| View previous topic :: View next topic |
| Author |
Message |
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
 Posted: Thu Aug 24, 2006 7:01 am Post subject: Proxy server |
 |
|
Hey Aprelium,
How cool would it be like if you can also make a proxy server that is as stable, as useful, as friendly and as secure as Abyss?
To the rest of the guys,
Would you be willing to point me to the right direction for a good, light and stable proxy server that can run on Windows but that is not as resource hog as Squid? I have tried FreeProxy from Hand-Crafted Software but it's got bugs that directly affects my intended purposes.
_________________
 http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
   |
 |
Mikor
-
Joined: 21 Aug 2006
Posts: 144
Location: Hull, England
|
| Posted: Thu Aug 24, 2006 7:02 am Post subject: |
|
|
All proxies are resource hogs, if you get enough people using them.
_________________
Yarrt.com - Free Arcade
RypNet.co.uk - Online Game
MSN: michael_walker_2004 <at> hotmail <dot> com |
|
| Back to top |
  |
|
hc2995
-
Joined: 07 Aug 2006
Posts: 644
Location: Maryland, USA
|
| Posted: Thu Aug 24, 2006 7:35 am Post subject: |
|
|
proxy servers are a DoS (Denail of service) attackers best friend as well as a breading ground for hackers, spammers, and viruses not only that BUT if an attack hits a large server it WILL be traced back to YOU! and even if you know who did it you have no proof since the attacker used YOUR ip adress to attack all the attack has to say is "wosent me....." i dont think that aprelium will do this even if its the most secure proxy server ever made in the history of proxy servers theres no guarrenties that it will be 100% fail safe.
_________________
Where have i been? School got heck-tick, had to move half way around the state, then back... and then i had to change jobs, so iv been away for a while :P |
|
| Back to top |
 |
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
| Posted: Thu Aug 24, 2006 10:13 am Post subject: |
|
|
| Mikor wrote: | | All proxies are resource hogs, if you get enough people using them. |
Not unless you specify to limit its use to a few IPs only.
| hc2995 wrote: | | proxy servers are a DoS (Denail of service) attackers best friend as well as a breading ground for hackers, spammers, and viruses |
That's like saying that the Internet is a DoS attacker's best friend... Proxy servers are being currently used responsibly in many respectable schools, institutions, organizations and even ISPs. Many actually use Squid as they are able to cache things and speed up the access times to very popular internet resources.
| hc2995 wrote: | | not only that BUT if an attack hits a large server it WILL be traced back to YOU! |
Unless you limit your proxy server for use by only a few authorized sources.
| hc2995 wrote: | | and even if you know who did it you have no proof since the attacker used YOUR ip adress to attack all the attack has to say is "wosent me....." |
That's why logs are significant. You do realize that most, if not all, proxy servers are capable of logging all proxied requests including the originating IP of the requester. Furthermore, most modern proxy servers have anti-abuse mechanisms that limit the number of requests per originator in a given time period. Proxies were not designed for hackers/cyber-terrorists. Proxies were actually designed for noble useful purposes and this is why the design of HTTP/1.1 specifically supports and allows for web proxy technologies. Read up http://en.wikipedia.org/wiki/Proxy_server and see the section about "Open proxies, abuse, and detection" so that you'll get enlightened about this issue. If you don't allow proxies because they can be potentially used for illegal things, then you might as well disallow web servers, smtp and the internet! Cross over from the dark side, jedi-master.
| hc2995 wrote: | | i dont think that aprelium will do this even if its the most secure proxy server ever made in the history of proxy servers theres no guarrenties that it will be 100% fail safe. |
:) It's just a wish anyway. Nothing is guaranteed 100% fail safe anyways, even web servers, mail servers, ftp servers, etc.
_________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Thu Aug 24, 2006 11:46 am Post subject: |
|
|
| Quote: | hc2995 wrote:
not only that BUT if an attack hits a large server it WILL be traced back to YOU!
loloyd wrote:
Unless you limit your proxy server for use by only a few authorized sources. |
It doesnt matter, it went through YOUR connection, YOUR connection is YOUR responsibility therefore YOU get the blame from your ISP.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Aug 24, 2006 12:32 pm Post subject: Re: Proxy server |
|
|
| loloyd wrote: | | How cool would it be like if you can also make a proxy server that is as stable, as useful, as friendly and as secure as Abyss? |
Why not. But this will take time. :-)
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
Mikor
-
Joined: 21 Aug 2006
Posts: 144
Location: Hull, England
|
| Posted: Thu Aug 24, 2006 12:44 pm Post subject: Re: Proxy server |
|
|
| aprelium wrote: | | loloyd wrote: | | How cool would it be like if you can also make a proxy server that is as stable, as useful, as friendly and as secure as Abyss? |
Why not. But this will take time. :-) |
O_o
Is that a yes?
