to Proxy or not to Proxy ?

Hi all,
Could I ask for some opinions regarding using a proxy ?

Here in the UK, I use Freeserve as my dial-up ISP. There is a web-cache
proxy available for use if required, tho' IE6 works fine with or without
(a small increase in page loads occurs if I use the proxy).
The problem is, that if I use the proxy, then my Outpost Firewall logs
only register connections to it, so I suffer from a serious lack of
information about where my browser connections are going and what I
could block (like adclick connections etc).

I'm really not sure about the merits of with/without the proxy, can
anyone clarify what's best ?

TIA
--
DaveP (UK)
0
DaveP
7/1/2002 10:13:00 PM
grc.security 16608 articles. 3 followers. Follow

8 Replies
1695 Views

Similar Articles

[PageSpeed] 35

> Here in the UK, I use Freeserve as my dial-up ISP. There is a web-cache
> proxy available for use if required, tho' IE6 works fine with or without
> (a small increase in page loads occurs if I use the proxy).
> The problem is, that if I use the proxy, then my Outpost Firewall logs
> only register connections to it, so I suffer from a serious lack of
> information about where my browser connections are going and what I
> could block (like adclick connections etc).

Dave

Not sure I understand about firewall only showing connections to Freeserve
cache. I am with FS and you run through their web-cache proxy whether you
configure your browser to do so or not. It's just a little 'bonus' FS offer
their users - they let you use their cache even if you try not to. Swell
guys. That said my firewall (kerio), logs all end-point IP addresses
correctly. If you sort it out could you post back as I am quite interested
in how people handle their FS dialup.

Michael
0
Michael
7/1/2002 10:45:00 PM
Michael,
thx for quick reply,
to clarify, if I set IE6 to use freeserve-cache my OP logs only show
connections to the cache, not individual website connections. If I
deselect the cache option then OP shows the individual website
connections, either by resolved name or IP address.
Why do you think that FS forces you to use their cache whatever your
browser settings are ?

I've posted to the OP forum with the same query, so I'll let you know
what the outcome is.............if there is one :)

> Not sure I understand about firewall only showing connections to
> Freeserve cache. I am with FS and you run through their web-cache
> proxy whether you configure your browser to do so or not. It's just a
> little 'bonus' FS offer their users - they let you use their cache
> even if you try not to. Swell guys. That said my firewall (kerio),
> logs all end-point IP addresses correctly. If you sort it out could
> you post back as I am quite interested in how people handle their FS
> dialup.




--
DaveP (UK)
0
DaveP
7/1/2002 11:19:00 PM
> thx for quick reply,
> to clarify, if I set IE6 to use freeserve-cache my OP logs only show
> connections to the cache, not individual website connections. If I
> deselect the cache option then OP shows the individual website
> connections, either by resolved name or IP address.
> Why do you think that FS forces you to use their cache whatever your
> browser settings are ?
>
> I've posted to the OP forum with the same query, so I'll let you know
> what the outcome is.............if there is one :)
>
> > Not sure I understand about firewall only showing connections to
> > Freeserve cache. I am with FS and you run through their web-cache
> > proxy whether you configure your browser to do so or not. It's just a
> > little 'bonus' FS offer their users - they let you use their cache
> > even if you try not to. Swell guys. That said my firewall (kerio),
> > logs all end-point IP addresses correctly. If you sort it out could
> > you post back as I am quite interested in how people handle their FS
> > dialup.

Dave

If you do a whois on your own IP address with no browser configured proxy
you get addresses like ~cache.pol.co.uk registered to Energis Squared (read
Freeserve), because FS use a transparent proxy server which you can not
avoid. This is entirely separate to any additional proxies (FS or
otherwise), that my be added via IE tools. My guess here is that if you do
configure a further FS proxy it is opaque and so your firewall reads only
it. I would suggest you not use the FS proxy browser config as any benefits
you might get from it you probably are already getting from the transparent
proxy. Any speed difference is probably negligible. The only additional
proxy I use is a local one to filter HTML (Proxomitron).

