fre 2007-02-23 klockan 20:33 +0000 skrev Paul:
> What's the difference between normal and transparent intercepting proxy?
Normal is having proxy settings in the browser.
Intercepting proxy is redirecting the port-80 traffic to the proxy by
firewall rules..
> Any idea how I might gain any more clues either from logs or if it
> happens again - could I get anywhere using tcpdump?
To diagnose while it's happening netstat, tcpdump, ps, top etc is all
good tools in identifying what is going on.
To diagnose after you have made changes somehow stopping the abuse then
checking all logs in detail is the only available, or maybe tcpdump
looking for users still trying to access the service and from that
derive how they gained access in the first place..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST