Detect proxy server on ISP

Are you on broadband, If yes are you sure  there is no proxy server placed by your ISP ? You would ask how does that make a difference. It does. For the non geeks: Proxy is an appliance or a server application configured to serve pages cached locally. Let say you browse www.redhat.com, here proxy would make a local copy and serve it  to the  next visitor from local database. This can be called as Man in the middle (We will skip the word “attack” here from the term MITM). In enterprise this is common. Even your HTTPS transactions are decrypted & encrypted on the fly. The shortfall is that a Network admin can get details of your creditcard/ss.no etc if he enables detail tracking but again they are governed by company policies.

To detect proxy server on ISP: Use any  application which supports tcp connect on port 80. We will use Tcptrace. Below i did a Tcptrace on a non proxy server to my domain and we see 14 hops in between my machine and the Godaddy server:

C:\Users\Desktop>tracetcp.exe www.sachingopal.com:80

Tracing route to 72.167.232.213 [p3nlh081.shr.prod.phx3.secureserver.net] on port 80
Over a maximum of 30 hops.
1       3 ms    2 ms    2 ms    192.168.21.21
2       17 ms   7 ms    5 ms    180.151.124.1   [180.151.124.1.reverse.spectranet.in]
3       10 ms   8 ms    8 ms    119.82.104.165  [119.82.104.165.reverse.spectranet.in]
4       28 ms   29 ms   28 ms   203.92.63.138   [203.92.63.138.reverse.spectranet.in]
5       211 ms  177 ms  158 ms  61.246.45.157   [dsl-del-static157.45.246.61.airtelbroadband.in]
6       161 ms  194 ms  172 ms  149.6.149.1     [te0-7-0-2.ccr21.lon02.atlas.cogentco.com]
7       165 ms  165 ms  156 ms  130.117.49.89   [be2329.ccr22.lon01.atlas.cogentco.com]
8       160 ms  158 ms  160 ms  154.54.72.253   [be2314.ccr21.lon13.atlas.cogentco.com]
9       245 ms  234 ms  250 ms  130.117.49.122  [be2272.ccr42.par01.atlas.cogentco.com]
10      246 ms  246 ms  240 ms  154.54.30.13    [be2094.ccr21.jfk02.atlas.cogentco.com]
11      277 ms  276 ms  264 ms  154.54.41.53    [be2176.ccr41.iad02.atlas.cogentco.com]
12      278 ms  248 ms  253 ms  38.122.62.86
13      324 ms  254 ms  852 ms  184.168.0.69    [be38.trmc0215-01.ars.mgmt.phx3.gdg]
14      319 ms  332 ms  309 ms  184.168.0.69    [be38.trmc0215-01.ars.mgmt.phx3.gdg]
15      316 ms  318 ms  310 ms  216.69.188.102  [ip-216-69-188-102.ip.secureserver.net]
16      332 ms  Destination Reached in 323 ms. Connection established to 72.167.232.213
Trace Complete.

Now when i run the same command on a proxy network the results are different:
C:\Users\Desktop>tracetcp.exe www.sachingopal.com:80

Tracing route to 72.167.232.213 [p3nlh081.shr.prod.phx3.secureserver.net] on port 80
Over a maximum of 30 hops.
1       6 ms    2 ms    2 ms    10.10.0.250
2       Destination Reached in 3 ms. Connection established to 72.167.232.213
Trace Complete.

You can see here that a connection was established immediately. Technically this can never happen and it means that the
server was placed in your neighborhood. Should this be a concern if your ISP (Airtel, ACT, Spectranet) does this? Yes.
Immediately deactivate this connection or be always on a vpn like proXPN. Because if one of these days this proxy server
was compromised you will be compromised. A very popular DSL provider in Bangalore claiming high speeds has placed a proxy server, the reason I had this posted. Be careful, Be safe.

Please understand that some appliances with anti-spyware/malware check enabled (not proxy )will replicate the above behavior. This test therefore cannot confirm if there is an actual proxy configured deliberately by the provider by any means.