A proxy server is a computer that offers a computer network service to
allow clients to make indirect network connections to other network
services. A client connects to the proxy server, then requests a
connection, file, or other resource available on a different server. The proxy
provides the resource either by connecting to the specified server or by
serving it from a cache. In some cases, the proxy may alter the
client's request or the server's response for various purposes.
Web proxies
A common proxy application is a caching Web proxy. This provides a
nearby cache of Web pages and files available on remote Web servers,
allowing local network clients to access them more quickly or reliably.
When it receives a request for a Web resource (specified by a URL), a
caching proxy looks for the resulting URL in its local cache. If found,
it returns the document immediately. Otherwise it fetches it from the
remote server, returns it to the requester and saves a copy in the
cache. The cache usually uses an expiry algorithm to remove documents from
the cache, according to their age, size, and access history. Two simple
cache algorithms are Least Recently Used (LRU) and Least Frequently
Used (LFU). LRU removes the least-recently used documents, and LFU removes
the least-frequently used documents.
Web proxies can also filter the content of Web pages served. Some
censorware applications — which attempt to block offensive Web content — are
implemented as Web proxies. Other web proxies reformat web pages for a
specific purpose or audience; for example, Skweezer reformats web pages
for cell phones and PDAs. Network operators can also deploy proxies to
intercept computer viruses and other hostile content served from remote
Web pages.
A special case of web proxies are "CGI proxies." These are web sites
which allow a user to access a site through them. They generally use PHP
or CGI to implement the proxying functionality. CGI proxies are
frequently used to gain access to web sites blocked by corporate or school
proxies. Since they also hide the user's own IP address from the web sites
they access through the proxy, they are sometimes also used to gain a
degree of anonymity.
Open Proxies, abuse, and detection
An open proxy is a proxy server which will accept client connections
from any IP address and make connections to any Internet resource. Abuse
of open proxies is currently implicated in a significant portion of
e-mail spam delivery. Spammers frequently install open proxies on
unwitting end users' Microsoft Windows computers by means of computer viruses
designed for this purpose. Internet Relay Chat (IRC) abusers also
frequently use open proxies to cloak their identities.
Because proxies could be implicated in abuse, system administrators
have developed a number of ways to refuse service to open proxies. IRC
networks such as the Blitzed network automatically test client systems for
known types of open proxy. Likewise, an email server may be configured
to automatically test e-mail senders for open proxies, using software
such as Michael Tokarev's proxycheck.
Groups of IRC and electronic mail operators run DNSBLs publishing lists
of the IP addresses of known open proxies, such as Blitzed OPM and CBL.
The ethics of automatically testing clients for open proxies are
controversial. Some experts, such as Vernon Schryver, consider such testing
to be equivalent to an attacker portscanning the client host. Others
consider the client to have solicited the scan by connecting to a server
whose terms of service include testing.
Anonymous proxy risks
In using a proxy server (for example, anonymizing HTTP proxy), all data
sent to the service being used (for example, HTTP server in a website)
must pass through the proxy server before being sent to the service,
mostly in unencrypted form. It is therefore possible, and has been
demonstrated, for a malicious proxy server to record everything sent to the
proxy: including unencrypted logins and passwords.
By chaining proxies which do not reveal data about the original
requestor, it is possible to obfuscate activities from the eyes of the user's
destination. However, more traces will be left on the intermediate
hops, which could be used or offered up to trace the user's activities. If
the policies and administrators of these other proxies are unknown, the
user may fall victim to a false sense of security just because those
details are out of sight and mind.
The bottom line of this is to be wary when using proxy servers, and
only use proxy servers of known integrity (e.g., the owner is known and
trusted, has a clear privacy policy, etc.), and never use proxy servers
of unknown integrity. If there is no choice but to use unknown proxy
servers, do not pass any private information (unless it is properly
encrypted) through the proxy.
Internet Anonymity
When communicating with others over the Internet, it is frequently
preferred to not use any sort of identifiable handle (such as a "user name"
or other arbitrary way of identifying who is speaking). The most
popular worldwide example of this is within the Japanese forum 2channel. The
forum prides itself on the total anonymity of those who post to the
channel. The administrators of 2channel see the anonymous posting as a
real benefit to those who post to the forum, because it is the argument,
not the credibility of the author, that is being debated. This is in
stark contrast to other Internet forums, such as Slashdot. In
Slashdot-style forums, the ability to post anonymously is available, but other
users of the forum tend to hold the content of the post in a lower regard
than they would if the same post was sent by a user with a registered
username. The Slashdot forum encourages this tendency by attributing
posts like this to "Anonymous Coward," implying that the poster lacks the
courage to stand by his or her statement.
