Sunday

Is it Hard to Find an Open Proxy ?

If you've ever tried looking for open proxies on the internet, you may be amazed at how many are out there. It doesn't take long to find anonymous proxies on the internet, but I'm afraid they will usually be rather disappointing.

How many Proxies are around?


There are actually hundreds of new proxies appearing every hour. They exist for a variety of reasons, mistakes, misconfiguration and deliberate proxies both benign and those set up for identity theft and to transfer viruses.

You may have seen the many lists of open proxies available on the internet - one of the oldest is at http://www.samair.ru/proxy/ that has a huge list of proxies which are updated every day. You'll see from the numbers that there is no shortage of both proxies and potential users. Unfortunately when anything in demand appears for free on the internet, the inevitable usually happens, the free proxies get overloaded and are virtually unusable a few hours after appearing on one of these lists.

There are lots of definitions of the different types of proxies - people trying for real anonymous surfing will usually be attracted to the secure or elite proxies. I would first like to clarify this - it is highly unlikely you'll ever find a secure free proxy and I'll tell you why?

Definition of Secure Anonymous Proxies


Well it will usually be something like ensuring the proxy server doesn't forward the HTTP_X_FORWARDED_FOR header when sending and receiving data. This means that the proxy won't forward your IP address when it relays information. With this header enabled the web server will receive both yours and the proxies IP address.

This of course offers some security but lets think about this situation. These servers are found on the internet generally by scanning for open ports. All you have to do is scan address ranges for services on the following ports 23, 1080, 80, 8080 and look for open proxies such as socks 4 and 5 or wingate proxies. These could be anywhere on client PCs to fully fledged servers.
find proxies

If the port is open and the service listening, we've probably found an open proxy. Many of these are in corporate and academic networks. The administrator may have installed a proxy server or some application that installed one itself. If the proxy has not been restricted to listen to only IP addresses on it's own network it will happily function for everyone that can connect.

The point I'm trying to make is that the server is not anonymous or secure in any true sense of the word. It's by it's very existence - insecure, if the server had been configured properly you wouldn't be able to use it!

Many of these servers are infected and exploited by numerous worms that scan address ranges looking for vulnerable servers. Anything on the internet will get scanned by these worms almost hourly.

If you are using a free anonymous proxy, it's because it's not been patched, secured or set up properly, if it has then it's probably been done deliberately in order to try and steal accounts and passwords. The proxy server that you use will have a complete record of everything you do on line, the logs on private, professionally run proxy servers like Identity Cloaker will be deleted almost instantly, do you know what happens to your logs on the anonymous proxy you've picked up for free on the internet ? No of course you will have no idea.

It's of course tempting to save money by using free resources on the internet, I do it myself all the time. But just think carefully before trying to get security for free, it is usually more insecure than doing nothing.

0 comments: