Open proxy

Diagram of proxy server connected to the Internet.
An open proxy forwarding requests from and to anywhere on the Internet.

An open proxy is a proxy server that is accessible by any Internet user. Generally, a proxy server only allows users within a network group (i.e. a closed proxy) to store and forward Internet services such as DNS or web pages to reduce and control the bandwidth used by the group. With an open proxy, however, any user on the Internet is able to use this forwarding service.

Advantages

An anonymous open proxy is one measure that might help computer users to conceal their IP address against the webservers or internet content providers. It might make it harder to reveal their identity and thereby help preserve their perceived security while browsing the web or using other internet services. Real anonymity and extensive internet security might not be achieved by this measure (alone).

Disadvantages

An audio reading of m:Project:No open proxies, a Wikimedia Foundation policy, as it existed on 07 April 2007.

It is possible for a computer to run as an open proxy server without the computer's owner knowing it. This can result from misconfiguration of proxy software running on the computer, or from infection with malware (viruses, trojans or worms) designed for this purpose.[1] If it is caused by malware, the infected computer is known as a zombie computer.

An open proxy is a high risk for the server operator:

Many open proxies run very slowly, sometimes below 14.4 kbit/s, or even below 300 bit/s, while other times the speed may change from fast to slow every minute.

Because open proxies are often implicated in abuse, a number of methods have been developed to detect them and to refuse service to them. IRC networks with strict usage policies automatically test client systems for known types of open proxies.[2] Likewise, a mail server may be configured to automatically test mail senders for open proxies, using software such as proxycheck.[3]

Testing for access from an open proxy

Because of the potential risk of proxy service, there are ways developed for avoiding running open proxy. Many IRC networks test the client systems for known open proxy types automatically. Likewise, an e-mail server may be configured to automatically test e-mail senders for open proxies. As they are typically difficult to track, open proxies are especially useful to those seeking online anonymity and privacy.

Groups of IRC and electronic mail operators run DNSBLs publishing lists of the IP addresses of known open proxies, such as AHBL, CBL, NJABL, and SORBS.

The ethics of automatically testing clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be "very bad form".[4] Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.

See also

References

  1. "Accidental spamming, zombies and spoofing". Australian Communications and Media Authority. Retrieved 2008-08-03.
  2. "Blitzed Open Proxy Monitor". Blitzed.org. 2011-08-21. Retrieved June 21, 2014.
  3. "proxycheck: Open Proxy checker". Corpit.ru. Retrieved 2011-11-21.
  4. "localhost listed by njabl ?? - news.admin.net-abuse.email | Google Groups". Groups.google.com. 2003-12-12. Retrieved 2011-02-03. two reasons why testing other people's systems for security holes is considered very bad form [...] It is impossible to know the motives of a tester. [...] Second, it offends people's territorial urges.

External links

Wikimedia Commons has media related to Open proxies blocked on Wikimedia Commons.