Michael
0
Michael
7/2/2002 2:27:00 AM
In article <afqk35$9i$1@news.grc.com>, daveap52Spam@hotmail.com says...
> Hi all,
> Could I ask for some opinions regarding using a proxy ?
> 
> Here in the UK, I use Freeserve as my dial-up ISP. There is a web-cache
> proxy available for use if required, tho' IE6 works fine with or without
> (a small increase in page loads occurs if I use the proxy).
> The problem is, that if I use the proxy, then my Outpost Firewall logs
> only register connections to it, so I suffer from a serious lack of
> information about where my browser connections are going and what I
> could block (like adclick connections etc).
> 
> I'm really not sure about the merits of with/without the proxy, can
> anyone clarify what's best ?
> 
> TIA
> --
> DaveP (UK)


I think you may have misunderstood the way that Freeserve is
configured behind the scenes.  For further information see
the Freeserve user forums.

Freeserve offers ONLY access to the Internet via its
web-cache proxy, at your machine you may choose to
configure to use the proxy or not, this will affect the
way that software on your machine will react.

Therefore for your needs I'd suggest configuring IE6 not
to use a proxy (or as in my case set Proxomitron to filter
my HTTP communications or other local proxy)

Indeed if you choose to leave the autoconfigured default
to use FS Proxy as is, this will prevent your use of other
free/paid ISP's since IE6 will always try to use the FS
Proxy which is only accessible to FS users, so you'll get
an error.

Likewise FS ALWAYS rewrite the headers of all email and
will highjack SMTP communications.   This means that
unless you use non-standard email ports or protocols
when you send SMTP supposedly direct to another server
the following happens:
FS will spoof that you are talking to the destination
server <you are not>.  All passes through FS mailservers
regardless.  Lastly the outgoing headers are faked in
order that it is not immediately obvious to the receiving
server that communications were highjacked and the email
did not come directly from your machine.

There are very strong implications regarding interception
of email, you will have agreed to <special> terms regarding
mail passing through FS mail-servers.  It is not obvious
to newcomers that direct mail MX is silently passed through
FS servers and therefore also subject to filtering and/or
mirroring.

PS I love Freeserve for quality and being able to
send email with non-standard headers that almost all
other ISP's will block.   But private email goes via
alternate ISP's

I'm not sure of of the current situation but I agreed
that Freeserve will silently delete identical emails
to more than 10 addresses unless I apply with good
reason to have the filter modified.


Ash
0
Ash
7/2/2002 10:35:00 AM
> Likewise FS ALWAYS rewrite the headers of all email and
> will highjack SMTP communications.   This means that
> unless you use non-standard email ports or protocols
> when you send SMTP supposedly direct to another server
> the following happens:
> FS will spoof that you are talking to the destination
> server <you are not>.  All passes through FS mailservers
> regardless.  Lastly the outgoing headers are faked in
> order that it is not immediately obvious to the receiving
> server that communications were highjacked and the email
> did not come directly from your machine.
>
> There are very strong implications regarding interception
> of email, you will have agreed to <special> terms regarding
> mail passing through FS mail-servers.  It is not obvious
> to newcomers that direct mail MX is silently passed through
> FS servers and therefore also subject to filtering and/or
> mirroring.

Ash

Can I ask which Freeserve User forums you refer to, do you mean running off
the FS webpage - must admit I hardly ever visit it. Also can you tell me
which other ISP you use to pass private mail and does FS cache web-based
email and chat etc ? I am not sure exactly how FS cache pages, do they just
cache everything I visit or just pre-selected popular pages that I happen to
got to ?

Many thanks

Michael
0
Michael
7/2/2002 7:46:00 PM
In article <aft014$2c7u$1@news.grc.com>, news_acc[REMOVE]@hotmail.com says...

Hi Michael,


> Ash
> 
> Can I ask which Freeserve User forums you refer to, do you mean running off
> the FS webpage - must admit I hardly ever visit it.

