At my work we were shocked to find out what the outside world could tell
just from our HTTP headers. We used anonymiser (link off front page)

We have used Squid's features to (for want of a better term) 'trim' the
verboseness going out of the organisation.

If you'all don't know - a few things that go out are:

Internal IP addresses.
Hostnames/IP's of all proxies on the way out.
Applications you have installed.
What browser you're using.
Where you came from.
Screen resolution
OS you're running
Your email (through a kludge, tricking your browser into anonymous ftp'ing)

----- Original Message -----
From: "Adam Warner" <adamw@ihug.co.nz>
To: "ADSL Mailing List" <adsl@freebsddiary.cx>
Sent: Saturday, April 08, 2000 10:05 PM
Subject: RE: Using a gateway: How could they tell?

> Hi Bruce,
>
> Yes, it's IE5 and/or NN4 doing it.
>
> Here's the text IE5 sends about me (obtained from
> http://privacy.net/analyze/):
>
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> application/vnd.ms-powerpoint, application/vnd.ms-excel,
> application/msword, application/pdf, */* Accept-Language: en-nz Host:
> privacy.net User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT
> 5.0) Cookie: Date=4%2F7%2F00; Privacy%2Enet=Privacy+Analysis Via: 1.0
> Proxy+ (v2.30 http://www.proxyplus.cz) Accept-Encoding: gzip, deflate
> X-Forwarded-For: 192.168.100.11
>
> Can you also see that it's telling the world that I have MS PowerPoint,
> Excel and Word Installed?
>
> Well it now looks like I need a program to filter the data that is sent.
> Preliminary investigations haven't been fruitful, although I think the
> program would have to be a packet filter sitting on the server.
>
> So if you were seeking to hide a private network NAT software would be
> the only way to go.
>
> Regards,
> Adam
>
>
> -----Original Message-----
> From: owner-adsl@ns.freebsddiary.cx
> [mailto:owner-adsl@ns.freebsddiary.cx]On Behalf Of Bruce Hoult
> Sent: Friday, 7 April 2000 10:01 p.m.
> To: adsl@freebsddiary.cx
> Subject: Re: Using a gateway: How could they tell?
>
> >Hi Bruce,
> >
> >Well I don't know about the general situation but in my case Chello
> >could very easily tell that I am using a proxy server.
> >
> >If I run this whois web interface:
> >http://www.leader.ru/secure/who.html
> >
> >...I receive this output:
> >Remote address 203.109.252.15
> >SQUID-like proxy servers detected 2
> >Nearest client for this type of proxy 192.168.100.11
> >Name of the nearest proxy Proxy+
> >Type of the nearest proxy v2.30 http://www.proxyplus.cz
> >The client's address we got 192.168.100.11
> >You're probably sitting on the LAN connected to the NAT/Proxy
> >NAT address we got p57-tnt2.akl.ihug.co.nz
> >Browser MSIE v5.X
> >OS Windows NT
>
> Pretty cool site. Very impressive results.
>
> However, I *think* it's getting virtually everything from your web
> broswer
> and that this method will only work if you can persuade someone at the
> site
> to hit your web site *NOT* just by randomly probing at sites.
>
> Let's see...
>
> yep. I just hit it from Netscape on the gateway machine, instead of
> from
> the Mac. Sure enough the list of information was about five times
> shorter,
> was only things that you'd expect to be public knowledge given your IP
> number, and in particular there was no stuff about proxies, no internal
> network IP numbers.
>
> -- bruce
>
>
>
> To unsubscribe: send mail to majordomo@freebsddiary.cx
> with "unsubscribe adsl" in the body of the message
>
>
> To unsubscribe: send mail to majordomo@freebsddiary.cx
> with "unsubscribe adsl" in the body of the message
>

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Sat Apr 8 22:39:16 2000