_________________
Yarrt.com - Free Arcade
RypNet.co.uk - Online Game
MSN: michael_walker_2004 <at> hotmail <dot> com |
|
| Back to top |
|
|
hc2995
-
Joined: 07 Aug 2006
Posts: 644
Location: Maryland, USA
|
| Posted: Thu Aug 24, 2006 2:08 pm Post subject: |
|
|
wow aprelium is going to do it 8O
PS> When i said that you have no proof .log files arent used most law enforcment officals wont toke .log or any kind of log files as they could easily tampered with and changed to present false data all an attacker has to say is "its an easily manipulater file he could have changed it" and depending on the investigation the officals will believe the attacker.
BUT on a side note: at leased DoS attackers only face 30 years in a federal prison, ISP privlages revoked, and a large fine (about 400-800 thousand dollars depending on the damage cousee and yes DoS attacks can destroy servers as they tend to couse them to crash)
_________________
Where have i been? School got heck-tick, had to move half way around the state, then back... and then i had to change jobs, so iv been away for a while :P |
|
| Back to top |
|
|
hc2995
-
Joined: 07 Aug 2006
Posts: 644
Location: Maryland, USA
|
| Posted: Thu Aug 24, 2006 2:14 pm Post subject: |
|
|
i got a link to a CNN report about DoS attacks some where lemme find it :D
EDIT: Here it is:
http://archives.cnn.com/2000/TECH/computing/02/09/cyber.attacks.01/index.html
Read it and youll get a good understanding of DoS attacks (bsicly you could search CNN with DoS in the search bar and get like 400 articles :p)
_________________
Where have i been? School got heck-tick, had to move half way around the state, then back... and then i had to change jobs, so iv been away for a while :P |
|
| Back to top |
|
|
PaulK
-
Joined: 26 Apr 2006
Posts: 132
Location: London, UK
|
| Posted: Thu Aug 24, 2006 3:38 pm Post subject: |
|
|
| Just adding myself to this thread in case of replies, i would love a nice simple proxy that only I could use to get round restircted sites when at work, in hotels etc |
|
| Back to top |
|
|
richardyork
-
Joined: 22 Jun 2004
Posts: 410
Location: United Kingdom
|
| Posted: Thu Aug 24, 2006 4:23 pm Post subject: |
|
|
| PaulK wrote: | | Just adding myself to this thread in case of replies |
You could just use the link at the bottom of the page "Watch this topic for replies"
Just a suggestion... ;-)
_________________
Please SEARCH the forums BEFORE asking questions! |
|
| Back to top |
|
|
Mikor
-
Joined: 21 Aug 2006
Posts: 144
Location: Hull, England
|
| Posted: Thu Aug 24, 2006 4:26 pm Post subject: |
|
|
all in favour of Abyss Proxy Server say "I" (or "Aye")
Aye!
_________________
Yarrt.com - Free Arcade
RypNet.co.uk - Online Game
MSN: michael_walker_2004 <at> hotmail <dot> com |
|
| Back to top |
|
|
Axis
-
Joined: 29 Sep 2003
Posts: 336
|
| Posted: Thu Aug 24, 2006 5:25 pm Post subject: |
|
|
Using CGIProxy ( http://www.jmarshall.com/tools/cgiproxy/ ) for many years on my site. To prevent being overwhelmed I've had to limit bandwidth, which I believe would make it quite useless for DoS. Right now I am running it in text-only mode. I don't have a problem with people choosing to view CENSORED, but I *REALLY* do not want it used for child pornography. So I felt I had to monitor and ban people who went to really *bad* places (I hacked the script so I could ban ip addresses directly in the script). That took alot of time and was endless because you can easily get up to 1500 page hits/day even on a 500/250 dsl connection.
It does use alot of cpu, so you need a good processor. You can set up "allowed sites" and "disallowed sites."
I am mainly concerned about censorship and that is why I offer this service in the first place.
Anyway, that's just my experience and I thought I'd chime in here.
