RIAA Safeweb Proxy ID
John Young
jya at pipeline.com
Sat Oct 13 05:32:03 PDT 2001
Thanks to SC:
[SC's IP address replaced by xxx.xxx.xxx.xxx]
-----
I've tuned in late to the riaa/safeweb thing, but I'm chiming in
with my bit.
Tracing from safeweb is an interesting exercise; the geography is
very typical of the internet backbone and the router hops packets
take.
I wrote a script to mail all possible headers from a connecting
browser to myself. I installed it on my server
http://xxx.xxx.xxx.xxx:8140,
and then connected from Safeweb.
This anonymizer uses a caching proxy server, listening for
connections on several IPs; it preserves client headers while
obviously changing the IP of the originating connection; it preserves
many of the originating headers; it adds some new headers.
Here's the output:
GATEWAY_INTERFACE..........CGI/1.1
REMOTE_ADDR..........64.124.150.136
DATE_LOCAL..........Saturday, 13-Oct-2001 01:22:45 EDT
REQUEST_METHOD..........GET
QUERY_STRING..........
DOCUMENT_URI........../index.html
HTTP_ACCEPT..........image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, */*
REMOTE_PORT..........2513
SERVER_ADDR..........142.204.119.75
HTTP_ACCEPT_LANGUAGE..........en-us
HTTP_CACHE_CONTROL..........max-age=259200
REDIRECT_STATUS..........200
HTTP_ACCEPT_ENCODING..........gzip
SERVER_NAME..........xxx.xxx.xxx.xxx
HTTP_X_FORWARDED_FOR..........127.0.0.1
SERVER_PORT..........8140
DOCUMENT_NAME..........index.html
HTTP_IF_MODIFIED_SINCE..........Sat, 13 Oct 2001 05:15:44 GMT;
length=853
REDIRECT_URL........../
DATE_GMT..........Saturday, 13-Oct-2001 05:22:45 GMT
SERVER_PROTOCOL..........INCLUDED
HTTP_REFERER..........http://xxx.xxx.xxx.xxx
HTTP_USER_AGENT..........Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.0)
HTTP_CONNECTION..........keep-alive
REQUEST_URI........../
HTTP_HOST..........xxx.xxx.xxx.xxx:8140
HTTP_VIA..........1.0 anongo.com:3128 (Squid/2.3.STABLE3)
The last one in the list is the flavour of proxy they use:
Squid/2.3.stable3
And the DNS name of the source box for the HTTP request
is anongo.com, which I don't believe showed up in your trace
logs.
Basically a caching proxy server's header set.
The authoritative name servers for anongo.com are
ns3.above.net
www.anongo.com redirects to Safeweb. The boxes are standard
unix/apache with ssl. They have written scripts to replace the
originating address header and keep track of the connection, receive
requested files to their cache, and then serve from that cache to
your browser.
The machines would absolutely be configured to do sophisticated
logging; there is no free lunch on the net. While they appear to do a
nice job, their server logs would be a goldmine. Everyone who uses a
commercial web browser agrees to have their information gathered the
first time they use that browser - do you want to continue? When you
say yes, you mean it!
-----
More information about the Testlist
mailing list