linux poison RSS
linux poison Email

Checks existence of open proxy - proxycheck

Open proxies of various kinds are used nowadays for various evil things like sending mass spam, hacking into your machine, making denial of service attacks (DoS) and the like. Every such machine should be either secured properly or turned off permanently, but that's not an option, since in most cases there is either no administrator of such machines exists at all, or he has no clue about what's on that machine, or it's irrelevant for him. So the only way to stop massive abuse made via such machines is to block them. Also, network administrators (of an ISP for example) are able to warn their clients whenever they are running an insecure proxy services - periodical scanning of client's network may also be a good idea.

This command-line tool, proxycheck, may be used for such purpose. Currently, it understands 3 types of proxy servers: HTTP proxies that allows you to CONNECT to any host:port, SOCKS v4 and v5 proxies, wingate "telnet" proxy servers of various kinds (incl. e.g. CCProxy variants and others), and FTP proxies that are able to create transparent connections.

proxycheck is able to test many different IP addresses and ports simultaneously, to speed up testing. It will try to open as many connections in parallel as allows by your system's resources, or up to specified limit. So it is possible to scan the whole networks using this tool. But be warned that doing so may be not what owners of those networks likes.

Running Proxycheck:
proxycheck has detailed manual page inside an archive, read it for more information. Also, option -h (help) gives a short usage information and detailed list of protocols and ports proxycheck understands.

Usage is as follows. In simplest case, specify:
proxycheck -vv -ddsthost:dstport -c chat::"waitstr" list-of-IPs
where dsthost is the host and dstport is the port number of the destination system, and waitstr is a string to wait from the remote system. If you decide to connect to your own mailserver (which is quite logical, since most proxy abuse nowadays is to send spam to your mailserver), connect to it first using telnet and see which SMTP greeting string it prints out upon connection, and use this string as waitstr. For example, if your mailserver is mail.example.com, the following may apply:

  $ telnet mail.example.com 25
  Telnet: trying 127.0.0.1... connected.
  250 mail.example.com ESMTP welcome
  QUIT

In this case, your proxycheck's command line may look as follows:
proxycheck -vv -d mail.example.com:25 -c chat::"250 mail.example.com ESMTP welcome"  list-of-IPs


0 comments:

Post a Comment

Related Posts with Thumbnails