Scanning proxies are a brand new technique, which focus on two different features – blind TCP port scanning and firewall bypassing.
Scanning proxies rely heavily on proxy usage. The principal idea behind scanning proxies is to prevent bounce attacks. This has helped administrators contain exposure to similar vulnerabilities around the world. Scanning proxies are completely new and usable.
Scanning proxies depend on the use of private or public proxies. Though the entire mechanism is simple, it is a powerful scanning method without sending even a single packet to the target host or network from the true source.
Connectivity and Features
By Scanning these proxies it connects to the standard server, by sending GET petitions. This is specified as web page to fetch URL pointing to the port and target IP.
After sending the command to the scanning proxy server, if the proxy connects to non-standard HTTP port and communicates with unauthenticated source, it tries connecting on target to port 22.
This is a standard old fashion from a proxy point of view. If the port is open, the target can send ACK/SYN back. The server, in an attempt to fulfill the request, acts as proxy or gateway, while receiving invalid response from upstream server.
Secure TCP scanning occurs either with Condon technique or proxy chaining. With this, the attacker uses private or public proxies to hide real connection source.
Every hop included in chain enhances throughput, latency and attacker security. This helps them decide the number of hops used depending on the target type. The theory on using the technique for proxy scanning is pretty straightforward.