Re: c'punks top 5
A proxy server for HTTP transport so that one could access the web anonymously. I don't think coding is the problem here; one could be easily hacked out in perl, or you could use CERN HTTPD as a proxy server. I think the problem is finding someone who will offer up their machine as a place to run this service.
It could be run from any user account, like a remailer... The only problem there is getting it to start up after the machine has rebooted, etc. I suppose a procmail recipie or some other .forward magic could be setup so a simple e-mail message to the proxy operator account would start the server if it wasn't running. I would think that running an anonymous HTTP proxy server is much less likely to bring people screaming to your sysadmin than an anonymous remailer. Thus there is a chance that there could be more people willing to put up the service than even remailers... However, while there may be less chance of forceful shutdown due to complaints, an anon-http proxy server would probably consume much more in the way of network resources than a remailer, which will likely lead to many being shutdown once discovered by the sysadmins (although, maybe not). andrew
Andrew Lowenstern says:
A proxy server for HTTP transport so that one could access the web anonymously.
It could be run from any user account, like a remailer...
I'd say run socks or something similar; its a generalized port proxying facility for firewalls, but it should work fine for this. .pm
"Perry E. Metzger" <perry@imsi.com> writes:
I'd say run socks or something similar; its a generalized port proxying facility for firewalls, but it should work fine for this.
I was reading about socks last night, and it does seem to be very close to what is needed for this. In fact, if you sat down to write a TCP connection redirector protocol for anonymous connections, socks is pretty close to what you would come up with. Socks V5 even has some encryption specified for it, although it has the deficiency that the "forwarding" connection address is sent in the clear. The basis idea of socks is very simple. A socks server runs on port 1080 on a gateway machine. If you want to make a connection through the server, connect to it on port 1080, then send a 1-byte version number, 4, a 1-byte request code, 1, the 2-byte port number you want to connect to, the 4-byte IP address you want to connect to, and then a null-terminated string which is supposed to be your user name (to help the server decide whether to allow the connection). It returns an 8-byte response message: 1 byte of version number, 4, 1 byte of result, where 0x5a means success, 2 bytes of outgoing port number and 4 bytes of server IP address. From then on, assuming success, it just forwards messages and you can talk directly to the remote machine. This lends itself nicely to chaining; simply make a socks request to the first machine, requesting it to connect to another socks machine; then send another socks request which will be interpreted by the 2nd machine, etc. You could build up chains of any size in this way, even responding dynamically to failed or refused connections. In fact, as with the CERN httpd proxy server, where existing implementations might actually be useful already for laundering web connections, it is possible that some socks implementations could be used as well. If the socks server did not check that requests came from the local site (as the httpd proxy server sometimes does not), then you could set your client to make socks connections to such a server and get anonymous web connections already. This also would mean that it might be politically easier to run a socks server than to run an anarchistic http redirector. Socks is pretty well understood by security-conscious network people so might appear to be less of a threat. Plus, if it does turn out that existing socks servers are useful for this purpose then this is something we could start using right away. Does anybody know of any sites running socks servers? I would like to experiment with whether they would accept connections and requests from remote sites. Thanks - Hal P.S. I found information about socks by searching the Internet Drafts archive at ISI. This California server is a mirror of the main one in Virginia, but is http based so is faster. Use URL http://info.internet.isi.edu/in-drafts, select "Locate internet drafts by file name", and then do a keyword search for socks. There are 3 of them, V4, V5, and one about using pem for encryption.
I would think that running an anonymous HTTP proxy server is much less likely to bring people screaming to your sysadmin than an anonymous remailer. Thus there is a chance that there could be more people willing to put up the service than even remailers... However, while there may be less chance of forceful shutdown due to complaints, an anon-http proxy server would probably consume much more in the way of network resources than a remailer, which will likely lead to many being shutdown once discovered by the sysadmins (although, maybe not).
On this site, I know that running one would get it killed, me a stern warning, and if I did it again, my account removed. My goal here is *NOT* to piss admins off - and what good are anon-HTTPD's if they're being killed every 10 minutes. What is needed is someone who will offer up their box, that they own or directly control, for this purpose. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://hyperreal.com/~entropy/ ]-------[ Key-ID: 4082CCB5 )
participants (4)
-
Andrew Lowenstern -
Hal -
Jonathan Cooper -
Perry E. Metzger