When a client makes a request for an Internet resource through a proxy server, the proxy makes a connection to the requested resource on the client's behalf to get the resource and delivers it down to the client. By this process, it is able to hide the internal address of the client to the Internet and the IP address of the proxy only becomes visible on the Internet.
A Proxy Server can be used to enforce security, administrative control, and caching. A normal Web browser must be configured to use the proxy either manually or with a configuration script. A transparent proxy combines a proxy server with NAT so that connections are routed into the proxy without client-side configuration.
Common Reasons for Their Use
•
Caching
•
Remote access
•
Usage tracking
•
Controlled access
•
Approved filtering
What is an
“open” proxy server?
•
There is a configuration process to specify who is authorized to access
the server. It is similar to the
configuration process for any web server
•
When a proxy server is not set up with the appropriate access controls,
anyone can access that machine and “assume its identity”
DANGERS
Exploitation of Open Proxy Servers
A malicious user can effectively hide his own IP address by using an Open Proxy Server for illegal activities like hacking. In such scenario instead of the IP address of the attacker appearing in the log files of the attacked system, the IP address of the Open Proxy Server shall appear. Malicious users routinely chain through several such Open Proxy Servers making it difficult to trace back to the origin of the user.
Though, Open Proxy Servers are not the same as open SMTP relays, they are infact a far more serious problem, since they allow traffic for virtually any network service to be bounced/ tunneled through the host.
An Open Proxy Server can be used by a spammer as a spam conduit to anonymously send out spam, using the resources of the owner of the proxy. The use of Open Proxy Server complicates the tasks of both filtering Spam and tracking spammers.
Consequences of Open Proxy Servers
An Open Proxy Server in an organization can lead to-
- The IP of the organization being blacklisted by various bodies
- The loss of image of the organization, if misused for illegal activities
- Legal ramifications, if misused for illegal activities
- Loss of bandwidth
- It may also serve as a conduit for inbound attacks, completely bypassing a site's firewall architecture.
- It may also result in an increased risk of that host (and its network) getting scanned for other vulnerabilities
When a client system is using an Open Proxy Server to access the Internet, all the traffic flowing through the Open Proxy Server could be intercepted and possibly misused. These could include email messages, passwords or other sensitive information passing through the Open Proxy Server.
