How to find transparent proxy servers of your ISP?

[hmtad name=”Adsense Unit 3″ align=”right”]
Transparent proxy servers are used by ISPs to speed up web browsing experience of users by delivering pre-cached contents from locally available servers. It has many applications starting from delivering streaming media (like youtube) to p2p downloads (like torrents).

In this example, I am going to show you how to detect the transparent proxy in case of my ISP that is Alliance Broadband, Kolkata. Here they use this feature to intercept streaming media and bit torrent traffic and serve it locally from their cached servers.

Steps:

  1. Download “Tracetcp” fromĀ http://tracetcp.sourceforge.net/.
  2. Copy tracetcp.exe to your documents folder (or any other location).
  3. From run type ‘cmd’ and open Command promp.
  4. Go to the location where you copied tracetcp. (using cd command).
  5. To get to know which commands are to be used, press “tracetcp -?” (without the quotes).
  6. Here we will run 3 scenarios. Case 1: Tracing normally using windows default tracert command.
  7. Type tracert www.google.com
  8. Case 2: Using tracetcp on port 80 (default port for tracetcp)
  9. Type tracetcp google.com:80 or tracetcp www.google.com
  10. Case 3: Using tracetcp on port 443 (SSL Port)
  11. Type tracetcp google.com:443

Analysis:

Case 1:

In this case we perform a simple traceroute using the windows default tracert command. First of all here we cannot use port numbers (like port 80,21,443 and so on), thus creating a huge limitation of this program.

Here we see a normal traceroute from my end to the domain’s – google.com.

No transparent cache or proxy servers are observed here.

Case 2:

Now, we use the tcptrace command, which is downloaded previously.

Here we specify the domain name along with its port number. First we’ll see what happens whe we trace port 80 (http port).

Here the trace continues normally till my first gateway (ISP). Then we see appearances of 3 private IPs with 10.X.X.X. These are nothing but the ISP proxy servers running in transparent mode meaning that no end user configuration is required. When an user browse an webpage, this request is first passed to this server and then after checking its presence in the cache (checking whether it’s a cache hit or a miss), it redirects the request to ISP gateway connected to the ISP’s transit provider (in this case Tata Communications).

Thus among these three IPs, the first and third one probably is a gateway, the second one is a cache server.

Case 3:

Now in our third case, we use tcptrace with port 443 that is our SSL port. Transparent caches/proxy cannot intercept https port. So here again we’ll see a normal traceroute connecting to the domain provided in the tracetcp command.

Security Issues with transparent caches:

It is true that transparent cache helps improve browsing experience to a great extent. But there is a severe security vulnerability which can be exploited by anyone (Yes anyone not necessarily a black hat) and can lead to a huge loss of revenue for the ISP in terms of international bandwidth.

As we know here, in India International Bandwidth is quite costly. So if anyone exploits this cache mechanism, he/she can bypass the Bandwidth Management System used at ISP end and surf/download at great speed (because this is the speed provided to the cache servers for faster cache acquisition and retrieval).

I will not discuss the exploit here in details as it may lead to criminal offences.

For those who are using this exploit and are happy with unlimited download/surfing speeds, please be aware that your IPs and the URLs visited by you are stored in the Cache/Proxy server’s log like in the following picture. So be happy with what you are paying for. Be informed,Be Safe!

Enjoyed this post? Share it!