Author Topic: Fake Proxy Host_Name & IP Filters!  (Read 19846 times)

JakBeNymble

  • Sr. Member
  • ****
  • Posts: 308
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Fake Proxy Host_Name & IP Filters!
« Reply #45 on: August 08, 2002, 06:17:56 PM »
Hi My "Proxomitronic-Friends",
   
                         The Via general-header field MUST be used by gateways and proxies to indicate the intermdiate protocols and recipients between the user agent and the server on requests, and between the origin server and the client on responses. It is analogous to the "Received" field of RFC 822std11(->2822prop)[9] and is intended to be used for "TRACKING" Message Forwards , Avoiding request loops, and "IDENTIFYING" the Protocol capabilities of ALL senders along the request/reponse chain.

The Protocol-name is optional if and only if it would be "HTTP". The received-by field is normally the host and optional port number of a recipient server or client that subsequently forwarded the message. However, if the Real Host is considered to sensitive information, it MAY BE REPLACED BY A "PSUEDONYM". If the port is not given, it "MAY" be assumed to be the default port of the received protocol.

"MULTIPLE VIA FIELD" values represent each Proxy or Gateway that has fowarded the message. Each recipient "MUST" append its information such that the end result is ordered according to the sequence of the forwarding applications.

For example, a request message could be sent from an HTTP/1.0 user agent to an Internal Proxy Code-Named "monica", which uses HTTP/1.1 to forward the request to a Public Proxy at 'Dry-cleaners.com, which completes the request by forwarding it to the origin server at www"Big-House.gov.com. The request received by www"Big-House.gov.com would then have the following Via header field:  

Via: 1.0 monica, 1.1 Dry-cleaners.com(Apache/1.1)

Proxies and Gateways used as a portal through a network firewall SHOULD NOT, by DEFAULT, forward the names and the ports of hosts within the firewall region. This information SHOULD only be propagated if explicitly enabled. If not enabled, the received-by Host of any Host behind the firewall "SHOULD BE REPLACED BY AN APPROPRIATE 'PSUEDONYM' for that host."

For organizations that have Strong Privacy requirements for Hiding Internal Structures, a proxy "MAY" combine an ordered subsequence of "Via" Header field entries with indentical received-protocol values into a single such entry. For example:
 
Via: 1.0 monica, 1.1 bill, 1.1 hillary, 1.0 cigar

could be collapsed to

Via: 1.0 monica, 1.1 clinton, 1.0 cigar

As You will notice there is an exception in the above examples where that a "User Agent"[us] on a LAN can be forwarded through an Internal Proxy[Proxomitron], as long as a "Appropriate Psuedonym" is used. It was upon this Psuedonym "loop-hole exception" that I was thinking about when the idea to create an Add-on to "Spoofers" that would make it "appear" not only that You were chained through two or three proxies, but also that You were a user on a LAN network. Of course this would ONLY be "Fake" forwarded information as Well.

Have a Great & Wonderful Day, My Proxomitronic-Friends!
Best Wishes,
"Glad-to-be-back-Jak"

Edited by - JakBeNymble on 08 Aug 2002  19:29:07