Proxy servers have been in the news as of late, both as a result of the Iran putative election and a new legal case where Microsoft is suing purveyors of advertising click fraud. I thought I would take you through what proxies are, how they can be used for both good and evil, and what all the fuss is about. First, here is a little background. When you bring up your Web browser, you are asked how you want it to connect to the Internet. Most of us that have home PCs don’t use any proxy, and go out to the raw Internet without any fuss or buy proxy bother. But enterprises that want to cut down on their bandwidth usage, improve performance and security, and have control over what their users see use them all the time.
Each browser first checks and sees if the Web page that is being requested is on the proxy’s cache, or memory, and if so, it saves a few milliseconds or more by grabbing the page directly, without having to traverse the Internet at all. So proxies are often combined with caching servers to deliver the best combination of features and management. As far as the browsing user is concerned, all this happens without any notification, other than the pages seem to load quicker on their PCs. About the only configuration option is the IP address of the server, which is placed inside the browser options or network settings. And proxies are available for more than just Web protocols, although that is their most popular use case.
That is the good side of proxies. What about the evil side? Proxies are supposed to be for internal users of an enterprise, but if a hacker can find out the IP address of an internal proxy, they can gain access to lots of network resources. This was a common MO for the hacker Adrian Lamo, among others, and you still find corporations that haven’t locked their proxies down with the appropriate security. It is also possible for proxies to operate on a user’s PC without their knowledge, which is a common way botnets are created.
There are also proxies that are used to make your browsing history anonymous, which can be used for both good and evil; depending on what information you are trying to hide. Now to the news. Microsoft filed suit in federal court yesterday against three people it claims were defrauding Internet advertisers by having automated programs mimic users clickstreams. They found the fraudulent activities by tracing the actions to two proxy servers. And once they blocked the particular IP addresses of the proxies, the fraudsters would simply alter them in a continual game of cat and mouse. The fraud involved is significant, and ClickForensics estimates that of the total ad clickstream is faked.