Starting off with the real world, a proxy is nothing but a substitute. It is something that ‘acts on behalf of’ something else. When it comes to networking, a proxy in effect is the same. It acts as an intermediary between the source; The computer and the destination;The internet i.e. instead of a client computer directly interacting with the internet, a proxy computer or server interacts with the internet on behalf of the client computer. However, in today’s date proxies aren’t used in the traditional manner that they were originally intended to, since its function comes built in with the modern day routers. That being said, they are still very active in the hacking and the security arena of networking.
In networking, the major types of proxies are:
- Transparent Proxy: In such a proxy, the client/source attempts to directly communicate with a site, but is intercepted by the proxy. However, the main factor that makes it ‘transparent’ is the fact that the source is not aware of the presence of the proxy, but the destination is well aware. For example tproxy is a transparent proxy solution for the Linux kernel.
- Reverse Proxy/Anti DDoS Proxy: In such a proxy, the client/source is ‘made’ to believe that the proxy itself is the destination from which the client has requested resources from.
- Anonymous Proxy: The original address of the client is masked/hidden, which makes it really hard to track down, and thus provides the client server anonymity.
- High Anonymity Proxy: In such a proxy, it makes the proxy server itself appear as the client, thus making it seem like the communication is directly made between the client and the site/destination server.
- Distorting Proxy: It generally modifies the IP address/machine address of the client so as to prevent the target/destination from knowing about it.
- Forward/Normal Proxy: It is the most basic type of proxy, whereby the client interacts with the proxy, subsequently, the proxy interacts with the destination server and lastly, the proxy returns the information retrieved from the destination back to the client. source. Here, both the source and the destination are completely aware of the presence of the proxy.
A website/network once built, is prone to attacks from various sources from across the globe or even from within its own server network, if it is not properly protected. One major threat to the network, is the denial of service or DoS attack. In a DoS attack, the network or host connected to the internet is rendered unavailable due to the presence of any malicious software,or what is commonly known as a ‘Virus’, in the network to which the ‘Host’ of a server is connected. When the source of attack is more than one, which is more likely, then there is said to be a DDoS or Distributed Denial of Service attack on the network. In a DDoS attack, several malware affected computers as well as the human-like-bots created by the attacker to spread the malware act together on a single target server, causing the server to eventually fail. To put a DDoS attack into perspective, Suppose you are at a concert, and the entry to the arena is over crowded, then, the musicians themselves will not be able to enter the arena, thus disrupting the norms. It can also be visualized as a zombie attack, where thousands of infected zombies (malware affected networks) trying to attack the non infected (host/target network).
An effective method used to counter such attacks, is the ‘anti ddos proxy method’. Before getting into that, we need to understand what ‘DDoS mitigation’ is. Let’s simplify the mitigation process into steps:
- Various signals that attempt to get in contact with the target network is collectively known as traffic.
- This traffic consists of both ‘human’ traffic (non-malware/clean) as well as human-like-bots traffic (malware/harmful), that needs to be separated from each other, to ensure safe transmission of traffic to the target network.
- All the traffic that are en-route to the target network, are made to pass through networks that have, “traffic-scrubbing” filters.
Now, this is where the anti ddos proxy/reverse proxies comes into the picture. As mentioned before, a proxy acts as an intermediary, between the client and the server. In the current scenario, if we make the client, i.e the target network, interact with the proxy (reverse proxy), and then make the proxy interact with the server, and finally, the ‘clean’ information is transmitted back to the client as though the information originated at the proxy.
This is different form a normal/forward proxy, as the client is ‘unaware’ of the presence of a different source. For the client, it is as though the ‘proxy’ itself is the source of the signal. A reverse proxy/anti ddos proxy is usually preferred and used, since the main server and its address is protected from the ‘public’ and from any malicious activities.Thus, the anti ddos proxy provides us with that added security as no malicious traffic will be able to directly interact with the target network.
The advantages of having an anti ddos proxy are:
- Security and Anonymity: Anti ddos proxy ensures that identity of the main server is protected by a combination of address masking and ddos mitigation, thus accounting for the security of the target network.
- Faster Data Access And Transfer: Anti ddos proxy can compress the inbound and outbound data, as a result the data to be transmitted is reduced and the process is faster.
- Ensures there is no overloading: Anti ddos proxy also ensure that the request of the client is well distributed over the servers rather than overloading a single server, again ensuring effective transmission of data and signals.