Fast Flux Detection with a new Feature

Dear @pmueller ,

thanks for the feature-information: blog.ipfire.org - Feature Spotlight: Weaponising IPFire Location to proactively detect Fast Flux setups

As you described, the best way to use the new “Weapon” against Fast Flux Networks is to use it with the integrated web proxy.
But the web proxy only works for TCP 80.

How to avoid Fast Flux Access using other ports and protocols?
For example https 443 TCP too.

Thanks and regards,

Jan

1 Like

This is not correct. If the browsers on the clients are configured to use the proxy for https (manual configured or wpad/proxy.pac) it works also of TCP 443.

2 Likes

Hi,

am I blind or are there no such checkboxes as depicted in the blog post? Shouldn’t they be located at the web proxy configuration page? Or where else? Running core update 160 here.

Cheers

Gremlin

OK. But because the transparent usage of the web-proxy isn’t possible, it only works for tcp 80 and, if configured via wpad/proxy.pac, for tcp 443. But not for any other connection from internal to external, right?

The blog post indicates it is being added into Core Update 161.

2 Likes

Hi all,

first, thanks for your comments. :slight_smile:

As @arne_f already pointed out, the web proxy works for other destination ports than 80 as well, if clients use it explicitly. Technically, it works for any destination port, if the configuration of permitted destination ports allows it.

In short: The tricky part is to get the proxy configuration to the clients, and make them use it. As soon as this works, the web proxy itself is not a limit.

Oh, perhaps I should have been more clear here. In the very last paragraph, the announcement says:

Both this and the Fast Flux detection will be part of the upcoming Core Update 161.

As soon as there is a testing version of Core Update 161 available (personal ETA: next 10 days), you will see these two checkboxes. Please stay patient a little longer. :slight_smile:

Thanks, and best regards,
Peter Müller

3 Likes