HOW in the HELL did they FIND me?

X-No-Archive: Yes
My proxy was found by script-kiddies, using port scanning, and is
now in a lot of public proxy lists. While I advertise my proxy
on my web site, I took great care to keep it OFF the myriad
of public proxy lists, so I would not show up in any proxy
blacklists. I thought that by keeping my proxy AWAY
from ports 80, 81, 1080, 3128, 8000, 8080, 8081, 8118,
or 9050, someone using proxy scanner would NOT find my
proxy. I always thought that the hacker toolz for that scanned
for open proxies would ONLY use those afforementioned
ports, and proxies on ports other than those, would NOT be
found by the script kiddies.
In the past hour or so, since my proxy appeared in some
of the major lists, my server is been JUMPING with
connections to my proxy, and many of them from
corporate addresses ALL OVER the United States
and Canada. From just ONE workplace, there have
been DOZENS of connections going to my Tor entry
proxy. I had 14 workers are one company, in New
Hampshire, connecting to my proxy at once. This one
company in NH that has a subscription online gaming
service has 6 active connections to my proxy right now,
as I am writing this. And these are INCOMING connections
from their network into my proxy. Since its a Tor proxy,
I don't know where the go beyond my machine, since
I am only a Tor entry proxy, which allows people from any
environment, where the machines are locked down, to
be able to get onto the Tor network, without having to
use the software. Anybody with an always-on connection
can do this. You just simply install the Tor software, and
configure it to be publicly accessible from anywhere in
the world, and, voila!, you have an entry point onto the
Tor network, allowing people to use Tor, without having
to install the software.
I cannot figure out how my proxy could be found through
scanning toolz, which I specifically keep it OFF the
ports that proxies typically use, so that I will NOT be scanned,
and appear in any of the proxy lists.
Reply to
Loading thread data ...
Based upon your Subject, you appear to be a bit annoyed at this mass use of your system resources. If so, then you should not be, since you have made it clear that you consider use of network resources without specific authorization to be valid and justified and not a crime or punishable as long as no password was broken. It was, in your framework, your fault for failing to lock down your access sufficiently, not anyone's fault for taking advantage of that insufficiency.
Reply to
Walter Roberson
X-No-Archive: Yes
Its not that. Its the fact that I will likely be placed in the proxy blacklists. The various proxy lists are where the blacklists are compiled from, and I will likely be blocked at many corporations within the next few days. The use of resources does not concern me as much as the likelihood of getting added to proxy blacklists, and being blocked on many corporate networks now. I had far more than the load I have now, during Cyber Monday, last November.
Like I say, its not the use of resources that gets me, its the fact that I will appear on proxy blacklists, and be blocked, the next time companies update their filtering lists.
Reply to
Well now you know it's not true, don't you.
You're complaining about people (mis)using your connection's resources when you actively enable other people to misuse their (corporate) resources?
Doesn't that strike you as a little, um, hypocritical? Chris
Reply to
Chris Davies
Based upon your Subject, you appear to be a bit annoyed at this
Well, I hope it ups Chilly's internet charges.
Reply to
Flash Gordon
X-No-Archive: Yes
It is NOT that. Is is the fact that the makers of proxy blacklists compile thier lists from all the lists of public proxies that exist. This means that my proxy will soon be on a lot of blacklists and will be blocked on filtering system used on many corporate networks.
The ONLY reason my proxy has been usable in corporate enviromenents is because it was NOT on any proxy blacklists. Now, becuase I AM in the proxy lists, I will soon be on a lot of corporate proxy blacklists, just as soon as their filtering lists are updated.
Reply to
X-No-Archive: Yes
Holy SHIT!!!!
I have been watching what has been going on for a few hours now. As the workday is under way in Asia and Australia, I see INCREDIBLE number of connections to my proxy coming from corporate networks all over Australia and Asia. They managed to find one filteing proxy we use here at the station. We DO block porn, but users are using THAT proxy to access all kinds of site. Looking at the real-time monitoring of where people are going, they are surfing ALL kinds of sites from work. I have seen connections to dating sites, entertainment sites. People are accessing all kinds of blogging sites. A lot of people are surfing MySpace from work. I have a NUMBER of connections to Live 365 and Pandora stations. People are listening to Pandora from work, as well, and in large numbers. The Live 365 stations being listened too vary quite a bit. People are watching basketball games on NBA League Pass, on NBA Broadband. The NBA is quite popular in China (CCTV5 has a lot of it at times). In short, some people in China, right now, are watching basketball.
I am seeing a LOT of hits to YouTube, and other video sites. People like to surf that from work, it appears.
The O'Reilly Factor is apparently a popular show. TVU has a 24-hour stream of Fox News Channel, and enough people were tuning in to the O'Reilly factor, from work, by way of my proxy, that the proxy software broke under the load. In the workplaces where the O'Reilly Factor was being watch, the boss would know that someone was pulling about 300K of bandwidth from a strange address, but would NEVER know what that user was up to. In other words, that boss will have no CLUE that someone was watching the O'Reilly Factor, using the company network.
They will see 300K from a server in France (I now have my server at a colocation facility in France), but will have no CLUE to what that person was doing.
