Detect proxy server on ISP

Are you on broadband, If yes are you sure  there is no proxy server placed by your ISP ? You would ask how does that make a difference. It does. For the non geeks: Proxy is an appliance or a server application configured to serve pages cached locally. Let say you browse, here proxy would make a local copy and serve it  to the  next visitor from local database. This can be called as Man in the middle (We will skip the word “attack” here from the term MITM). In enterprise this is common. Even your HTTPS transactions are decrypted & encrypted on the fly. The shortfall is that a Network admin can get details of your creditcard/ etc if he enables detail tracking but again they are governed by company policies.

To detect proxy server on ISP: Use any  application which supports tcp connect on port 80. We will use Tcptrace. Below i did a Tcptrace on a non proxy server to my domain and we see 14 hops in between my machine and the Godaddy server:


Tracing route to [] on port 80
Over a maximum of 30 hops.
1       3 ms    2 ms    2 ms
2       17 ms   7 ms    5 ms   []
3       10 ms   8 ms    8 ms  []
4       28 ms   29 ms   28 ms   []
5       211 ms  177 ms  158 ms   []
6       161 ms  194 ms  172 ms     []
7       165 ms  165 ms  156 ms   []
8       160 ms  158 ms  160 ms   []
9       245 ms  234 ms  250 ms  []
10      246 ms  246 ms  240 ms    []
11      277 ms  276 ms  264 ms    []
12      278 ms  248 ms  253 ms
13      324 ms  254 ms  852 ms    [be38.trmc0215-01.ars.mgmt.phx3.gdg]
14      319 ms  332 ms  309 ms    [be38.trmc0215-01.ars.mgmt.phx3.gdg]
15      316 ms  318 ms  310 ms  []
16      332 ms  Destination Reached in 323 ms. Connection established to
Trace Complete.

Now when i run the same command on a proxy network the results are different:

Tracing route to [] on port 80
Over a maximum of 30 hops.
1       6 ms    2 ms    2 ms
2       Destination Reached in 3 ms. Connection established to
Trace Complete.

You can see here that a connection was established immediately. Technically this can never happen and it means that the
server was placed in your neighborhood. Should this be a concern if your ISP (Airtel, ACT, Spectranet) does this? Yes.
Immediately deactivate this connection or be always on a vpn like proXPN. Because if one of these days this proxy server
was compromised you will be compromised. A very popular DSL provider in Bangalore claiming high speeds has placed a proxy server, the reason I had this posted. Be careful, Be safe.

Please understand that some appliances with anti-spyware/malware check enabled (not proxy )will replicate the above behavior. This test therefore cannot confirm if there is an actual proxy configured deliberately by the provider by any means.


Leave a comment

Your email address will not be published.