What is an AOL proxy server - is it a Trojan on my computer?
Today "NP" asked me via email:
I'm beginning to see the light! But I need someone to answer a question for me before I let loose of my three-year connection to AOL (I basically just use it to get online). Somehow, I sense you're that person. (no pressure!)
I'm[...]kind of new to this technical stuff, but observing "inbound events" logged by my McAfee firewall ("FREE" from AOL!) (but at what price?!), put me in my investigative mode. Hopefully you can explain to me what's going on.
When I check my IP Address I get:
Proxy Server Detected!
Proxy Server IP address: 205.188.116.65 Proxy Server Details: HTTP/1.1 (Velocity/3.1.1.5 [uScMs
f p eN:t cCMp s ]), HTTP/1.1 spider-dtc-td04.proxy.aol.com[CDBC7064] (Prism/1.2.1), HTTP/1.1
cache-dtc-ab01.proxy.aol.com[CDBC7441] (Traffic-Server/6.1.5 [uScM])(all Greek to me!)
So as I ventured into the world of "proxy servers", checking every "Google" lead on the subject, I discovered this nugget on your website . . . "Another thing: AOL's software doesn't let you surf the Web. Instead it connects your computer to a network of proxy servers that store cached copies of sites you're "allowed" to see."
Ok, I kind of get that, but what I really don't get is why that address (traced back to AOL in Reston, VA), would be "attempting to scan my system by sending a large amount of various UDP packets", (partially 'cuz I also don't "get" what UDP packets are, or what they have to do with me!) or why my proxy server 'status' would allow Trojans to scan my computer. How does my innocuous home-based PC fit into AOL's scheme of things?
Somehow I get the feeling this proxy server set-up has a more nefarious premise than just expediting things!
Thanks for helping me understand!
Whew...
OK. Where to begin....
Does an AOL Proxy = a Trojan attack?
No. An AOL proxy server is not a Trojan so there is no need to worry that it is doing anything harmful to your computer. (I'll explain what an AOL proxy server is further on in this post). If the only reason you want to cancel AOL is because of their proxy servers, I'm afraid you'll have to find a better reason than that - but there are plenty of reasons to choose from, so no worries here.
That leaves your first question. While I'm known for making difficult things easier to understand, I'm not sure how easy I can make this.
Why is an AOL proxy server on my computer?
Assuming you have a dial-up connection through AOL, this is why you're seeing an AOL proxy server listed in your firewall's exception list (McAfee might also be falsely flagging AOL's proxy server as a Trojan...but if so, I have no idea why):
- When you click "Connect", your computer uses it's modem to open your phone line and call another computer that is owned by AOL.
- The computer that AOL owns also has a modem that receives your computer's call.
- Once the call has been answered by AOL's modem, the two modems need to "talk" to each other to establish who you are and to grant you permission to connect. They can't "talk" in English (or in any other spoken language) so what they do is use audio signals to transmit information to each other.
- Once the modems "handshake" (that is, once they agree that a connection between your computer and AOL's computer should be established), your modem is assigned an IP address from AOL that it can use throughout your web-surfing session.
- The IP address your modem gets is for the actual physical address of AOL's computer (in this case, that IP address is 205.188.116.65 - and you're not the only person using it - chances are, thousands of other people all over the country are, too).
- AOL passes that IP address to your modem to allow the connection to AOL's computer to take place. The IP address can (and when using AOL, it usually does) change every time you connect.
- While you are using the IP address that AOL assigned to your modem, you are actually connecting to the Internet through one of AOL's proxy servers. "Proxy server" simply means "any computer that is allowing you to surf using their connection to the Internet".
Think of a proxy server this way. Every computer in the world can have it's own unique IP address which identifies where it is located (this is especially true with the next version of Internet Protocol, called IPv6). When you connect to AOL, your own IP address is not used to connect to any of the websites you visit. Instead, a proxy address (one of AOL's IP addresses) is used. AOL's computer is acting as a "proxy" (a middleman, so to speak) which handles all of the connections and communications between you and the websites you visit.
AOL's proxy servers are "special". Like that aunt of yours with the "photographic" memory...
AOL is not the only "proxy server" out there. Any dial-up company you sign up with provides you with the same exact way of connecting to the Internet. What sets AOL apart is that they run "caching" (pronounced "cashing") proxy servers, not regular proxy servers.
The difference between a regular proxy server and one that performs caching is this: A regular proxy server does not store copies of the web pages anyone visits. A caching proxy server does. Caching is used to store copies of web pages you visit so they can be delivered to you faster the next time you visit them.
AOL goes a step further than that and uses its caches to speed up web page delivery by serving pages out of it's cache for Joe when Sally wants the same pages. AOL basically downloads the entire Internet using their customer's visited web pages to build up their cache. AOL flushes the entire cache and builds a new one every 24 hours or so, so that the copies of pages that you get each time you connect are not so out-of-date as to be useless.