Regards,
Axis |
|
| Back to top |
|
|
Mikor
-
Joined: 21 Aug 2006
Posts: 144
Location: Hull, England
|
| Posted: Thu Aug 24, 2006 5:26 pm Post subject: |
|
|
| Axis wrote: | Using CGIProxy ( http://www.jmarshall.com/tools/cgiproxy/ ) for many years on my site. To prevent being overwhelmed I've had to limit bandwidth, which I believe would make it quite useless for DoS. Right now I am running it in text-only mode. I don't have a problem with people choosing to view CENSORED, but I *REALLY* do not want it used for child pornography. So I felt I had to monitor and ban people who went to really *bad* places (I hacked the script so I could ban ip addresses directly in the script). That took alot of time and was endless because you can easily get up to 1500 page hits/day even on a 500/250 dsl connection.
It does use alot of cpu, so you need a good processor. You can set up "allowed sites" and "disallowed sites."
I am mainly concerned about censorship and that is why I offer this service in the first place.
Anyway, that's just my experience and I thought I'd chime in here.
Regards,
Axis |
Hmm, thats a script and we are talking about a server, but its basicly the same thing.
So, yes, moderation of a proxy server would be hard.
_________________
Yarrt.com - Free Arcade
RypNet.co.uk - Online Game
MSN: michael_walker_2004 <at> hotmail <dot> com |
|
| Back to top |
|
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
| Posted: Fri Aug 25, 2006 3:00 am Post subject: |
|
|
| hc2995 wrote: | wow aprelium is going to do it 8O
PS> When i said that you have no proof .log files arent used most law enforcment officals wont toke .log or any kind of log files as they could easily tampered with and changed to present false data all an attacker has to say is "its an easily manipulater file he could have changed it" and depending on the investigation the officals will believe the attacker.
BUT on a side note: at leased DoS attackers only face 30 years in a federal prison, ISP privlages revoked, and a large fine (about 400-800 thousand dollars depending on the damage cousee and yes DoS attacks can destroy servers as they tend to couse them to crash) |
Hi, hc2995. I am quite familiar with DoS and DDoS having been educated a whole lot in this issue by the Blue Frog experience and GRC's experience (you'd learn more about DoS from http://www.grc.com/dos/grcdos.htm) than by that news bit you wrote here.
In all investigation processes regarding network violations, logs are always consulted. Although it is true that their reliability is always suspect, it can be the only lead you'll ever get. Logs are not limited to the proxy server anyway, there's also the top/higher-level DNS query logs, which can, but not 100% always, prove to be more reliable than your own server's logs, and your ISP's logs. It's silly that one would mention "officals (sic) will believe the attacker".
You are right. It is true that proxy servers can be used to implement DoS attacks. But, hey, SMTP servers can also be used to send spam. And scripts in HTTP servers can also be abused to exploit XSS vulnerabilities. The point is: danger is always there. Risk is always present. And it is up to the responsible netizenry to find ways and means on how to mitigate what's generally considered to be cyber-terrorism and illegal activities. In SMTP servers, you disallow open-relays, use SMTP authentication, use SPF or domain-keys. In HTTP server scripts, you plug XSS vulnerabilities. And in proxy servers, you implement some usage or access control features.
It appears that your fears regarding proxy servers are based on misinformation. It's like you're equating all DoS attacks with proxy servers 8O. I would like to inform you that this is not so. Most DoS attacks in the past actually involved compromised machines running Windows OS, and not necessarily proxy servers.
The downside is that, as Axis points out, proxy servers tend to become resource hogs, especially if you use a lot of filters.
Aprelium, thanks for considering it. Besides, HTTP servers and HTTP proxy servers are like very very close cousins. They both deal with the same application protocol :).
Mikor, aye! :)
| AbyssUnderground wrote: | | It doesnt matter, it went through YOUR connection, YOUR connection is YOUR responsibility therefore YOU get the blame from your ISP. |
It's time to quote Anonymoose. Do you realize how stupid that statement was? Should we blame Microsoft for all the DoS attacks that have "successfully" happened in the past now? Should we blame ARPA for pioneering the Internet? LOL!
_________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
|
|
madman1337
-
Joined: 29 Jul 2006
Posts: 182
Location: Houston, TX
|
| Posted: Fri Aug 25, 2006 3:13 am Post subject: |
|
|
I think that a proxy server would be nice. The main reason why I don't want to go about setting one up right now is that I don't want to go and find a good one and research it. Since its from aprelium, I think it would most likely be of high quality, just like their web server.
