Topic awaiting preservation: detecting a proxy server from it's LAN $Pages that link to <a href="https://ozoneasylum.com/backlink?for=7014" title="Pages that link to Topic awaiting preservation: detecting a proxy server from it&#039;s LAN" rel="nofollow" >Topic awaiting preservation: detecting a proxy server from it's LAN\$

Author	Thread
JKMabry Maniac (V) Inmate From: out of a sleepy funk Insane since: Aug 2000	posted 10-07-2003 20:00 Can anyone tell me how to detect whether or not http traffic on a LAN is being filtered through a proxy server/similar that might cache or detect/record information? Using only something like cmd that would be available from any desktop? For instance, if I'm at someone's office and sit down at their computer and do a tracert and the first stop is 192.168.0.1 or somesuch, how can I tell what's at that IP? How do I determine whether it's a proxy/similar (that records/filters) or just some kind of router or switch (passes straight through)? Or can I? thanks Jason
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 10-07-2003 21:30 AFAIK There's no reliable way for determintaing whether you're accessing the web through proxy (transparently) or not. For example, under FreeBSD I can set up NAT and divert all traffic that goes to port 80 to go through my own proxy transparently instead of establishing a direct connection and you wouldn't notice a thing. But, in most cases people only set up simple NAT that translates IP packets from internal network to the public network and back...
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 10-07-2003 22:16 always thought that was the whole point in a proxy being transparent: it doesn't distinguish itself in any way from a direct connection. btw, https can't be proxied... so you'd be safe using that. A router is high enough in network-organization (iso) level to record as well... as switch couldn't, but each machine would have to have a public address...
JKMabry Maniac (V) Inmate From: out of a sleepy funk Insane since: Aug 2000	posted 10-07-2003 22:53 The scenario I was imagining would be within a corporate LAN where, normally, they'd run a proxy server or not. Normally it'd be a matter of corporate policy where employees can surf and if there's monitoring involved; usually no attempt made to 'hide' the proxy server in this situation. with that in mind I was just wondering if there would be any dead giveaways in that situation. thanks for the help fellas Jason
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 10-07-2003 23:05 Well, for one thing most opaque proxies (as I like to call non-transparent proxies) will provide their own 401, 403 and 404 pages that overwrite the ones coming from sites, so try going to a page on the asylum that doesn't exist and see if you get the '404, Lost in the Ozone' page or some other 404 error page. I have been a victim of transparent proxies in the past. My ISP used to run on on HTTP traffic...when ever you tried to go to http://www.google.com and you'd get redirected to http://www.google.com.au (since I live in Australia) the google site wouldn't load...you'd just get a small, yellow 'O' in the top-left corner of the page.

Topic awaiting preservation: detecting a proxy server from it's LAN\$

Author

Thread

JKMabry
Maniac (V) Inmate

From: out of a sleepy funk
Insane since: Aug 2000

posted 10-07-2003 20:00

Can anyone tell me how to detect whether or not http traffic on a LAN is being filtered through a proxy server/similar that might cache or detect/record information? Using only something like cmd that would be available from any desktop?

For instance, if I'm at someone's office and sit down at their computer and do a tracert and the first stop is 192.168.0.1 or somesuch, how can I tell what's at that IP? How do I determine whether it's a proxy/similar (that records/filters) or just some kind of router or switch (passes straight through)? Or can I?

thanks

Jason

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 10-07-2003 21:30

AFAIK There's no reliable way for determintaing whether you're accessing the web through proxy (transparently) or not.

For example, under FreeBSD I can set up NAT and divert all traffic that goes to port 80 to go through my own proxy transparently instead of establishing a direct connection and you wouldn't notice a thing.

But, in most cases people only set up simple NAT that translates IP packets from internal network to the public network and back...

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 10-07-2003 22:16

always thought that was the whole point in a proxy being transparent: it doesn't distinguish itself in any way from a direct connection.

btw, https can't be proxied... so you'd be safe using that.

A router is high enough in network-organization (iso) level to record as well... as switch couldn't, but each machine would have to have a public address...

JKMabry
Maniac (V) Inmate

From: out of a sleepy funk
Insane since: Aug 2000

posted 10-07-2003 22:53

The scenario I was imagining would be within a corporate LAN where, normally, they'd run a proxy server or not. Normally it'd be a matter of corporate policy where employees can surf and if there's monitoring involved; usually no attempt made to 'hide' the proxy server in this situation.

with that in mind I was just wondering if there would be any dead giveaways in that situation.

thanks for the help fellas

Jason

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted 10-07-2003 23:05

Well, for one thing most opaque proxies (as I like to call non-transparent proxies) will provide their own 401, 403 and 404 pages that overwrite the ones coming from sites, so try going to a page on the asylum that doesn't exist and see if you get the '404, Lost in the Ozone' page or some other 404 error page.

I have been a victim of transparent proxies in the past. My ISP used to run on on HTTP traffic...when ever you tried to go to http://www.google.com and you'd get redirected to http://www.google.com.au (since I live in Australia) the google site wouldn't load...you'd just get a small, yellow 'O' in the top-left corner of the page.