My proxy was found by script-kiddies, using port scanning, and is
now in a lot of public proxy lists. While I advertise my proxy
on my web site, I took great care to keep it OFF the myriad
of public proxy lists, so I would not show up in any proxy
blacklists. I thought that by keeping my proxy AWAY
from ports 80, 81, 1080, 3128, 8000, 8080, 8081, 8118,
or 9050, someone using proxy scanner would NOT find my
proxy. I always thought that the hacker toolz for that scanned
for open proxies would ONLY use those afforementioned
ports, and proxies on ports other than those, would NOT be
found by the script kiddies.
In the past hour or so, since my proxy appeared in some
of the major lists, my server is been JUMPING with
connections to my proxy, and many of them from
corporate addresses ALL OVER the United States
and Canada. From just ONE workplace, there have
been DOZENS of connections going to my Tor entry
proxy. I had 14 workers are one company, in New
Hampshire, connecting to my proxy at once. This one
company in NH that has a subscription online gaming
service has 6 active connections to my proxy right now,
as I am writing this. And these are INCOMING connections
from their network into my proxy. Since its a Tor proxy,
I don't know where the go beyond my machine, since
I am only a Tor entry proxy, which allows people from any
environment, where the machines are locked down, to
be able to get onto the Tor network, without having to
use the software. Anybody with an always-on connection
can do this. You just simply install the Tor software, and
configure it to be publicly accessible from anywhere in
the world, and, voila!, you have an entry point onto the
Tor network, allowing people to use Tor, without having
to install the software.
I cannot figure out how my proxy could be found through
scanning toolz, which I specifically keep it OFF the
ports that proxies typically use, so that I will NOT be scanned,
and appear in any of the proxy lists.
Based upon your Subject, you appear to be a bit annoyed at this
mass use of your system resources. If so, then you should not be,
since you have made it clear that you consider use of network
resources without specific authorization to be valid and justified
and not a crime or punishable as long as no password was broken.
It was, in your framework, your fault for failing to lock down your
access sufficiently, not anyone's fault for taking advantage of
Its not that. Its the fact that I will likely be placed in the proxy
blacklists. The various proxy lists are where the blacklists are
compiled from, and I will likely be blocked at many corporations
within the next few days. The use of resources does not concern
me as much as the likelihood of getting added to proxy blacklists,
and being blocked on many corporate networks now. I had
far more than the load I have now, during Cyber Monday,
Like I say, its not the use of resources that gets me, its the
fact that I will appear on proxy blacklists, and be blocked,
the next time companies update their filtering lists.
Well now you know it's not true, don't you.
You're complaining about people (mis)using your connection's resources
when you actively enable other people to misuse their (corporate)
Doesn't that strike you as a little, um, hypocritical?
It is NOT that. Is is the fact that the makers of proxy blacklists
compile thier lists from all the lists of public proxies that exist.
This means that my proxy will soon be on a lot of blacklists
and will be blocked on filtering system used on many
The ONLY reason my proxy has been usable in corporate
enviromenents is because it was NOT on any proxy
blacklists. Now, becuase I AM in the proxy lists, I will
soon be on a lot of corporate proxy blacklists, just as soon
as their filtering lists are updated.
I have been watching what has been going on for a few hours now.
As the workday is under way in Asia and Australia, I see
INCREDIBLE number of connections to my proxy coming from
corporate networks all over Australia and Asia. They managed
to find one filteing proxy we use here at the station. We DO
block porn, but users are using THAT proxy to access all kinds
of site. Looking at the real-time monitoring of where people are
going, they are surfing ALL kinds of sites from work. I have seen
connections to dating sites, entertainment sites. People are accessing
all kinds of blogging sites. A lot of people are surfing MySpace
from work. I have a NUMBER of connections to Live 365
and Pandora stations. People are listening to Pandora from
work, as well, and in large numbers. The Live 365 stations
being listened too vary quite a bit. People are watching basketball
games on NBA League Pass, on NBA Broadband. The NBA
is quite popular in China (CCTV5 has a lot of it at times).
In short, some people in China, right now, are watching
I am seeing a LOT of hits to YouTube, and other video
sites. People like to surf that from work, it appears.
The O'Reilly Factor is apparently a popular show. TVU
has a 24-hour stream of Fox News Channel, and enough
people were tuning in to the O'Reilly factor, from work,
by way of my proxy, that the proxy software broke under
the load. In the workplaces where the O'Reilly Factor
was being watch, the boss would know that someone
was pulling about 300K of bandwidth from a strange
address, but would NEVER know what that user
was up to. In other words, that boss will have no
CLUE that someone was watching the O'Reilly
Factor, using the company network.
