How nd Why Attackers Use Proxies

Masking one’s IP address is a standard practice when conducting illicit activities. A well-configured proxy provides robust anonymity and does not log activity, thereby frustrating law enforcement effort to identify the original location of the  person involved.

A proxy allows actors to send network  traffic through another computer, which  satisfies request and returns the result,  Students or employees can use proxies to communicate with blocked services such as internet relay chat and instant messaging, or to browse websites that administrations  block. Attackers also use proxies because  internet protocol addresses are traceable,  and they do not want to reveal their true location. As one example, idefense wrote  about the fast-flux architecture which uses a proxy infrastructure to satisfy requests. Proxies are also a common source of spam e-mail messages, which use open relays.

Proxies are useful to attackers in many ways.Most attackers use proxies to hide their IP address and therefore, their true  physical location. In this way, attackers can conduct fraudulent financial transactions, launch attacks, or perform other actions  with little risk. While law enforcement can visit a physical location identified by an IP address, attackers that use one proxies  across country boundaries are more  difficult to locate. The endpoint can only  view the last proxy with which it is directly  communicating and not any of the intermediary proxy or the original location.

Proxies provide attackers with a way to lower their risk of investigator identifica- tion of their true IP address. In the  hypothetical attack displayed in this pic. , the victim’s log file contains only one of the many IP addresses that investigators need  to locate the attacker.

Attackers operate free proxies or alter a victim’s proxy settings because proxies  can serve as a monitoring tool. Anonproxy is one example of a malicious proxy that it Is authors designed to monitor users and steal information such as social networking passwords. Since a proxy relays traffic, it also has the ability to log nd alter sensitive pages or information. Attackers must either convince users or install malicious code to modify proxy settings themselves.

Malicious code author also install local proxies. By altering the host’s file or browser configuration to use the proxy, the attacker redirects requests and capture confidential information. Some banking  Trojans give attackers the ability to proxy requests through the victim’s browses  because conducting fraud from a legitimate user’s IP address is less suspicious. Local  proxies are more difficult to identify b’coze the local proxy dose not open any network ports and scanning the system will reveal  no changes.