Open proxy
Encyclopedia
An open proxy is a proxy server
that is accessible by any Internet
user. Generally, a proxy server allows users within a network group to store and forward
Internet services such as DNS
or web page
s to reduce and control the bandwidth
used by the group. With an open proxy, however, any user on the Internet is able to use this forwarding service.
and thereby help preserve their anonymity and maintain their security while browsing the Web or using other Internet services.
(viruses
, trojans
or worms
) designed for this purpose. If it is caused by malware
, the infected computer is known as a zombie computer
.
Running an open proxy is a high risk for the server operator; providing an anonymous proxy server can cause real legal troubles to the owner. Such services are frequently used to break into foreign computer systems, child pornography
is usually consumed through proxies, and illegal content is likely to be spread through such proxies. Also, such a proxy can cause a high bandwidth usage resulting in higher latency to the subnetwork and violation of bandwidth limits.
A badly configured open proxy can also allow access to a private subnetwork or DMZ: this is a high security concern for any company or home network because computers that usually are out of risk or firewalled can be directly attacked.
Many open proxies run very slowly, sometimes below 14.4 kbit/s, or even below 300 bit/s, while other times the speed may change from fast to slow every minute. Some, such as PlanetLab
proxies, run faster and were intentionally set up for public use.
Because open proxies are often implicated in abuse, a number of methods have been developed to detect them and to refuse service to them. IRC networks with strict usage policies automatically test client systems for known types of open proxies. Likewise, a mail server may be configured to automatically test mail senders for open proxies, using software such as
servers in order to block spam
; some of those DNSBLs also list open proxies.
.
Groups of IRC and electronic mail operators run DNSBL
s publishing lists of the IP address
es of known open proxies, such as AHBL, CBL
, NJABL, and SORBS
.
The ethics of automatically testing clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be "very bad form". Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.
For securing private information during the domain registration process proxy services together with privacy services are often used. In the gTLD their use accounts for 18% +/- 2% of all domain name registrations.
Proxy server
In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
that is accessible by any Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
user. Generally, a proxy server allows users within a network group to store and forward
Store and forward
Store and forward is a telecommunications technique in which information is sent to an intermediate station where it is kept and sent at a later time to the final destination or to another intermediate station. The intermediate station, or node in a networking context, verifies the integrity of...
Internet services such as DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
or web page
Web page
A web page or webpage is a document or information resource that is suitable for the World Wide Web and can be accessed through a web browser and displayed on a monitor or mobile device. This information is usually in HTML or XHTML format, and may provide navigation to other web pages via hypertext...
s to reduce and control the bandwidth
Bandwidth (computing)
In computer networking and computer science, bandwidth, network bandwidth, data bandwidth, or digital bandwidth is a measure of available or consumed data communication resources expressed in bits/second or multiples of it .Note that in textbooks on wireless communications, modem data transmission,...
used by the group. With an open proxy, however, any user on the Internet is able to use this forwarding service.
Advantages
An anonymous open proxy allows users to conceal their IP addressIP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
and thereby help preserve their anonymity and maintain their security while browsing the Web or using other Internet services.
Disadvantages
It is possible for a computer to run as an open proxy server without the computer's owner knowing it. This can result from misconfiguration of proxy software running on the computer, or from infection with malwareMalware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
(viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, trojans
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
or worms
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
) designed for this purpose. If it is caused by malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, the infected computer is known as a zombie computer
Zombie computer
In computer science, a zombie is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam...
.
Running an open proxy is a high risk for the server operator; providing an anonymous proxy server can cause real legal troubles to the owner. Such services are frequently used to break into foreign computer systems, child pornography
Child pornography
Child pornography refers to images or films and, in some cases, writings depicting sexually explicit activities involving a child...
is usually consumed through proxies, and illegal content is likely to be spread through such proxies. Also, such a proxy can cause a high bandwidth usage resulting in higher latency to the subnetwork and violation of bandwidth limits.
