What is an AOL proxy server – is it a Trojan on my computer?

Today “NP” asked me via email:

I’m beginning to see the light! But I need someone to answer a question for me before I let loose of my three-year connection to AOL (I basically just use it to get online). Somehow, I sense you’re that person. (no pressure!)

I’m[…]kind of new to this technical stuff, but observing “inbound events” logged by my McAfee firewall (“FREE” from AOL!) (but at what price?!), put me in my investigative mode. Hopefully you can explain to me what’s going on.

When I check my IP Address I get:

Proxy Server Detected!
Proxy Server IP address: 205.188.116.65 Proxy Server Details: HTTP/1.1 (Velocity/3.1.1.5 [uScMs

f p eN:t cCMp s ]), HTTP/1.1 spider-dtc-td04.proxy.aol.com[CDBC7064] (Prism/1.2.1), HTTP/1.1
cache-dtc-ab01.proxy.aol.com[CDBC7441] (Traffic-Server/6.1.5 [uScM])

(all Greek to me!)

So as I ventured into the world of “proxy servers”, checking every “Google” lead on the subject, I discovered this nugget on your website . . . “Another thing: AOL’s software doesn’t let you surf the Web. Instead it connects your computer to a network of proxy servers that store cached copies of sites you’re “allowed” to see.

Ok, I kind of get that, but what I really don’t get is why that address (traced back to AOL in Reston, VA), would be “attempting to scan my system by sending a large amount of various UDP packets”, (partially ‘cuz I also don’t “get” what UDP packets are, or what they have to do with me!) or why my proxy server ‘status’ would allow Trojans to scan my computer. How does my innocuous home-based PC fit into AOL’s scheme of things?

Somehow I get the feeling this proxy server set-up has a more nefarious premise than just expediting things!

Thanks for helping me understand!

Whew…

OK. Where to begin….

Does an AOL Proxy = a Trojan attack?

No. An AOL proxy server is not a Trojan so there is no need to worry that it is doing anything harmful to your computer. (I’ll explain what an AOL proxy server is further on in this post). If the only reason you want to cancel AOL is because of their proxy servers, I’m afraid you’ll have to find a better reason than that – but there are plenty of reasons to choose from, so no worries here.

That leaves your first question. While I’m known for making difficult things easier to understand, I’m not sure how easy I can make this.

Why is an AOL proxy server on my computer?

Assuming you have a dial-up connection through AOL, this is why you’re seeing an AOL proxy server listed in your firewall’s exception list (McAfee might also be falsely flagging AOL’s proxy server as a Trojan…but if so, I have no idea why):

  1. When you click “Connect”, your computer uses it’s modem to open your phone line and call another computer that is owned by AOL.
  2. The computer that AOL owns also has a modem that receives your computer’s call.
  3. Once the call has been answered by AOL’s modem, the two modems need to “talk” to each other to establish who you are and to grant you permission to connect. They can’t “talk” in English (or in any other spoken language) so what they do is use audio signals to transmit information to each other.
  4. Once the modems “handshake” (that is, once they agree that a connection between your computer and AOL’s computer should be established), your modem is assigned an IP address from AOL that it can use throughout your web-surfing session.
  5. The IP address your modem gets is for the actual physical address of AOL’s computer (in this case, that IP address is 205.188.116.65 – and you’re not the only person using it – chances are, thousands of other people all over the country are, too).
  6. AOL passes that IP address to your modem to allow the connection to AOL’s computer to take place. The IP address can (and when using AOL, it usually does) change every time you connect.
  7. While you are using the IP address that AOL assigned to your modem, you are actually connecting to the Internet through one of AOL’s proxy servers. “Proxy server” simply means “any computer that is allowing you to surf using their connection to the Internet”.

Think of a proxy server this way. Every computer in the world can have it’s own unique IP address which identifies where it is located (this is especially true with the next version of Internet Protocol, called IPv6). When you connect to AOL, your own IP address is not used to connect to any of the websites you visit. Instead, a proxy address (one of AOL’s IP addresses) is used. AOL’s computer is acting as a “proxy” (a middleman, so to speak) which handles all of the connections and communications between you and the websites you visit.

AOL’s proxy servers are “special”. Like that aunt of yours with the “photographic” memory…

AOL is not the only “proxy server” out there. Any dial-up company you sign up with provides you with the same exact way of connecting to the Internet. What sets AOL apart is that they run “caching” (pronounced “cashing”) proxy servers, not regular proxy servers.

The difference between a regular proxy server and one that performs caching is this: A regular proxy server does not store copies of the web pages anyone visits. A caching proxy server does. Caching is used to store copies of web pages you visit so they can be delivered to you faster the next time you visit them.

AOL goes a step further than that and uses its caches to speed up web page delivery by serving pages out of it’s cache for Joe when Sally wants the same pages. AOL basically downloads the entire Internet using their customer’s visited web pages to build up their cache. AOL flushes the entire cache and builds a new one every 24 hours or so, so that the copies of pages that you get each time you connect are not so out-of-date as to be useless.

Is UDP out to get me? What is it doing?

No, UDP is not a harmful thing. Once you’re connected to the Internet, AOL, like all dial-up ISPs, uses special packet-delivery protocols to get web pages to you – namely TCP/IP and UDP.

  • A “packet” is simply a small bit of data that one computer sends to another computer.
  • A “protocol” is simply a set of rules that is agreed upon by two computers for how to transmit the data.

UDP is concerned only with transporting packets, while TCP takes IP packets (IP packets are the simplest form of data packets), decides which protocol is “best” to deliver them to another computer with, then “streams” them to their destination.

Each packet, as I said above, contains a bit of data; together, these packets transmit information that allows AOL’s proxy server to serve you the web pages you want when you want them. AOL has a glossary that covers most of these terms in a fairly easy-to-comprehend manner.

As for AOL’s UDP port scanning, the easiest way to explain what’s going on is this: Your computer receives the data packets that AOL sends it through what is known as a “port” – a software “endpoint” on your computer designed to receive and process the data that an ISP sends. While port scanning can be (and often is) used to malicious ends by hackers and other “nefarious” types, AOL is simply checking if ports are open while you are connected to ensure it can continue streaming data.

A quick primer on TCP/IP and UDP is here. You can also check Wikipedia, eHow, and your favorite tech sites and computer forums for more information.