- Open proxy
-
For Wikipedia's policy on editing from open proxies, please see Wikipedia:Open proxies.
An open proxy forwarding requests from and to anywhere on the Internet.
An open proxy is a proxy server that is accessible by any Internet user. Generally, a proxy server allows users within a network group to store and forward Internet services such as DNS or web pages to reduce and control the bandwidth used by the group. With an open proxy, however, any user on the Internet is able to use this forwarding service.
Contents
Advantages
An anonymous open proxy allows users to conceal their IP address and thereby help preserve their anonymity and maintain their security) while browsing the Web or using other Internet services.
Disadvantages
It is possible for a computer to run as an open proxy server without the computer's owner knowing it. This can result from misconfiguration of proxy software running on the computer, or from infection with malware (viruses, trojans or worms) designed for this purpose.[1] If it is caused by malware, the infected computer is known as a zombie computer.
Running an open proxy is a high risk for the server operator; providing an anonymous proxy server can cause real legal troubles to the owner.[citation needed] Such services are frequently used to break into foreign computer systems, child pornography is usually consumed through proxies, and illegal content is likely to be spread through such proxies. Also, such a proxy can cause a high bandwidth usage resulting in higher latency to the subnetwork and violation of bandwidth limits. A badly configured open proxy can also allow access to a private subnetwork or DMZ: this is a high security concern for any company or home network because computers that usually are out of risk or firewalled can be directly attacked.
Many open proxies run very slowly, sometimes below 14.4 kbit/s, or even below 300 bit/s, while other times the speed may change from fast to slow every minute. Some, such as PlanetLab proxies, run faster and were intentionally set up for public use.[citation needed]
Because open proxies are often implicated in abuse, a number of methods have been developed to detect them and to refuse service to them. IRC networks with strict usage policies automatically test client systems for known types of open proxies.[2] Likewise, a mail server may be configured to automatically test mail senders for open proxies, using software such as
proxycheck.[3] Increasingly, mail servers are configured out of the box to consult various DNSBL servers in order to block spam; some of those DNSBLs also list open proxies[citation needed].Legalities
As certain governments are particular about the kinds of sites its citizens visit (Example: Great Firewall of China), they often employ trackers who scan IPs tapping into proxy sources, and any that show up in the scan are flagged for a live reviewer to see what the proxy user sees, so depending on what sites they visit, they could get visited by their local law enforcement agency for investigation.
Testing for access from an open proxy
Because proxies might be used to abuse, administrators have developed a number of ways to refuse service to open proxies. Many IRC networks automatically test client systems for known types of open proxy. Likewise, an e-mail server may be configured to automatically test e-mail senders for open proxies. As they are typically difficult to track, open proxies are especially useful to those seeking online anonymity, from political dissidents, to computer criminals, to people who simply require privacy because it is within their rights to do so. Some users are merely interested in anonymity for added security, hiding their identities from potentially malicious websites for instance, or on principle, to facilitate freedom of speech.
Groups of IRC and electronic mail operators run DNSBLs publishing lists of the IP addresses of known open proxies, such as AHBL, CBL, NJABL, and SORBS.
The ethics of automatically testing clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be "very bad form".[4] Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.
For securing private information during the domain registration process proxy services together with privacy services are often used. In the gTLD their use accounts for 18% +/- 2% of all domain name registrations. [5]
See also
- Ban (law)
- Open mail relay, a server that allows anyone to forward email messages, often used for spamming
References
- ^ "Accidental spamming, zombies and spoofing". Australian Communications and Media Authority. http://www.acma.gov.au/WEB/STANDARD/1001/pc=PC_310319. Retrieved 2008-08-03.
- ^ Blitzed Open Proxy Monitor
- ^ proxycheck: Open Proxy checker
- ^ "localhost listed by njabl ?? - news.admin.net-abuse.email | Google Groups". Groups.google.com. 2003-12-12. http://groups.google.com/group/news.admin.net-abuse.email/browse_thread/thread/b43fa34d54f5cab9/51f63b84e7e2a4fb?#51f63b84e7e2a4fb. Retrieved 2011-02-03. "two reasons why testing other people's systems for security holes is considered very bad form [...] It is impossible to know the motives of a tester. [...] Second, it offends people's territorial urges."
- ^ http://www.icann.org/en/compliance/reports/privacy-proxy-registration-services-study-14sep10-en.pdf
External links
- Open proxies at the Open Directory Project
- Reporters Without Borders: Technical ways to get around censorship, RSF.org, RSF.org, RSF.org, RFS.org
- Reporters Without Borders: Handbook for bloggers and cyber-dissidents - Synopsis, Civiblog.org (online)
- List of possible weaknesses in systems to circumvent Internet censorship by Bennett Haselton, 2002
Categories:- Computer network security
Wikimedia Foundation. 2010.