A badly configured open proxy can also allow access to a private subnetwork or DMZ: this is a high security concern for any company or home network because computers that usually are out of risk or firewalled can be directly attacked.
Many open proxies run very slowly, sometimes below 14.4 kbit/s, or even below 300 bit/s, while other times the speed may change from fast to slow every minute. Some, such as PlanetLab
PlanetLab
PlanetLab is a group of computers available as a testbed for computer networking and distributed systems research. It was established in 2002 by Prof. Larry L. Peterson, and as of June 2010 was composed of 1090 nodes at 507 sites worldwide...
proxies, run faster and were intentionally set up for public use.
Because open proxies are often implicated in abuse, a number of methods have been developed to detect them and to refuse service to them. IRC networks with strict usage policies automatically test client systems for known types of open proxies. Likewise, a mail server may be configured to automatically test mail senders for open proxies, using software such as
proxycheck
. Increasingly, mail servers are configured out of the box to consult various DNSBLDNSBL
A DNSBL is a list of IP addresses published through the Internet Domain Name Service either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time...
servers in order to block spam
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
; some of those DNSBLs also list open proxies.
Legalities
As certain governments are particular about the kinds of sites its citizens visit (Example: Great Firewall of China), they often employ trackers who scan IPs tapping into proxy sources, and any that show up in the scan are flagged for a live reviewer to see what the proxy user sees, so depending on what sites they visit, they could get visited by their local law enforcement agency for investigation.Testing for access from an open proxy
Because proxies might be used to abuse, administrators have developed a number of ways to refuse service to open proxies. Many IRC networks automatically test client systems for known types of open proxy. Likewise, an e-mail server may be configured to automatically test e-mail senders for open proxies. As they are typically difficult to track, open proxies are especially useful to those seeking online anonymity, from political dissidents, to computer criminals, to people who simply require privacy because it is within their rights to do so. Some users are merely interested in anonymity for added security, hiding their identities from potentially malicious websites for instance, or on principle, to facilitate freedom of speechFreedom of speech
Freedom of speech is the freedom to speak freely without censorship. The term freedom of expression is sometimes used synonymously, but includes any act of seeking, receiving and imparting information or ideas, regardless of the medium used...
.
Groups of IRC and electronic mail operators run DNSBL
DNSBL
A DNSBL is a list of IP addresses published through the Internet Domain Name Service either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time...
s publishing lists of the IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es of known open proxies, such as AHBL, CBL
Composite Blocking List
In computer networking, the Composite Blocking List is a DNS-based Blackhole List of suspected E-mail spam sending computer infections.The CBL takes its source data from very large spamtraps/mail infrastructures, and only lists IPs exhibiting characteristics such as:* Open proxies of various sorts...
, NJABL, and SORBS
Sorbs
Sorbs are a Western Slavic people of Central Europe living predominantly in Lusatia, a region on the territory of Germany and Poland. In Germany they live in the states of Brandenburg and Saxony. They speak the Sorbian languages - closely related to Polish and Czech - officially recognized and...
.
The ethics of automatically testing clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be "very bad form". Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.
For securing private information during the domain registration process proxy services together with privacy services are often used. In the gTLD their use accounts for 18% +/- 2% of all domain name registrations.
See also
- Ban (law)Ban (law)A ban is, generally, any decree that prohibits something.Bans are formed for the prohibition of activities within a certain political territory. Some see this as a negative act and others see it as maintaining the "status quo"...
- Open mail relayOpen mail relayAn open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users...
, a server that allows anyone to forward email messages, often used for spamming
External links
- Reporters Without Borders: Technical ways to get around censorship, RSF.org, RSF.org, RSF.org, RFS.org
- Reporters Without Borders: Handbook for bloggers and cyber-dissidents - Synopsis, Civiblog.org (online)
- List of possible weaknesses in systems to circumvent Internet censorship by Bennett Haselton, 2002