April 20th, 2003, 09:16 AM
Scan for proxy server
Does anyone know a good program that we could use to scan for internal open proxy server?
Are there many different proxy server types?
Is it differentiated by the port number?
Can anyone tell me more about how proxy functions....?
April 20th, 2003, 09:53 AM
Why? There are VERY few legitimate reasons for you to be probing for open proxy servers, and a slew of illegitimate ones.
More details about why you want to do this, please.
April 20th, 2003, 10:15 AM
I am doing it with the best interest!
My friend who is one of the people in the university research department was given a proxy server, thus, he could connect to the wep with free internet access.
However, there seems to be too much traffic going around.
Thus, he suspects that some of his friends who know that proxy server are the ones behind. But, he cant tell the admin that he was the one who let them find out, thus, he tells the department that he's the one using all those traffic.
However, none of his friends said that they used it.
Thus, here, I am curious, if someone else could have used a program to scan the proxy and use it instead?
He has tried changing it many times, but still, it didn't help!
April 20th, 2003, 10:37 AM
Oh, I get it. You're on the other end of the stick- Yes there are brute-force proxy scanners that go IP by IP, and port-by-port looking for open proxies, and given that your friends proxy is on a university network,(a well defined netblock with fat bandwidth) I'd say it's very likely that it's been discovered, with the likelihood increasing over time.
Scanning for open proxies is a very common activity, as they are desirable for script-kiddies and spammers: they allow you to launch attacks/probe other hosts with varying amounts of anonymity. University bandwidth is highly sought after as well, because .edus usually have large pipes.
Can you look at the log files for the proxy server?
Depending on what proxy software you're using, you should be able to write rules allowing traffic from only certain IPs or other criteria- the proxy server built into apache allows you to do this.
Shut it down or close it up.
April 20th, 2003, 12:58 PM
Thanks Hero Zzyzzx for your crucial info.