Aye!
_________________
 |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Fri Aug 25, 2006 9:18 am Post subject: |
|
|
| Quote: | | It's time to quote Anonymoose. Do you realize how stupid that statement was? Should we blame Microsoft for all the DoS attacks that have "successfully" happened in the past now? Should we blame ARPA for pioneering the Internet? LOL! |
I wouldn't call it a stupid statement because it happens to be true. If you are the bill payer you are responsible over what happens on that line. If someone else uses your proxy to DOS someone, its your fault because its your connection. Your ISP won't care if you say it was through a proxy. Your line, your problem.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
| Posted: Fri Aug 25, 2006 11:10 am Post subject: |
|
|
| AbyssUnderground wrote: | | I wouldn't call it a stupid statement because it happens to be true. If you are the bill payer you are responsible over what happens on that line. If someone else uses your proxy to DOS someone, its your fault because its your connection. Your ISP won't care if you say it was through a proxy. Your line, your problem. |
I agree, my line is my problem and also my responsibility. But, think about all those zombie PCs used in DoS. Did they become legally liable (the key phrase here) for the DoS attacks?
So if your grandma's PC became a DoS zombie, would you blame her? Could you really? Would you just plainly say "hey, it's your fault!"? Is it really her fault?
Besides, if I ran my own proxy server, I won't even let you use it. Hmm... that depends. The point is - I'll abso-defi-posit-surely control who gets to use it and who doesn't.
_________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Fri Aug 25, 2006 11:16 am Post subject: |
|
|
I agree with what you are saying, if the zombie DOS'er is on the pc then its hardly your fault (well it is in terms of you not securing your pc but thats a different matter). But if you allow someone to use the proxy for themselves then they abuse it and use it for DOS attacks, that makes you liable because you have provided an easy way for a DOS attack to take place.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
| Posted: Fri Aug 25, 2006 6:37 pm Post subject: |
|
|
AU, for the record, not one third-party SMTP server administrator has been held legally liable for email spam (unless you can name one and cite references). In the same breath, not one third-party proxy server administrator has ever been held legally liable for any illegal acts committed by using that administrator's proxy server (again, unless you can name one and cite references). And here's the clincher, not even a single third-party PC owner/administrator has ever been held legally liable for ignorantly/naively/innocently/unwillingly taking part in a DoS attack caused by his/her PC's being made into a zombie by an attacker's trojan or spyware (no disclaimer necessary). Heck, historically, even big ISPs turned a blind eye (from the GRC experience)!
_________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Fri Aug 25, 2006 6:39 pm Post subject: |
|
|
ISP's are getting a lot tougher now. I know my ISP, NTL, wouldn't put up with anything like that. They have enough trouble with people DDoSing their servers without us doing it as well.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
Tom Chapman
-
Joined: 09 Jul 2005
Posts: 933
Location: Australia
|
| Posted: Sat Aug 26, 2006 2:14 pm Post subject: |
|
|
| loloyd wrote: | | hc2995 wrote: | | proxy servers are a DoS (Denail of service) attackers best friend as well as a breading ground for hackers, spammers, and viruses |
That's like saying that the Internet is a DoS attacker's best friend... Proxy servers are being currently used responsibly in many respectable schools, institutions, organizations and even ISPs. Many actually use Squid as they are able to cache things and speed up the access times to very popular internet resources. |
My School AND ISP.
-------------
Aprelium
-------------
Just because they say it will be alot of work does NOT mean that they will even think about for 30 seconds! The last thing I want is another hole for CMX to exploit lol. |
|
| Back to top |
|
|
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
| Posted: Sat Aug 26, 2006 2:32 pm Post subject: |
|
|
| MrWiseOne wrote: | | Just because they say it will be alot of work does NOT mean that they will even think about for 30 seconds! The last thing I want is another hole for CMX to exploit lol. |
Abyss is safe, I've tried to exploit but but I did not find any holes. Since they managed to build such a great web server, I do not doub they could create a proxy server that was secure.
And if you need a small and secure proxy server for Windows, I recommend this one. |
|
| Back to top |
|
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
| Posted: Sun Aug 27, 2006 12:57 pm Post subject: |
|
|
Thanks for the recommendation, cmxflash. Keep those sensible, informative and useful posts coming.
_________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
|
|
|
