Proxy Servers

About 6% of attacks were detected as using a proxy server. Proxy servers act as an intermediary between a web browser and a web server. Some organisations such as universities may require their users to make use of a proxy server to monitor and audit web traffic or to cache commonly fetched documents. Other proxy servers, termed 'open proxies' allow anyone to connect to them. This allows attackers to obfuscate their source address by having another server make the HTTP requests on their behalf. While this approach can successfully cover an attackers identity, it does not increase the stealthiness of their attack. Some proxy servers are designed to relay the clients address along with the HTTP request, while some 'anonymous' proxy servers do not. The honeynet saw attacks from both types of proxies.