it seems, that someone tries to run local Youngzsoft CCProxy to share his connection via central MWG.
Can I detect requests comming from such slave server to MWG proxy ?
I guess there can be some rule to analyse http header. Did someone such detection rule ?
Thanks for help.
I downloaded the CCProxy and did a bunch of packet captures on traffic coming through CCProxy. It does not add any custom HTTP header or other traces that could be used to validate whether the traffic comes from the machine itself of from the proxy service. Therefore you can't detect it.
I think that makes sense. The good thing is that the CCProxy does not seem to be a tool like "Tor" to avoid filtering and bypass the security policy.
On a similar subject, how would you go to log the list of all downloaded files on a daily basis and maybe, generate a mail report/list? I used that before on another system to check .exe file transfert to stations to see if anything special was appening...