cancel
Showing results for 
Search instead for 
Did you mean: 
lubomir_cerny
Level 12

How to detect Youngzsoft CCProxy ?

Hi folks,

it seems, that someone tries to run local Youngzsoft CCProxy to share his connection via central MWG.

Can I detect requests comming from such slave server to MWG proxy ?

I guess there can be some rule to analyse http header. Did someone such detection rule ?

Thanks for help.

L.C.

0 Kudos
4 Replies
asabban
Level 17

Re: How to detect Youngzsoft CCProxy ?

Hello,

I downloaded the CCProxy and did a bunch of packet captures on traffic coming through CCProxy. It does not add any custom HTTP header or other traces that could be used to validate whether the traffic comes from the machine itself of from the proxy service. Therefore you can't detect it.

best,

Andre

0 Kudos
lubomir_cerny
Level 12

Re: How to detect Youngzsoft CCProxy ?

Thank you for tests Andre.

I will try to locate this source by MS SCCM and running processes :-(

Have a nice day.

0 Kudos
asabban
Level 17

Re: How to detect Youngzsoft CCProxy ?

Hello,

I think that makes sense. The good thing is that the CCProxy does not seem to be a tool like "Tor" to avoid filtering and bypass the security policy.

Best,

Andre

0 Kudos
DBO
Level 9

Re: How to detect Youngzsoft CCProxy ?

On a similar subject, how would you go to log the list of all downloaded files on a daily basis and maybe, generate a mail report/list?   I used that before on another system  to check .exe file transfert to stations to see if anything special was appening...

0 Kudos