When sending messages over the Internet, many people enjoy a sense of
anonymity (or at least pseudonymity). Many popular systems, such as
Usenet, e-mail, instant messaging, and web forums, and P2P systems, foster
this perception because there is often no obvious way for a casual user
to connect other users with a "real world" identity.
On a technical level, all computers on the Internet use the Internet
Protocol to speak to each other. Two-way communication at the protocol
level requires that both parties know the IP address of the other. If
communications are logged (for example, by the owner of a web-based
bulletin board) or intercepted, the IP address of otherwise anonymous
recipients may be discovered. Sometimes IP addresses are exposed directly as a
feature of the communication system (often the case on Internet Relay
Chat networks.) Casual users often do not feel that knowledge of their
IP address is enough for other participants to connect their online
activities to their "real world" identities. Depending on their technical,
physical, and legal access, a determined party (such a government
prosecutor, or plaintiff in a lawsuit, or a determined stalker) may be able
to do so, especially if they are assisted by the records of the
Internet Service Provider which has assigned the IP address. Some IP addresses
represent a specific computer. Others, due to proxies and Network
Address Translation may represent any number of computers or users. It is
usually easy to identify which ISP assigned the address, and this may
reveal some identifying information about a person, such as geographic
location or with the use of geo software the affiliation with a certain
organization.
To achieve strong anonymity, intermediate services may be employed to
thwart attempts at identification, even by governments. These attempt to
use cryptography, passage through multiple legal jurisdictions, and
various methods to thwart traffic analysis to achieve this. Examples
include anonymous remailers, Anonymous P2P systems, and services of the
Anonymizer company, among others. There are a wide variety of software
packages available that allow you to hide/conceal your IP address by using
proxy servers. These packages include: Anonymizer, Anonymous Surfing,
Proxify, NetConceal, Privacy Pro, Ghost Surf, Hide IP, Stealth Surf, and
A proxy server is a computer that offers a computer network service to
allow clients to make indirect network connections to other network
services. A client connects to the proxy server, then requests a
connection, file, or other resource available on a different server. The proxy
provides the resource either by connecting to the specified server or by
serving it from a cache. In some cases, the proxy may alter the
client's request or the server's response for various purposes.
Web proxies
A common proxy application is a caching Web proxy. This provides a
nearby cache of Web pages and files available on remote Web servers,
allowing local network clients to access them more quickly or reliably.
When it receives a request for a Web resource (specified by a URL), a
caching proxy looks for the resulting URL in its local cache. If found,
it returns the document immediately. Otherwise it fetches it from the
remote server, returns it to the requester and saves a copy in the
cache. The cache usually uses an expiry algorithm to remove documents from
the cache, according to their age, size, and access history. Two simple
cache algorithms are Least Recently Used (LRU) and Least Frequently
Used (LFU). LRU removes the least-recently used documents, and LFU removes
the least-frequently used documents.
Web proxies can also filter the content of Web pages served. Some
censorware applications — which attempt to block offensive Web content — are
implemented as Web proxies. Other web proxies reformat web pages for a
specific purpose or audience; for example, Skweezer reformats web pages
for cell phones and PDAs. Network operators can also deploy proxies to
intercept computer viruses and other hostile content served from remote
Web pages.
A special case of web proxies are "CGI proxies." These are web sites
which allow a user to access a site through them. They generally use PHP
or CGI to implement the proxying functionality. CGI proxies are
frequently used to gain access to web sites blocked by corporate or school
proxies. Since they also hide the user's own IP address from the web sites
they access through the proxy, they are sometimes also used to gain a
degree of anonymity.
Open Proxies, abuse, and detection
An open proxy is a proxy server which will accept client connections
from any IP address and make connections to any Internet resource. Abuse
of open proxies is currently implicated in a significant portion of
e-mail spam delivery. Spammers frequently install open proxies on
unwitting end users' Microsoft Windows computers by means of computer viruses
designed for this purpose. Internet Relay Chat (IRC) abusers also
frequently use open proxies to cloak their identities.
