On Mon, 23 Aug 1999, Joshua Chamas wrote:
> Many of the scans that hit my network, especially on the
> weekends, are of the port 8080 variety, sometimes including
> port 3128, which seem to be looking for HTTP Proxy services.
Yes I agree, there is considerable interest in proxies, for anonymnity,
adfiltering, cookie eating, as well as for their caching speed.
>
> Often these scans are coming from China, so I started thinking
> that maybe these were students looking for a relay point
> to surf the web without being blocked, a little freedom of
> information, and that I was doing a disservice by ratting
> them out.
Indeed access to information that is censored/blocked is indeed a noble
cause, however there are many public proxies availlable, either
specifically implimented for this prurpose, or accidentally configured do
a default 'allow all' state. There are a few lists on the net of proxies
that state their ip, port and status; ie public, or availlable (accessable
because the admin hasn't detected their unauthorized use). It seems to me
that if (A) people have the tools to portscan, and (B) they know to look
for proxies, that: (C) they should probably know about proxies4all etc.
The security of some proxies can be questioned, so there is one reason
that unsolicited scans/use of ones proxy is undesirable. Also there are
things like annonymizer, Freedom, and onion routing that address democracy
on the net, (with sublime irony at least, heh ;) and if anyone is so
concerned with access via unrestricted channels they can setup a VPN from
a restricted place opening into the internet in a less restricted place
(like free S/WAN).
> We don't run any HTTP Proxies on our network, so it wouldn't
> hurt us to stop reporting on them, but I wanted to see
> if there was similar sentiment to mine that these might
> be benign scans that, in the name of democracy, we might
> want to stop reporting on in general ?
I think it all depends on why someone is scanning for a proxy. I would
imagine that the most compelling reason is to find proxies that are
unintentionally mis-configured and ideally not monitored or logged. The
reasons that would preclude someone from using the "known" proxies is the
chance that they will be blocked, and/or logged to such an extent that
their use as a screen of the originating IP is in question.
> Any opinions?
All I wrote is opinion :)
spiff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
