Proxy Servers

Download Report

Transcript Proxy Servers 

Proxy Servers
Introduction
• 1. Acts as an intermediary between a
private network and the internet – both
client and remote host think they are
communicating directly, when in fact it all
goes through the proxy
• 2. Works as a Disk Cache for faster
retrieval of frequently requested
information
Firewall vs. Proxy Server
• Firewalls work at the Network layer and
can block untrusted traffic
• Proxies work at the Application layer – and
often map internal network addresses to
single IP (NAT). This makes it difficult for
outsiders to access internal IPs
• Can also be application specific: http –
proxy, ftp-proxy, etc
Circuit-level Proxy
• Works between Application and Transport
layer
• Establishes a a virtual circuit between
clients and untrusted hosts
• Lets software work as if it had a direct
internet connection instead of forcing
individual setup of each application
Caching
• Works much like web browser caching, but
for multiple users
• Significantly speeds up information
retrieval (duh!) and takes load off of actual
servers
• Read-ahead caching
• Last-modified multiplier
• Reverse caching
Security Features
• NAT/NPAT
• Packet Sequencing
• Packet Filtering
Modern Proxy
• Usually implemented inside of software
suite as opposed to as a stand-alone
product
Risks
• Initial configuration – remember access
controls
• No access controls leaves the possibility
for portscans.
• Worst case – allows for reverse
connections
• No need to portscan, however, a google
search can find Open Proxies
Proxy Abuse
• Open Proxy
• Simple method (from 2002): telnet to
proxy, enter GET http://www.yahoo.com/
HTTP/1.0 – if page is returned, the proxy
is ripe for abuse
• Anonymity value – how much does the
HTTP header reveal about you?
Examples
• [Wed Aug 21 09:00:46 2002] 80.178.71.x: HEAD
http://www.israela.com/sr/0838ap10_thumb.jpm
ela HTTP/1.0
[Wed Aug 21 09:01:57 2002] 80.178.71.x: HEAD
http://www.israela.com/keyz HTTP/1.0
[Wed Aug 21 09:02:59 2002] 80.178.71.x: HEAD
http://www.israela.com/private/htpass HTTP/1.0
[Attacker trying to find vulnerable CGI scripts on
a porn site]
More Examples
• [Thu Aug 22 10:11:20 2002] 212.0.201.x:
GET http://www.helllabs.com.ua/cgibin/textenv.pl HTTP/1.0
[Someone testing anonymity of the proxy]
• [Thu Aug 22 11:47:07 2002] 195.190.97.x:
CONNECT http://login.icq.com:443/
HTTP/1.0
[Someone trying to hide their IP address
on ICQ. Possible IM spammer]
The End?