The 5 most dangerous proxies

Top 5 Most Dangerous Proxies

http://www.deepnines.com/

http://www.deepnines.com/proxy-blocker/

04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 1






Agenda

Understanding Proxies

Most Dangerous Proxies Countdown

Prevention and Gaps


Understanding Proxies


Defining and Understanding the Types of Web Proxies Available Today

Defining Proxies

A proxy server is a computer or program that acts as an intermediary for Web browsing

From a network security perspective, web proxies are the unauthorized use of a proxy server for circumventing network security policies, filtering solutions and firewalls

Once a user connects to a proxy server, the proxy then connects the user to the unfiltered Internet


Proxies and Filter Avoidance

Complete Anonymous Surfing of Websites Circumvents existing

network security and content filtering solutions

Unfiltered, free rein of the Internet

Prevents administrators from monitoring or reporting on users

Original Intent Provide uncensored

access to the Internet in oppressed nations

Still operational for people of many nations

Unintended Outcome Easy to build and use Became circumvention

tactic for users wanting unfiltered access


Proxies and Filter Avoidance

Different Types of Proxies and Techniques Tor clients Anonymizers CGI PHP ROT13 Base64 RC4 Circumventors (HTTP/HTTPS) Transparent (HTTP, Sockv4/5) Gopher


Tunnels (SSH/SSL) Host programs (ex: UltraSurf) VPNs Logmein Gotomypc Gotoassist And the list goes on…

There are over 23 different types of proxies and filter avoidance techniques


Most Dangerous Proxies CountdownTop Five Most Dangerous Web Proxies

#5: Anonymous Proxies

Definition Anonymous proxies are URL-based proxies available

through web or IP addresses

Characteristics “Cat-and-mouse” game Very prevalent, extremely easy to find and use Thousands of new ones generated daily Not difficult to block once the URL is know but requires

constant black listing

Examples CGI, PHP, Circumventor, Browser-based, etc.


1. Email distribution list and spam in the morning

2. Blacklisting all day


#5: Anonymous Proxies, Cont’d…

Known by a specific URL, making it easier for traditional filters to block

Groups exists that are dedicated to creating new proxies each week These are not detected

by filters for 2-3 days

Examples Include PHP

pinksocks.info CGI

adiofairy.com ROT13 and Base64

stupidcensorship.com


Definition Circumventor software can be placed on a home (or any

out-of-network) computer and it will return a URL that acts as a proxy and can be used to connect back to that computer for anonymous browsing

Characteristics These URLs are dynamic and easily changed if ever

discovered and blocked Works well for people who do not know how to set up a

web server and have a broadband connection at home

Example: http://adsl-68-93405.dsl.rcsntx.swbell.net/peacefire911437 will be assigned URL and distributed as www.goldenscar.com


#5 (b): Circumventors

http://adsl-68-93405.dsl.rcsntx.swbell.net/peacefire911437

http://www.goldenscar.com/

#5 (c): Transparent Proxies

Definition Based on IP address

and configured in the Web browser advanced settings. Individuals can find a list by Googling “proxy list” and using a program to see which will work

Characteristics Millions of sites More added daily


Example

#5 (c): Transparent Proxies, Cont’d…


#4: Remote Desktop Connections

Definition Software or an OS feature allowing graphical

applications to run remotely on a server while being displayed locally

Characteristics Easy to set up Both free and subscription versions Uses ports that are usually open, or not inspected such

as HTTP 80 or HTTPS 443 Difficult to determine when it’s being used

Example RDP 2 home, Logmein, GotoMeeting, etc.


#4: Remote Desktop Connections


#3: Tunnels

Definition Tunnels form a secure connection between the user and

a server on the outside of the network in order to conceal the traffic

Characteristics Uses encryption to conceal sessions Can’t be easily (if at all) decrypted for inspection Easy to set up at home Ports are usually open to outside

Example Most common tunnels are VPN (Virtual Private Network),

SSL, UDP and SSH


#3 Tunnels: VPN Types

PPTP VPN’s Client comes native with Windows and iPhone Hardware / software cost is low Linux can run easily on very low-end hardware


SSL VPN’s Access server easily set up with no Linux

experience Hardware / software cost is low Client runs Linux, Win2000/XP/Vista,

OpenBSD, FreeBSD, Mac OS X & Solaris Dynamic public endpoints such as DHCP,

connection-oriented stateful firewalls, and tunnels networks over NAT

Freely available Easy to use Can use any port

#3 Tunnels: SSH Tunnels

*New security risk*

Tunnel is left open when leaving Access back to the network from home Can hack around and discover all the

network elements Try scans, password cracks, shares,

etc.04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 18

#2: Secure Proxy Sites

Definition Secure proxy sites form an encrypted, secure connection

between the user and the site

Characteristics Emailed to distribution lists / spammed daily Extremely prevalent Encrypted sessions Ports are usually open for other HTTPS sites

Examples HTTPS/SSL


#2: Secure Proxy Sites: SSL Proxies


#1: Host Proxy Programs

Definition Host proxy programs run on a user’s desktop and

combine multiple circumvention technologies, making them the most dangerous proxies

Characteristics Very complex programs Developed and funded by U.S. government Combines multiple technologies

Encrypted sessions Undetectable and erratic behavior Finds ports that are open and usable

Examples UltraSurf, FreeGate, YourFreedom, etc


Host Programs



Prevention and GapsFlaws in Many Technologies Make Proxies Easy to Explore and Utilize

Content FilteringIt’s Not a Silver Bullet…

Designed as a Blacklist System Uses a database of known URLs or Web address Matches are blocked, unknown is allowed 1990’s security methodology

Size Matters Google indexes over 1 trillion URLs as of January 2009 Largest content filtering databases in the world are <100

million URLs

Effectiveness It’s only as good as the last update (best case scenario) Only inspects ports 80 and 8080 Only effective as a tool for well-known sites


URL Filters: What Do They See?


URL Filters: What Do People See?


Firewalls and IPSLimited by Definition…

Firewalls Only allow or block ports and protocols Do not inspect traffic past Layer 3 Only cares if stateful connection exists

Intrusion Detection/Prevention Systems Concerned mainly about inbound attacks/exploits Does not usually inspect outbound traffic Limited signature set, no focused on content


The RisksNo One is Immune…

High Risks Decreased productivity Spyware, malware (backdoors, Trojans) and viruses Confidential information leakage Acceptable Use Policy (AUP) violations Copyright lawsuits

Most Common Users of Proxies Students (schools) Younger generation of professionals (18 – 30 years old) Disgruntled, frustrated or malicious employees (all ages)


Recommendations for Prevention

Internet Security Assessment Determine current vulnerabilities, gaps and risk levels

Proxy Blocker Technology Utilizes specially architected deep packet inspection

intellectual property to identify the fabric of what makes up a proxy in order to prevent or block the connection

Signature Updates Content filter (for known sites) Proxy blocker / DPI (for unknown sites)


Questions and Answers


Additional questions email: [email protected] call: 1-866-DEEP9-12

www.deepnines.com

Documents

The 5 most dangerous proxies