Likewise, I don't visit the website often.
But yes, the Freeserve User forums have exploded in number, before I was
invited to find another ISP FS had about 15 private forums, now there are 36.

During my occasional sample of current topics Webcache and Mail recure.
Try entering the forums via news.freeserve.net only visible to FS users.

freeserve.help.misc
freeserve.fsmail
freeserve.help.windows.browser

Energis squared personnel have taken time to discuss the main features of
how the various caches work, however as you noticed new users
or existing users must plug into the right forums.

freeserve.faq  might have the official line, but the last few times I
looked the forum seemed abandoned.


> Also can you tell me  which other ISP you use to pass private mail and does
> FS cache web-based email and chat etc ? 

I've never heard of another UK ISP that routes SMTP mail through its
own servers silently <g>  And in practice this is very useful as normaly
ISP's are configured to accept only mail from their own domain or with
correct message ID line to prevent relaying.   I can't answer the second
part of your question having not seen official answers.
However Smartgroups.com that FS bought is speculated to have 'active
moderation' since FS is marketed as a Family ISP 

> I am not sure exactly how FS cache pages, do they just cache everything
> I visit or just pre-selected popular pages that I happen to got to ?

I always understood everything was cached, but it seems reasonable to
me that low hit pages might be flushed first given a fixed size of
cache. 


Ash

> Many thanks
> 
> Michael
> 
0
Ash
7/2/2002 10:30:00 PM
DaveP wrote:
> Hi all,
> Could I ask for some opinions regarding using a proxy ?

Many thx to Michael & Ash,
I am now much more aware of how FreeServe works and am grateful for your
clear explanations.
It's gives me a nice warm feeling that I am protected (to a degree) by
an invisible proxy :):)
I did, at one point, become quite paranoid about hackers (probably comes
from reading all the posts in this NG) but it's reassuring to know that
it's much less likely with a changing IP address and an invisible proxy
too :)


--
DaveP (UK)
0
DaveP
7/2/2002 10:37:00 PM
Thanks Ash for response.

> > Can I ask which Freeserve User forums you refer to,

> freeserve.help.misc
> freeserve.fsmail
> freeserve.help.windows.browser

Already subscribe to first and last newsgroups. Must have a look at their
web-site some day but there always seems to be something more interesting to
do.

> > I am not sure exactly how FS cache pages, do they just cache everything
> > I visit or just pre-selected popular pages that I happen to got to ?

> I always understood everything was cached, but it seems reasonable to
> me that low hit pages might be flushed first given a fixed size of
> cache.

Imagine they would have to do quite a bit of pruning otherwise they might
suck in the whole internet - was just interested whether they do actually
cache everything as a first step. Expect that web mail and chat may very
well be cached in which case.

Michael
0
Michael
7/3/2002 8:21:00 PM
Reply:

Similar Artilces:

proxy to proxy
We will connect with our Bordermanager to an other proxy. but there is a syntax-problem our BM-Proxy will build the connection with(Trace) ....cyberbanking.bankkoop.ch:443/ HTTP/1.0..... but there should not be / according to RFC there is no "/" Slash allowed. Beat Brunner <<...cyberbanking.bankkoop.ch:443/ HTTP/1.0..... that has been fixed in the latest patches Gonzalo > <<...cyberbanking.bankkoop.ch:443/ HTTP/1.0..... > > that has been fixed in the latest patches > > Gonzalo > what do you meen with lastes patches ...

to proxy or not to proxy that is the ?
ok, i had jconect on NT and my AIX Sybase database on an RS/6000, so i used the proxy...fine. i have installed jconnect on the rs/6000, installed netscape fasttrack and i STILL have to use the proxy to avoid those -1 erro messages. does this mean that jConect always has to use that proxy no matter where anything lives? i am confused.... please enlighten me This is a multi-part message in MIME format. --------------6A7C6750A66874EBD6E2677A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit If you remove the "proxy" connection property fro...

