RIAA Safeweb Proxy ID

John Young jya at pipeline.com
Sat Oct 13 05:32:03 PDT 2001 

Thanks to SC:

[SC's IP address replaced by xxx.xxx.xxx.xxx]

-----

I've tuned in late to the riaa/safeweb thing, but I'm chiming in 
with my bit.

Tracing from safeweb is an interesting exercise; the geography is
very typical of the internet backbone and the router hops packets
take.

I wrote a script to mail all possible headers from a connecting
browser to myself. I installed it on my server

  http://xxx.xxx.xxx.xxx:8140, 

and then connected from Safeweb. 

This anonymizer uses a caching proxy server, listening for
connections on several IPs; it preserves client headers while
obviously changing the IP of the originating connection; it preserves
many of the originating headers; it adds some new headers. 

Here's the output:

GATEWAY_INTERFACE..........CGI/1.1

REMOTE_ADDR..........64.124.150.136

DATE_LOCAL..........Saturday, 13-Oct-2001 01:22:45 EDT

REQUEST_METHOD..........GET

QUERY_STRING..........

DOCUMENT_URI........../index.html

HTTP_ACCEPT..........image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, */*

REMOTE_PORT..........2513

SERVER_ADDR..........142.204.119.75

HTTP_ACCEPT_LANGUAGE..........en-us

HTTP_CACHE_CONTROL..........max-age=259200

REDIRECT_STATUS..........200

HTTP_ACCEPT_ENCODING..........gzip

SERVER_NAME..........xxx.xxx.xxx.xxx

HTTP_X_FORWARDED_FOR..........127.0.0.1

SERVER_PORT..........8140

DOCUMENT_NAME..........index.html

HTTP_IF_MODIFIED_SINCE..........Sat, 13 Oct 2001 05:15:44 GMT;
length=853

REDIRECT_URL........../

DATE_GMT..........Saturday, 13-Oct-2001 05:22:45 GMT

SERVER_PROTOCOL..........INCLUDED

HTTP_REFERER..........http://xxx.xxx.xxx.xxx

HTTP_USER_AGENT..........Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.0)

HTTP_CONNECTION..........keep-alive

REQUEST_URI........../

HTTP_HOST..........xxx.xxx.xxx.xxx:8140

HTTP_VIA..........1.0 anongo.com:3128 (Squid/2.3.STABLE3)

The last one in the list is the flavour of proxy they use:

  Squid/2.3.stable3

And the DNS name of the source box for the HTTP request
is anongo.com, which I don't believe showed up in your trace 
logs. 

Basically a caching proxy server's header set.

The authoritative name servers for anongo.com are 

  ns3.above.net


www.anongo.com redirects to Safeweb. The boxes are standard
unix/apache with ssl. They have written scripts to replace the
originating address header and keep track of the connection, receive
requested files to their cache, and then serve from that cache to
your browser.

The machines would absolutely be configured to do sophisticated
logging; there is no free lunch on the net. While they appear to do a
nice job, their server logs would be a goldmine. Everyone who uses a
commercial web browser agrees to have their information gathered the
first time they use that browser - do you want to continue? When you
say yes, you mean it!

-----

More information about the cypherpunks-legacy mailing list