried using my laptop as the proxy, and the same thing started. Can sum1 help me out ?
Thanks and Regards,
Aj.
- aRiyano
- Posts: 2
- Joined: Apr 07 08 1:29 pm
Managed to Fix
by aRiyano » Apr 16 08 6:07 am
Hi,
I did manage to stop the flooding, but in a different way.
I enabled basic authentication on the proxy, so now anyone trying to access the proxy is required to have a user and pass. Else they just get kicked off.
Aj.
I did manage to stop the flooding, but in a different way.
I enabled basic authentication on the proxy, so now anyone trying to access the proxy is required to have a user and pass. Else they just get kicked off.
Aj.
- aRiyano
- Posts: 2
- Joined: Apr 07 08 1:29 pm
by adrien » Apr 16 08 10:01 am
It's pretty common for spammers to scan for port 80 open as well as for SOCKS ports. Then they can use the CONNECT command to send spam through the HTTP proxy.
So it's completely unsafe to have an unsecured HTTP proxy (one that doesn't require some sort of access control) on an external interface - it will be pounded by spammers quicker than you would believe.
Securing it can be a matter of
a) using bindings (normally WinGate won't bind to interfaces it deems are external).
b) requiring auth (as you did)
c) restricting ports that can be connected to on the HTTPs tab(which controls the CONNECT command).
d) locking down IPs that can use the proxy
Regards
Adrien
So it's completely unsafe to have an unsecured HTTP proxy (one that doesn't require some sort of access control) on an external interface - it will be pounded by spammers quicker than you would believe.
Securing it can be a matter of
a) using bindings (normally WinGate won't bind to interfaces it deems are external).
b) requiring auth (as you did)
c) restricting ports that can be connected to on the HTTPs tab(which controls the CONNECT command).
d) locking down IPs that can use the proxy
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 6 guests