Proxy to proxy
Hi. We use BM 3.8 as a proxy server and the main task is to restrict which url's the users can use. In the network there is another proxy server with internet access. Is it possible to setup BM to use another proxy server to connect to internet? And if yes, how ? Magne Absolutely. Search under "Cache Hierarchy Client". Basically....enable the client on the BM box, add you upstream proxy (Neighbor Hostname) add the correct port for the type of upstream proxy, add the type of proxy, usually you can just leave the priority at "1". looks like this...

proxies, FTP, and security risks ("analogx proxy", specifically....)
Hi Folks, thanks to all of you for posting interesting and useful information. been a 'lurker' for a while and have learned lots of cool and useful facts from the wisdom you all share! i recently downloaded a "proxy" app from the www.analogx.com website (they've got lots of very wonderful, very FREE, and very useful tools there, do check it out if you're interested. Nice site design as well.) My reason for using a proxy is to let my winNT machine (lan'd to my XP/adsl machine) see the internet, or share my ADSL as well. For http, it seems to work ...

Proxy
--____JKLSGNJWRNBUMXCVJFMC____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi, Can one see which proxy user has sent/read message/s? Mike. --____JKLSGNJWRNBUMXCVJFMC____ Content-Type: multipart/related; boundary="____HERLXXSSHDSASFILEGVA____" --____HERLXXSSHDSASFILEGVA____ Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"= > <META content=3D"MSHTML 6.0...

Mail Proxy or Generic Proxy
Hi, i will allow e-mail thru bm but what is the best way to do. Enable mailproxy on bm or create generic proxy? i know the proxy.cfg with the line: AllowGTCPProxyToUsePort25=1 and the other options from craig site. king regards thomas kreis Thomas, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp - Check al...

HTTP Proxy and Transparent Proxy
Dears: I have BM 3.7 and NW 6.0, i wanna a use, HTTP Proxy and Transparent Proxy together in the same machine, but use diferent IP Addresses in the same Private NIC, for the services, for example HTTP Proxy : 192.168.0.10:8080 ... for some users THTTP : 192.168.0.20:80 ... for other different users any idea ?, I look in the manual, but i did not found nothing.... Thanks in advance, Jose from Chile this cannot be done. The transparent proxy will affect all users. -- Cat NSC Volunteer Sysop ...

BM proxy via other proxy
Hi. How can BM 3.8 connect to another proxy server (non BM) to get access to internet? Magne Magne, you've to configure a proxhy hierarchy. this is done in NWadmn32, Bm setup, HTTP proxy, details, cache hierarchy client. You've to configure a PArent proxy (this would be the proxy that your BM has to access to get to the internet). If you don't have access to the Internet AT ALL, unless you go through this upstream proxy, you should configure a CERN parent. -- Caterina Novell Support Connection Volunteer Sysop ...

Proxy preferences (authenticated proxy)
Hi all, I'm using xulrunner 1.9.0.19 and trying to get web access via a proxy working. So far I have added this the preferences: pref('network.proxy.type', 1); pref('network.proxy.http', '192.168.13.254'); pref('network.proxy.http_port', 3128); and that works, but still prompts me for the proxy username/password. Is there some way I add the username/password to the preferences? Some applications allow a proxy to be specified as: http://username:password@192.168.13.253:3128/ Any plans to add something like this to xulrunne...

Spambo Proxy and AV Proxy
How will the two of these react together. eg Spambo and Nav as an example?? Thanks Chris ...

KLASSP Secure Proxy for password security
http://research.microsoft.com/pubs/69368/acsac06.pdf Hi All, See link above. Anyone know if this system has actually been implemented anywhere? I did some googling and didn't find anything. Appears to be a nice solution to thwart keyloggers on public computers. Cheers, Tom Tom C wrote: > http://research.microsoft.com/pubs/69368/acsac06.pdf > > Hi All, > > See link above. Anyone know if this system has actually been implemented > anywhere? I did some googling and didn't find anything. Interesting document. A few points that occur to me:...

