RFS: proxycheck
Hi, all
Looking for sponsor for a new package:
<http://mentors.debian.net/debian/dists/unstable/main/binary-i386/proxycheck/>
Description: A simple tool to quickly recon a running open proxy server
proxycheck is a simple tool that will work on a reasonable *nix system
and may be used to quickly check whenever a given host or set of hosts
has open proxy server running (No, I will not adapt it to run on
winbloze machine, don't ever ask me about this).
Open proxies of various kinds are (ab)used nowadays for various evil
things like sending mass spam, hacking into your machine, making denial
of service attacks (DoS) and the like. Every such machine should be
either secured properly or turned off permanently, but that's not an
option, since in most cases there is either no administrator of such
machines exists at all, or he has no clue about what's on that machine,
or it's irrelevant for him. I tried to contact with several owners of
such open proxy servers, but almost without any success so far. So the
only way to stop massive abuse made via such machines is to block them.
But before it is possible, one need to know whenever any machine runs
such service or not. Also, network administrators (of an ISP for
example) are able to warn their clients whenever they are running an
insecure proxy services - periodical scanning of client's network may
also be a good idea.
This command-line tool, proxycheck, may be used for such purpose.
Currently, it understands 3 types of proxy servers: HTTP proxies that
allows you to CONNECT to any host:port, SOCKS v4 and v5 proxies
(http://www.socks.permeo.com/, originally http://www.socks.nec.com/),
wingate "telnet" proxy servers of various kinds (incl. e.g. CCProxy
variants and others), and FTP proxies that are able to create
transparent connections. It makes connections to either a set of given
ports or to default ports on a given list of IP addresses and tries to
convince a service on the remote side to make another connection to a
destination specified on proxycheck's command line. If that will
success, proxycheck when runs some specified action - tries to "talk"
with a destination system, and if the dialog was successful, it assumes
the proxy server to be "open".
A destination you give to proxycheck will usually be your own machine,
with a well-known service running on some port that replies to any
connection attempt with a well-known fixed string. Typical example is
your own mailserver on port 25: whenever someone connect to this port,
an SMTP greeting message will be sent to remote. So if you tell
proxycheck to attempt to make proxy connection to your own mail server,
it will be sufficient to treat that proxy as open if proxycheck will
see your smtp server's standard greeting message.
proxycheck is able to test many different IP addresses and ports
simultaneously, to speed up testing. It will try to open as many
connections in parallel as allows by your system's resources, or up to
specified limit. So it is possible to scan the whole networks using
this tool. But be warned that doing so may be not what owners of those
networks likes.
--
Regards,
Al Nikolov
Informational and Analytics Centre of Saint-Petersburg
Reply to: