Protocol Verification Techniques

Any generic tunneling which happens at the circuit level such as SOCKS and SSL will allow any protocol to pass through proxies and VPN server gateways.   The implication is though that the proxy server itself does not either understand the protocol or how it actually works.  One important example is the SSL tunneling protocol, which despite it’s name can actually transport any sort of protocol which is TCP based for example something like FTP or Telnet.

This can cause confusion among IT professionals and network administrators alike particularly in larger networks identifying issues with different protocols.  One short term solution is to ensure that only the ‘well-known’ ports can be tunneled using these servers. For example 636 for LDAP, 994 for IRC and so on would mean that at least you can identify which protocols can be identified by using the port numbers.  This is of course not an ideal solution and there’s always the chance of mistakes and misrepresentation.

The solution to this issue for the longer term is to create proxies that can verify and ideally understand the protocol being used.   This means that there needs to be more intelligence built into these proxies in order for them to operate on this level.  There are more advantages than troubleshooting and efficiency though to using intelligent proxies especially if they are being used for specific routing tasks like bypassing region locks.

For example many people use specific proxies to watch things like the BBC online from countries outside the UK.  However other media firms have started to try and block these services by restricting access to only residential IP addresses.   An intelligent proxy service is able to switch routes based on specified criteria which is what many companies have started doing.  So they may for example want to route through a specific location in order to bypass the BBC VPN block perhaps through a separate IP range or even a residential one.

This demonstrates the technology of an intelligent proxy in operation – the example is that a specific route is taken only when the destination matches certain parameters. In this case it’s the global multimedia site Netflix which is now only accessible from residential IP addresses. Any other destination will be routed the default method and using the same IP address as the proxy which is handling the connection.

One Response

  1. Shianna March 21, 2017

Leave a Reply