Recents in Beach

The Problems with Open Web Proxies

There's nothing actually wrong with open web proxies at least if they are intentional. I did some work some time ago in a large University, we were doing some pen tests and security checks on their network.

What we discovered was quite surprising, although the core network infrastructure was well configured and secured there was a huge problem with open web proxies on the network. These were causing all sorts of problems with bandwidth on the core network and generating large bills for bandwidth usage.

Most of the culprits were discovered with a simple port scan of the Universities Ip address ranges - we were looking out for these TCP ports 1080 (SOCKS), 3128, 8000, and 8080 in particular.

Let's just say that we found many, many of these open proxies running on PCs and servers.

So how did these Open Web Proxies get there?

There really are a variety of reasons that you may find unauthorized open proxies on a network. Many will have been installed and opened via a virus or trojan, installed accidentally or deliberately on a server of workstation. It's likely that many proxies were installed deliberately by students to bounce their connections off and either cover their downloading tracks(from P2P and similar sites) or simply switch the bandwidth charges from their own account to the Universities - this is always something to look out for when there are large numbers of highly technical computer users.

The Origin of the Free Anonymous Proxies

Machines and set ups like these form a huge number of the so called 'free anonymous proxies' you'll find on the internet. Of course they are not really free someone has to pay for them and in this case it was an educational establishment.

These proxies often cause huge problems to the networks they have been installed on and utilising them is simply stealing bandwidth from an organisation. Ok it's unlikely you'll be prosecuted although it is actually defined as a criminal offence in many places particularly the US.

It is just one reason to make sure that you know the origin of the free anonymous proxy that you are using, don't just pick one from a list. These Open Web proxies cost money to run and you should always try to ensure that you are not piggybacking an infected host( which will likely steal your data and attempt to spread via your PC)

There is a slight irony here that those people using these free open anonymous proxies have possibly the most insecure connections on the internet and also their machines may become the next wave of free anonymous proxies, for which their own bandwidth and costs will suffer.

Be careful, safe and responsible on the internet.

Post a Comment