Because proxies could be implicated in abuse, system administrators
have developed a number of ways to refuse service to open proxies. IRC
networks such as the Blitzed network automatically test client systems for
known types of open proxy. Likewise, an email server may be configured
to automatically test e-mail senders for open proxies, using software
such as Michael Tokarev's proxycheck.
Groups of IRC and electronic mail operators run DNSBLs publishing lists
of the IP addresses of known open proxies, such as Blitzed OPM and CBL.
The ethics of automatically testing clients for open proxies are
controversial. Some experts, such as Vernon Schryver, consider such testing
to be equivalent to an attacker portscanning the client host. Others
consider the client to have solicited the scan by connecting to a server
whose terms of service include testing.
Anonymous proxy risks
In using a proxy server (for example, anonymizing HTTP proxy), all data
sent to the service being used (for example, HTTP server in a website)
must pass through the proxy server before being sent to the service,
mostly in unencrypted form. It is therefore possible, and has been
demonstrated, for a malicious proxy server to record everything sent to the
proxy: including unencrypted logins and passwords.
By chaining proxies which do not reveal data about the original
requestor, it is possible to obfuscate activities from the eyes of the user's
destination. However, more traces will be left on the intermediate
hops, which could be used or offered up to trace the user's activities. If
the policies and administrators of these other proxies are unknown, the
user may fall victim to a false sense of security just because those
details are out of sight and mind.
The bottom line of this is to be wary when using proxy servers, and
only use proxy servers of known integrity (e.g., the owner is known and
trusted, has a clear privacy policy, etc.), and never use proxy servers
of unknown integrity. If there is no choice but to use unknown proxy
servers, do not pass any private information (unless it is properly
encrypted) through the proxy.
Internet Anonymity
When communicating with others over the Internet, it is frequently
preferred to not use any sort of identifiable handle (such as a "user name"
or other arbitrary way of identifying who is speaking). The most
popular worldwide example of this is within the Japanese forum 2channel. The
forum prides itself on the total anonymity of those who post to the
channel. The administrators of 2channel see the anonymous posting as a
real benefit to those who post to the forum, because it is the argument,
not the credibility of the author, that is being debated. This is in
stark contrast to other Internet forums, such as Slashdot. In
Slashdot-style forums, the ability to post anonymously is available, but other
users of the forum tend to hold the content of the post in a lower regard
than they would if the same post was sent by a user with a registered
username. The Slashdot forum encourages this tendency by attributing
posts like this to "Anonymous Coward," implying that the poster lacks the
courage to stand by his or her statement.
When sending messages over the Internet, many people enjoy a sense of
anonymity (or at least pseudonymity). Many popular systems, such as
Usenet, e-mail, instant messaging, and web forums, and P2P systems, foster
this perception because there is often no obvious way for a casual user
to connect other users with a "real world" identity.
On a technical level, all computers on the Internet use the Internet
Protocol to speak to each other. Two-way communication at the protocol
level requires that both parties know the IP address of the other. If
communications are logged (for example, by the owner of a web-based
bulletin board) or intercepted, the IP address of otherwise anonymous
recipients may be discovered. Sometimes IP addresses are exposed directly as a
feature of the communication system (often the case on Internet Relay
Chat networks.) Casual users often do not feel that knowledge of their
IP address is enough for other participants to connect their online
activities to their "real world" identities. Depending on their technical,
physical, and legal access, a determined party (such a government
prosecutor, or plaintiff in a lawsuit, or a determined stalker) may be able
to do so, especially if they are assisted by the records of the
Internet Service Provider which has assigned the IP address. Some IP addresses
represent a specific computer. Others, due to proxies and Network
Address Translation may represent any number of computers or users. It is
usually easy to identify which ISP assigned the address, and this may
reveal some identifying information about a person, such as geographic
location or with the use of geo software the affiliation with a certain
organization.
To achieve strong anonymity, intermediate services may be employed to
thwart attempts at identification, even by governments. These attempt to
use cryptography, passage through multiple legal jurisdictions, and
various methods to thwart traffic analysis to achieve this. Examples
include anonymous remailers, Anonymous P2P systems, and services of the
Anonymizer company, among others. There are a wide variety of software
packages available that allow you to hide/conceal your IP address by using
proxy servers. These packages include: Anonymizer, Anonymous Surfing,
Proxify, NetConceal, Privacy Pro, Ghost Surf, Hide IP, Stealth Surf, and
many more.many more.
Sunday, February 25, 2007
All about Proxy Servers
Subscribe to:
Posts (Atom)