New Zealand ADSL Mailing List


RE: Using a gateway: How could they tell?

From: Adam Warner <adamw_at_ihug.co.nz>
Date: Sat, 8 Apr 2000 22:05:25 +1200
Message-ID: <LOBBIPDBPNPCNGEDAKCCGEKFCDAA.adamw@ihug.co.nz>

Hi Bruce,

Yes, it's IE5 and/or NN4 doing it.

Here's the text IE5 sends about me (obtained from
http://privacy.net/analyze/):

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, application/pdf, */* Accept-Language: en-nz Host:
privacy.net User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT
5.0) Cookie: Date=4%2F7%2F00; Privacy%2Enet=Privacy+Analysis Via: 1.0
Proxy+ (v2.30 http://www.proxyplus.cz) Accept-Encoding: gzip, deflate
X-Forwarded-For: 192.168.100.11

Can you also see that it's telling the world that I have MS PowerPoint,
Excel and Word Installed?

Well it now looks like I need a program to filter the data that is sent.
Preliminary investigations haven't been fruitful, although I think the
program would have to be a packet filter sitting on the server.

So if you were seeking to hide a private network NAT software would be
the only way to go.

Regards,
Adam

-----Original Message-----
From: owner-adsl@ns.freebsddiary.cx
[mailto:owner-adsl@ns.freebsddiary.cx]On Behalf Of Bruce Hoult
Sent: Friday, 7 April 2000 10:01 p.m.
To: adsl@freebsddiary.cx
Subject: Re: Using a gateway: How could they tell?

>Hi Bruce,
>
>Well I don't know about the general situation but in my case Chello
>could very easily tell that I am using a proxy server.
>
>If I run this whois web interface:
>http://www.leader.ru/secure/who.html
>
>...I receive this output:
>Remote address 203.109.252.15
>SQUID-like proxy servers detected 2
>Nearest client for this type of proxy 192.168.100.11
>Name of the nearest proxy Proxy+
>Type of the nearest proxy v2.30 http://www.proxyplus.cz
>The client's address we got 192.168.100.11
>You're probably sitting on the LAN connected to the NAT/Proxy
>NAT address we got p57-tnt2.akl.ihug.co.nz
>Browser MSIE v5.X
>OS Windows NT

Pretty cool site. Very impressive results.

However, I *think* it's getting virtually everything from your web
broswer
and that this method will only work if you can persuade someone at the
site
to hit your web site *NOT* just by randomly probing at sites.

Let's see...

yep. I just hit it from Netscape on the gateway machine, instead of
from
the Mac. Sure enough the list of information was about five times
shorter,
was only things that you'd expect to be public knowledge given your IP
number, and in particular there was no stuff about proxies, no internal
network IP numbers.

-- bruce

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Sat Apr 8 22:06:09 2000


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:03 2006 EST