They will see 300K from a server in France (I
now have my server at a colocation facility
in France), but will have no CLUE to what
that person was doing.
You were wrong. :-\\
You've learned (the hard way) the security addage "Security through
obscurity is neither as secure nor as obscure as you'd like to
nmap -sV (as just one example) does service fingerprinting, poking at
the port with a variety of greetings looking for it to respond to one.
Surely someone has cut down such functionality to simply look for
things matching a proxy fingerprint and turned it loose on ip address
ranges and looking at all ports.
If you offer a service on a port publicly, it will be found. Without
restricting connections by IP, requiring authentication somehow, or
port-knocking to dynamicaly open it up, I'm not sure how you'll stay
off the lists. The cats kinda out of the bag, I'm afraid.
The IT department at my work would be positively livid at that amount
of bandwidth being used outside of authorized FTP transfers. I can
guarantee that they would cut off internet access to that workstation
very quickly, and the employee doing so would have a second, and
possibly third asshole. Most likely fired, too. I could see warnings
about listening to music while doing work, but its hard to do work while
You have published on your web site. Just google for proxy and search
the results for URLs or similar and someone will find it. Or someone
accidentally found your web site and entered it manually. Or your IP
address (do you have a static or dynamic one) had been fully scanned
for open ports and after you know all open ports it is very easy to
identify the major services on those ports (HTTP/S, SMTP/S, POP/S,
[interesting things on traffic through proxy]
Sidenote: those things you have found out about the people who use
your proxy (and you could find out more about them) are exactly the
reason why in general proxies won't really help you with anonymity
unless you fully trust the person who runs the proxy. But we had this
discussion just a short while ago...
And we keep telling you that you don't know anything about networking,
don't know anything about security, don't know anything about anything
you post here about - but you won't listen to us.
It's simple to find anything running on a server/network, you're just
too stupid to be ethical and it's going to get you found every time.
LOL, and you were already blocked by most corporations, as most of them
have properly secured networks.
So, for the numbers of companies that use block lists, you will now show
up on theirs too, but the sad part is that many companies don't lock
down their networks well enough.
I hope that the group that found you continues to scan for your services
(not that they care about you actually) and post it in block lists.
Network admins have a right to block content from their networks, and
you content is the best type to block.
I know that block lists are based on what shows up in the proxy
lists. If I turn off my proxy for a few days, I will dissappear
from the proxy lists, and will, hence, be dropped from the
proxy blacklists, since they go on what are on the various
lists of open proxies all over the Net.
It was interesting to see what addresses people are connecting
to. I must say people from corporate addresses were connecting
to a variety of sites. A lot of people were connecting to MySpace
from work. People were connecting to dating sites from work.
It seems that eHarmony is surfed from work quite a bit.
But the biggest surprise, from Australian workplaces, was
just how many people were coming through my proxy to
watch the O'Reilly Factor, from work, through the TVU
P2P television service. The boss would know that
someone was comsuming 300K of bandwidth from ]
my proxy, but he or she would NEVER figure out that
someone was watching Bill O'Reilly from work,during
the Australian workday. The times he comes oncorrespond
to the working hours in Australia, and these employers
whose networks were being used to watch O'Reilly will
NEVER know what was going on.
but it's OK, because they're encrypted, and you and your imaginary
engineers will NEVER KNOW what's in the traffic - and will just
Of course - now mommy is going to be angry with him, and might start
restricting his access to the computer - he won't be able to watch
those girl figure-skates who wear those short skirts so you can see
their legs when they spin, or stretch out and glide.
but it's all encrypted, and he has NO IDEA how to do anything about it.
Yeah, his mommy is going to be really unhappy with him for that.
Well, there goes his imaginary Internet business.
It is NOT my internet costs that have me in a lather. It is the fact
that my proxy is now going to be on proxy blacklists. I am
solving this, however, by turning off my proxy for a few days,
until the public proxy lists (which test proxies regularly),
see my proxy as no longer working, and drop me from the
lists. The filter makers that compile proxy blacklists use the
public proxy lists from sites like Proxy4Free, Alive Proxy,
etc, etc, to compile their lists from. Once I am off the
public lists, I will be dropped form the proxy blacklists.
And I DO filter porn, at my radio station, and someone
found that filteirng proxy. The ONLY categorites of
content I have turned on are porn and gambling, It
is our policy NOT to block anything else. That proxy,
unlike my Tor entry proxy, was NOT meant for public
I will ONLY remain on the blacklists as long as I remain on the
public proxy lists. Once the makers of the proxy blacklists tests
my site, and finds my proxy not there, I will be dropped from the