Is UDP out to get me? What is it doing?
No, UDP is not a harmful thing. Once you're connected to the Internet, AOL, like all dial-up ISPs, uses special packet-delivery protocols to get web pages to you - namely TCP/IP and UDP.
- A "packet" is simply a small bit of data that one computer sends to another computer.
- A "protocol" is simply a set of rules that is agreed upon by two computers for how to transmit the data.
UDP is concerned only with transporting packets, while TCP takes IP packets (IP packets are the simplest form of data packets), decides which protocol is "best" to deliver them to another computer with, then "streams" them to their destination.
Each packet, as I said above, contains a bit of data; together, these packets transmit information that allows AOL's proxy server to serve you the web pages you want when you want them. AOL has a glossary that covers most of these terms in a fairly easy-to-comprehend manner.
As for AOL's UDP port scanning, the easiest way to explain what's going on is this: Your computer receives the data packets that AOL sends it through what is known as a "port" - a software "endpoint" on your computer designed to receive and process the data that an ISP sends. While port scanning can be (and often is) used to malicious ends by hackers and other "nefarious" types, AOL is simply checking if ports are open while you are connected to ensure it can continue streaming data.
A quick primer on TCP/IP and UDP is here. You can also check Wikipedia, eHow, and your favorite tech sites and computer forums for more information.
(Anonymous)
Very good way of explaining it ...
Proxy servers are GOOD. They help people browse the Web faster. However, older cached versions of Web sites tend to cause problems for surfers
AOL uses the proxy servers to block a few phishing Web sites or other imminent security risks. From the inside, I have not seen AOL maliciously block a site for editorial, business or political reasons. A few might say so, but it's purely coincidental.
For dial-up users, AOL issues an IP for the connection and another IP is used for Web surfing. Web surfing is the only activity that is routed through AOL's hundreds of proxies. In most cases, proxies improve performance for users, but in several cases they can cause problems for ip-based Web sites like forums, message boards, chat rooms, etc. To address this, ensure you are setting a cookie and using session-based Web sites.
For people concerned with their privacy, proxies are completely automatic and no human intervention as to take place. They flush themselves on a routine basis and for some Web sites, they will reset automatically, (MySpace for example).
If AOLers would like to browse the Web WITHOUT a proxy, minimize AOL and use a Web Browser like Firefox or IE.
~Joe
Re: Very good way of explaining it ...
1) According to AOL's info on it (if I have it right - correct me if I'm wrong), if Jeff uses AOL's proxy to visit Tech Forum X, leaves 10 minutes later, and Sally shows up next on the last page Jeff visited, Sally is going to get Jeff's cookie for the session, because the cookie was cached along with the web page (assuming the website allows user cookies to be cached). Obviously, such a security hole, if it does exist, is easily exploited by anyone malicious (say, Sally).
2) According to AOL's info on it, how long web pages are cached depends on information stored in each website's HTTP headers. That can be up to 60 HOURS. I think that's a bit too long to keep pushing the same version of a web page on everyone - anything up to or over 24 hours is pushing it in my opinion. I can update a web page every five minutes (and sometimes I do) - how would anyone using AOL's proxy know when they get the *first version* of the page they saw every time they return within the same session?
I kept the tone of the OP fairly neutral in order to explain somewhat advanced concepts and ideas to someone who doesn't want my opinion so much as she wants the facts. If this was one of my normal posts, I'd have come down harder on AOL for caching - just as I've done in the past - for the above-mentioned reasons - not to mention that many webmasters have indeed accused AOL of blocking pages on sensitive, popular subjects at crucial times within the life of those pages or of blocking their entire websites when they carried what even a small segment of the online populace found "controversial".
Neither side can prove their case - AOL cannot prove themselves innocent of ill intent while blocking pages - nor can any webmaster prove AOL blocked their pages with ill intent. Without the required proof, I'm disinclined to let AOL off the hook, so let's just call it a draw.
"If AOLers would like to browse the Web WITHOUT a proxy, minimize AOL and use a Web Browser like Firefox or IE."
That's only true if you have another connection to the Internet besides AOL. If an AOL dial-up connection is the only connection you have, then it doesn't matter which browser you using...you're still connecting through (and surfing the web with) AOL's proxy server.
Edited at 2008-11-28 01:54 am (UTC)
Re: Very good way of explaining it ...
Re: Very good way of explaining it ...
People will do ANYTHING just to troll these days -- ANYTHING. :-S
Good read Marah & hope you and Joe had a good Thanksgiving.
Re: Very good way of explaining it ...
What gets me most is phishers using AOL's proxy servers - and AOL ignoring the topic even after Plenty of Fish and many other "big" blogs jumped on it and I promoted it on Digg and like a dozen other places. Ignore it and it goes away, I suppose - that is AOL's official answer to everything.
Edited at 2008-11-28 06:48 am (UTC)