|
|
This technique is similar to IP spoofing in that it hides where the attacker comes from. It works by asking one machine to carry out the operation on another machine. Examples: - finger
- Most finger servers allow commands to be forwarded through them.
- e-mail
- Spammers try to relay their spam through SMTP servers. As a result, probes for SMTP are commonly seen by machines on the Internet.
- FTP
- Allows "file transfer" to be redirected against another machine, which can sometimes be used to send commands to the victim.
- SOCKS
- Allows almost any protocol to be tunneled through the intermediate machine. As a result, hackers probing for SOCKS is common scan seen on the Internet.
- HTTP proxy
- Most web servers support "proxying", or relaying requests to other servers. This allows a company to channel all their web traffic through a single server for filtering as well as caching to improve performance. A lot of these servers are misconfigured to allow proxying of any request from the Internet, allowing hackers to relay attacks against web-sites through a third party. Probes for HTTP proxies is one of the more common scans seen today.
- IRC BNC
- Hackers love to hide their IRC identities by bouncing their connections through other machines. A particular program called "BNC" is used for this purpose on compromised machines.
|
