WebWasher

[j nickson <jnickson () TOGETHER NET>]

WebWasher is a proxy server for Win/xx systems with 3 million users (not
downloads according to their web site - 9 OCT 00).

Webwasher filters graphics and defeats "webbugs" and double-click
commercials, enhancing privacy and bandwidth efficiency.  With the webbug
publicity WebWasher's download rate seems to be accelerating.

The problem is that it establishes a general http proxy server that anyone
connected may use.  This may present an opportunity for anonymous browsing
for people with nefarious purposes and a possible problem for the
evidentiary credibility of Carnivore/Omnivore/NoSuchAnimal records if the
target has allowed proxy use by mistake or design.

This is neither a WebWasher design nor implementation problem, WebWasher
has more than met standards by having a click the box to allow/disallow
server use and it apparently defaults to disallow.

However with an increasing number of home networks many will "allow server"
to let family members share a high speed line.

Again this is not a problem if a firewall has been correctly configured.

But home network firewalls are least likely to be configured correctly.

Ergo: There is likely to be a significant number of SOHO networks with wide
open proxy servers.  There is likely to be an increase in probes on 8080
and an increase in anonymous browsing.

Does this work?  Of course it does, it is straightforward TCP/IP proxy use.

Besides I stripped my firewall off one system, call it system A, set
WebWasher to serve and attached to the net.  Then I dialed another system,
B, into a different ISP and directed Netscape to use A's  temporary
IPAddr.:8080 for a proxy and then went to Yahoo.  When I was getting Yahoo
on B there was activity on system A's modem and when I was not there was no
activity.

I did not snif-log to force the proof, but all the signs are that the proxy
mechanism worked just as it always does and dual ISP connections for
anonymous surfing are quite feasible if not easy.  It remains an  exercise
for the reader to use EQL (or is it EQU?) to attach to several proxies
simultaneously so as to avoid detection by multiplexed trickle bandwidth
stealing.

It would be very interesting to have samples from a DSL provider testing
the percentage of users who were making a proxy server available to general
use.  Perhaps a cable company or MCI could enlighten us on the degree of
the problem by sampling their employees' home systems.

If I have not gotten the wrong end of the stick somehow, I suggest that all
security experts be sure that they recommend to clients that WebWasher
always be combined with a firewall, and that the firewall setup be checked
periodically.

Beyond that, it might be wise for corporate environments to use a program
as Mr. Steve Gibson has prepared to check vulnerabilities on employees'
home systems.  Mr. Gibson might be coerced into providing a product with
sufficient motivation. www.grc.com

Beyond that perhaps it is time for ISPs to consider preventative port
scans, if the user has consented.  I think that this suggestion may
stimulate some lively discussion; I hope so.  But it might be time.

J
-------------------------------------------------
James Nickson, CDP  voice: 603-256-8055
10 Merrifield, W. Chesterfield, NH, 03466-3131