[RESOLVED] ISP proxy faster, but ShieldsUP!! fails for stealthy ports!
Greetings!
Any suggestions as to how I can regain stealth ports when using my ISP's proxy server address?
On 2 router networked machines* I recently tested a tip** that asserted that broadband transfer rates, ups/downs, are likley to substantially increase and can potentially even more than double simply by connecting via the ISP's proxy server address.
I did a simple test comparing the reg configuration download rates - connecting to the router LAN/MAC address, with the proxy enabled rates for AVG update downloads.
I clearly see a substantial increase in download speeds, about 3x faster for both machines, when using the proxy address connection versus the reg configuration.
It is noteworthy that the tip I found and tested did not give any support info for adding the router access variable.
HOWEVER, while Steve Gibson's ShieldsUP!! - common ports test has always passed these machined as being 100% stealth on all ports, I just found out that both machines FAIL with even a few ports showing as wide open!
I'm pretty confident that for broadband network savvy techies (not me), the varying security readings are both logical and predictable for both connection configurations. I hope that you are among the savvy and are able/willing to provide me instructions for maybe resuming 100% port stealth for both machines with both connected via the the proxy address connection . any takers??
TIA for reading this post and for any related comments and/or suggestions!
^dAvEy^
NOTES:
* 2 museum piece 98se machines
- 400 & 266 mhz
- 280 & 128 mb, 100mhz, 168pin dbl sd SDRAM
- IE 6 & 5.5 SP2
- NIC wired & wireless to netgear 54mb WG614 router...
- CAT5 wired to cable broadband...
- modem running highspeed (not litespeed or extreme speed) service
BOTH 98se PC's:
- ZA free 2.6362
- AVG free 7.1
** Internet Options
Connections tab
LAN Settings
Proxy server section
"Use proxy server for your LAN..." - ENABLE
Address: <text box - user's ISP's proxy server address> <text box - appropriate port #>
Advanced...
"Use the same proxy server..." - ENABLED
"Do not use proxy server for addresses..." <text box - a few addresses were included in the tip's instructions>
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
Is it testing the same IP address both times? It's possible that the second set of tests is actually running against the proxy server.
Thanks for your reply post, Turtle.
- no, it is testing different IP addresses each time and the "machine name" changes as well
- I don't understand what it means for the "second set of tests [to be] actually running against the proxy server" - does it mean that it may not really be testing MY PCs' ports?
EDIT:
I don't know whether this sheds light or not, but I think it might be relevant that although the router settings are to get DNS server address automatically, the IP address being tested by ShieldsUp!! common ports scanner, when proxy address connected, is VERY close to the DNS primary and Secondary DNS addresses I have listed as options, should I be wanting to enable specific DNS server addresses.
Last edited by ^dAvEy^; October 1st, 2006 at 05:42 PM.
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
- I don't understand what it means for the "second set of tests [to be] actually running against the proxy server" - does it mean that it may not really be testing MY PCs' ports?
Exactly. When you're browsing normally (without a proxy), the connections look like this:
Code:
Request:
You ------------------------> ShieldsUP
Probes:
You <------------------------ ShieldsUP
The way a proxy server works is that you request stuff from the proxy, and then it connects to another machine and makes the request on your behalf. One of the side effects is that the server at the far end thinks it's talking to the proxy server instead of you. There are ways for the proxy to tell the end server who is ultimately making the request, but they're pretty poorly defined. So what I think is happening here is this:
Code:
Request:
You --------> Proxy --------> ShieldsUP
Probes:
You Proxy <-------- ShieldsUP
As a workaround, try unchecking the "Use the same proxy server for all protocols" box and just putting the proxy info in the HTTP line. Since you're doing this for a speed boost and not to get through a firewall, it doesn't matter that HTTPS traffic will be going direct. See what happens then.
I think I'm following you at least part way, Tuttle...
I did as you directed and here's what I found:
- I DON'T like that my WAN MAC address is embedded in my machine name entry at ShieldUp!!, BUT...
- the IP address showing is same as when I was not using the proxy, AND...
- All ports showing as stealth!
Now...
what's going on??
I get the sense you have figured this out, Tuttle...
think there's any problems?
I know GRC suggests a red flag when the machine name has anything in it that directly ID's me or my machine(s)...
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
The ShieldsUP! page uses HTTPS (encrypted HTTP, same as online banking etc). This is mainly to work around intercepting proxies run by many ISPs.[1]
The way you originally configured IE, both HTTP and HTTPS were going through the proxy server, so ShieldsUP! just saw a request from the proxy server and scanned it instead of you.The way it's configured now, only HTTP traffic is going through the proxy, so the HTTPS request to ShieldsUP! comes from you and you get scanned. You should be getting identical results to when you weren't configured for the proxy at all.
Having it configured like you do now is fine -- there are no speed benefits from passing HTTPS traffic through a proxy (it's encrypted anyway, so all the proxy can do is pass it back and forth without caching anything).
As for the first bit...
Blame your ISP. Open a command prompt and type "nslookup 24.xx.yy.zz" (no quotes, using your IP address) and there it is. Change the zz around a bit (1..255) and there are other customers' MAC addresses.
That said, I really don't see an issue with that; MAC addresses are useless once you cross a single network boundary (ie any router). It would help your ISP with abuse complaints though; "this IP address, this time, and the reverse DNS at the time had this MAC address in it" makes it pretty easy to identify a particular customer.
Note that most of your web browsing (HTTP stuff) is through the proxy anyway, so most web sites will be getting the proxy's IP address instead of yours.
So yeah, you're fine.
[1]Like mine -- any outgoing traffic on port 80 automatically runs through a really big proxy server, whether I configure my browser for it or not. That only works on HTTP traffic though; there's no useful way to intercept HTTPS.
excellent, Tuttle - all you've said checks out, my trasnfer rates are way up, my Shieldsup!! scans are coming up 100% stealth again, and I've learned a bunch of stuff through the process - thanks!!
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
[RESOLVED] ISP proxy faster, but ShieldsUP!! fails for stealthy ports!
Reply With Quote
Originally Posted by Tuttle