Reply to
You were wrong. :-\\
You've learned (the hard way) the security addage "Security through obscurity is neither as secure nor as obscure as you'd like to imagine."
nmap -sV (as just one example) does service fingerprinting, poking at the port with a variety of greetings looking for it to respond to one.
Surely someone has cut down such functionality to simply look for things matching a proxy fingerprint and turned it loose on ip address ranges and looking at all ports.
If you offer a service on a port publicly, it will be found. Without restricting connections by IP, requiring authentication somehow, or port-knocking to dynamicaly open it up, I'm not sure how you'll stay off the lists. The cats kinda out of the bag, I'm afraid.
Best Regards,
Reply to
Todd H.
. . The IT department at my work would be positively livid at that amount of bandwidth being used outside of authorized FTP transfers. I can guarantee that they would cut off internet access to that workstation very quickly, and the employee doing so would have a second, and possibly third asshole. Most likely fired, too. I could see warnings about listening to music while doing work, but its hard to do work while watching TV...
Reply to
Ryan P.
You have published on your web site. Just google for proxy and search the results for URLs or similar and someone will find it. Or someone accidentally found your web site and entered it manually. Or your IP address (do you have a static or dynamic one) had been fully scanned for open ports and after you know all open ports it is very easy to identify the major services on those ports (HTTP/S, SMTP/S, POP/S, IMAP/S, etc.)
[interesting things on traffic through proxy]
Sidenote: those things you have found out about the people who use your proxy (and you could find out more about them) are exactly the reason why in general proxies won't really help you with anonymity unless you fully trust the person who runs the proxy. But we had this discussion just a short while ago...
Reply to
Gerald Vogt
And we keep telling you that you don't know anything about networking, don't know anything about security, don't know anything about anything you post here about - but you won't listen to us.
It's simple to find anything running on a server/network, you're just too stupid to be ethical and it's going to get you found every time.
Reply to
LOL, and you were already blocked by most corporations, as most of them have properly secured networks.
So, for the numbers of companies that use block lists, you will now show up on theirs too, but the sad part is that many companies don't lock down their networks well enough.
I hope that the group that found you continues to scan for your services (not that they care about you actually) and post it in block lists.
Network admins have a right to block content from their networks, and you content is the best type to block.
Reply to
X-No-Archive: Yes
I know that block lists are based on what shows up in the proxy lists. If I turn off my proxy for a few days, I will dissappear from the proxy lists, and will, hence, be dropped from the proxy blacklists, since they go on what are on the various lists of open proxies all over the Net.
It was interesting to see what addresses people are connecting to. I must say people from corporate addresses were connecting to a variety of sites. A lot of people were connecting to MySpace from work. People were connecting to dating sites from work. It seems that eHarmony is surfed from work quite a bit.
But the biggest surprise, from Australian workplaces, was just how many people were coming through my proxy to watch the O'Reilly Factor, from work, through the TVU P2P television service. The boss would know that someone was comsuming 300K of bandwidth from ] my proxy, but he or she would NEVER figure out that someone was watching Bill O'Reilly from work,during the Australian workday. The times he comes oncorrespond to the working hours in Australia, and these employers whose networks were being used to watch O'Reilly will NEVER know what was going on.
Reply to
Chilly8 schrieb:
scan over IP addresses (for found IP-adresses) Scan over ports (for open ports) analyse protocol signature
Cheers, Jens
Reply to
Jens Hoffmann
but it's OK, because they're encrypted, and you and your imaginary engineers will NEVER KNOW what's in the traffic - and will just ignore it.
Of course - now mommy is going to be angry with him, and might start restricting his access to the computer - he won't be able to watch those girl figure-skates who wear those short skirts so you can see their legs when they spin, or stretch out and glide.
but it's all encrypted, and he has NO IDEA how to do anything about it.
Yeah, his mommy is going to be really unhappy with him for that. Well, there goes his imaginary Internet business.
Old guy
Reply to
Moe Trin
X-No-Archive: Yes
It is NOT my internet costs that have me in a lather. It is the fact that my proxy is now going to be on proxy blacklists. I am solving this, however, by turning off my proxy for a few days, until the public proxy lists (which test proxies regularly), see my proxy as no longer working, and drop me from the lists. The filter makers that compile proxy blacklists use the public proxy lists from sites like Proxy4Free, Alive Proxy, etc, etc, to compile their lists from. Once I am off the public lists, I will be dropped form the proxy blacklists.
And I DO filter porn, at my radio station, and someone found that filteirng proxy. The ONLY categorites of content I have turned on are porn and gambling, It is our policy NOT to block anything else. That proxy, unlike my Tor entry proxy, was NOT meant for public consumption.
Reply to
Which is where it belongs, and it will remain on them for a long time.
Unethical actions lead to bad things - you deserve to be shut down for your lack of ethics.
Reply to
X-No-Archive: Yes
I will ONLY remain on the blacklists as long as I remain on the public proxy lists. Once the makers of the proxy blacklists tests my site, and finds my proxy not there, I will be dropped from the blacklists.
Reply to
getting off takes a LOT longer than getting on.
Reply to
I'd file that assumption in the "suspect" bin along with your prior assumption that they'd only be looking on usual ports.
You may find yourself blacklisted for longer than you assume.
Reply to
Todd H. Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.