GroupWise 6.5 POA as Internet Proxy (no, not _via_ a proxy, but *as* a proxy)
I have a client who wants to make four GroupWise POAs accessible to remote Internet users via one public IP address through their BorderManager server. We have come across several posts claiming that GroupWise 6.5 has a *new* feature that allows the POA to *act as a proxy* for other POAs - this means we could open *one* port on the firewall that every outside GroupWise client could connect to. This port would be redirected to *one* (special purpose?) POA that would then act *as* another Proxy and forward requests on the clients behalf to the destination POA. I understand the tradi...

superreview granted: [Bug 84732] Installer proxy info (all-proxy.js) shouldn't be saved in Mozilla : [Attachment 148177] turns off all-proxy.js when install via proxy
Daniel Veditz <dveditz@cruzio.com> has granted benc@chuang.net's request for superreview: Bug 84732: Installer proxy info (all-proxy.js) shouldn't be saved in Mozilla http://bugzilla.mozilla.org/show_bug.cgi?id=84732 Attachment 148177: turns off all-proxy.js when install via proxy http://bugzilla.mozilla.org/attachment.cgi?id=148177&action=edit ------- Additional Comments from Daniel Veditz <dveditz@cruzio.com> ok by me sr=dveditz ...

superreview requested: [Bug 84732] Installer proxy info (all-proxy.js) shouldn't be saved in Mozilla : [Attachment 148177] turns off all-proxy.js when install via proxy
benc@chuang.net has asked Daniel Veditz <dveditz@cruzio.com> for superreview: Bug 84732: Installer proxy info (all-proxy.js) shouldn't be saved in Mozilla http://bugzilla.mozilla.org/show_bug.cgi?id=84732 Attachment 148177: turns off all-proxy.js when install via proxy http://bugzilla.mozilla.org/attachment.cgi?id=148177&action=edit ...

Web resources about - to Proxy or not to Proxy ? - grc.security

Proxy bomb - Wikipedia, the free encyclopedia
The proxy bomb (also known as a human bomb ) was a tactic used mainly by the Provisional Irish Republican Army (IRA) in Northern Ireland during ...

Facebook Platform Email Sharing API, Proxy Email Service Going Live in 5 Days
We just wrote yesterday about recent updates to Facebook’s Developer Roadmap , the calendar Facebook originally launched last October to give ...

VPN in Touch - Unblock Facebook, WiFi Hotspot Security, Web Proxy, Free VPN for iPhone and iPad on the ...
Get VPN in Touch - Unblock Facebook, WiFi Hotspot Security, Web Proxy, Free VPN for iPhone and iPad on the App Store. See screenshots and ratings, ...

How To Use Google Translate As A Proxy - 2015 - YouTube
How To Use Google Translate As A Proxy - 2015 Full transcript: How To Use Google Translate As A Proxy To use Google Translate as a proxy, if ...

How 'free' geo-dodging and proxy services are selling you out
'Free' services that work with a web browser to access blocked overseas content have been shown to actively steal your information, spy on you ...

Proxy feud puts $1bn iron ore play in limbo
The ownership of Koolyanobbing in WA is in limbo pending the outcome of a proxy battle at its US owner, Cliffs Natural Resources.

Malware uses Google Docs as proxy to command and control server
Security researchers from antivirus vendor Symantec have uncovered a piece of malware that uses Google Docs, which is now part of Google Drive, ...

Lebanon: Nation with no real unity stuck as proxy for region's conflict
The National Museum of Beirut houses one of the greatest prehistoric collections in the world. It's here you'll find the earliest example we ...

BHP Billiton showing remuneration 'disconnect', proxy adviser warns
Proxy advisers say BHP shareholders should question a short-term incentive paid to BHP chief Andrew Mackenzie

Li Ka-Shing's Offer For Power Assets Is Not Good Enough, Proxy Advisers Say
EJ Insight Li Ka-Shing's Offer For Power Assets Is Not Good Enough, Proxy Advisers Say Barron's (blog) Institutional Shareholder Services ...

Resources last updated: 12/11/2015 6:39:13 PM