[LINK] technical question: security alert
Scott Howard
scott at doc.net.au
Thu Mar 5 16:50:54 AEDT 2009
On Wed, Mar 4, 2009 at 2:53 PM, Kim Holburn <kim at holburn.net> wrote:
> > Most ISPs using transparent proxies also do "IP Spoofing" so that the
> > packets hitting the website will appear to come from your IP address
> > (ie,
> > that of your NAT/ADSL link/etc) even though they actually don't.
>
> I really doubt that ISPs that have transparent proxies would do this.
I hope they have such systems - otherwise I have no idea what I've spent the
past few years implementing :)
If they did the return packets from the web-site would go straight to
> the client and not go through the proxy unless they caught them
> somehow.
"somehow" is generally WCCP - the Web Cache Coordination Protocol (or Web
Cache Communication Protocol, depending on who you believe). It the same
protocol which handles the interception of the outgoing packets (those going
_to_ port 80 which were previously headed towards the real website) and
redirects them towards proxy. On the return it just intercepts the incoming
packets (those coming _from_ port 80 and headed towards the client) and also
redirects them to the proxy.
It can make network design tricky, and it's a pain to troubleshoot if
something goes wrong, but once it's working it's generally fairly smooth,
and very transparent to both the users and the target website.
Scott.
More information about the Link
mailing list