[e2e] Detecting middle boxes
David G. Andersen
dga at lcs.mit.edu
Mon Feb 11 18:53:18 PST 2002
Christian Huitema just mooed:
>
> > I think my reply to David earlier was lost, but I like the idea of
> > trying to find ways for the ends to detect middle boxes. One
> unoriginal
> > idea might be to use traceroute style packets using common middle box
> > altering packet types. So instead of the typical ICMP/UDP traceroute
> > packets, use TCP port 25, 53 or 80 packets, increasing the TTL to map
> > out the route.
>
> A simple solution to detect a class of proxies is to have a cooperative
> responder on the Internet, to try to connect using port 25, 53, 80,
> etc., and to have the responder provide a response that returns the
> characteristics of the connection. If you want to do this seriously, the
> response should contain a hash of the incoming message (detect
> tampering) + a copy of the incoming IP address and port (detect address
> rewriting and port mapping); the response should be signed.
A very simple way to do this, at least for HTTP, is to take
advantage of the apache default CGI script "printenv". If you want
a quick test to see if you're being transparently proxied for HTTP:
104 dave:~> lynx -dump http://eep.lcs.mit.edu/printenv.cgi | grep REMOTE_ADDR
REMOTE_ADDR="24.218.249.231"
As you point out, a sufficiently clever proxy could do some munging,
but since the output of printenv isn't in any way standardized, best luck
to them.
-Dave
--
work: dga at lcs.mit.edu me: dga at pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
More information about the end2end-interest
mailing list