Irregular Traffic Validation Q&A: Proxies and Anonymizers
Q: What is a proxy?
A: A proxy is a network device that relays traffic so that the traffic appears to be coming from the proxy and not the original source.
Q: What is an anonymizer?
A: An anonymizer is a network device that obscures the source of network traffic, generally by acting as a proxy, with the purpose of hiding the identity of the originator.
Q: Are there legitimate uses for proxies?
A: Absolutely. Certain environments even require the use of proxies. They can be used to funnel traffic, and are sometimes used to authenticate activity in and/or out of a network. For example, our Library makes use of a proxy to properly connect to resources while still validating that the connection is coming from UNH.
Q: Are there legitimate uses for anonymizers?
A: Yes, but those are less technical and more social. There are environments where the free expression of ideas can by hampered, or even dangerous, without anonymity. An example might be to use a message board in a country where the discussion of certain topics is restricted.
Q: How are proxies and anonymizers used illegitimately?
A: One of the most common uses would be to analyze your network traffic as it passed through the proxy, looking for sensitive data and credentials. If your web browser somehow was reconfigured to use a nefarious proxy, that proxy could see all of the data that passes through it and could potentially capture usernames/passwords, banking information, etc.
Q: How can I tell if I am running a proxy or anonymizer?
A: There are several ways they could be hooked into your computer. The most common way a legitimate proxy would be present is in the setting for your web browser. The exact method for reaching those settings vary from browser to browser and change over time, but googling “<browser> proxy settings” will lead you there. It would also be worthwhile to run an anti-virus /malware scan.