What is an AOL proxy server – is it a Trojan on my computer?

Today “NP” asked me via email:

I’m beginning to see the light! But I need someone to answer a question for me before I let loose of my three-year connection to AOL (I basically just use it to get online). Somehow, I sense you’re that person. (no pressure!)

I’m[…]kind of new to this technical stuff, but observing “inbound events” logged by my McAfee firewall (“FREE” from AOL!) (but at what price?!), put me in my investigative mode. Hopefully you can explain to me what’s going on.

When I check my IP Address I get:

Proxy Server Detected!
Proxy Server IP address: 205.188.116.65 Proxy Server Details: HTTP/1.1 (Velocity/3.1.1.5 [uScMs

f p eN:t cCMp s ]), HTTP/1.1 spider-dtc-td04.proxy.aol.com[CDBC7064] (Prism/1.2.1), HTTP/1.1
cache-dtc-ab01.proxy.aol.com[CDBC7441] (Traffic-Server/6.1.5 [uScM])

(all Greek to me!)

So as I ventured into the world of “proxy servers”, checking every “Google” lead on the subject, I discovered this nugget on your website . . . “Another thing: AOL’s software doesn’t let you surf the Web. Instead it connects your computer to a network of proxy servers that store cached copies of sites you’re “allowed” to see.

Ok, I kind of get that, but what I really don’t get is why that address (traced back to AOL in Reston, VA), would be “attempting to scan my system by sending a large amount of various UDP packets”, (partially ‘cuz I also don’t “get” what UDP packets are, or what they have to do with me!) or why my proxy server ‘status’ would allow Trojans to scan my computer. How does my innocuous home-based PC fit into AOL’s scheme of things?

Somehow I get the feeling this proxy server set-up has a more nefarious premise than just expediting things!

Thanks for helping me understand!

Whew…

OK. Where to begin….

Does an AOL Proxy = a Trojan attack?

No. An AOL proxy server is not a Trojan so there is no need to worry that it is doing anything harmful to your computer. (I’ll explain what an AOL proxy server is further on in this post). If the only reason you want to cancel AOL is because of their proxy servers, I’m afraid you’ll have to find a better reason than that – but there are plenty of reasons to choose from, so no worries here.

That leaves your first question. While I’m known for making difficult things easier to understand, I’m not sure how easy I can make this.

Why is an AOL proxy server on my computer?

Assuming you have a dial-up connection through AOL, this is why you’re seeing an AOL proxy server listed in your firewall’s exception list (McAfee might also be falsely flagging AOL’s proxy server as a Trojan…but if so, I have no idea why):

  1. When you click “Connect”, your computer uses it’s modem to open your phone line and call another computer that is owned by AOL.
  2. The computer that AOL owns also has a modem that receives your computer’s call.
  3. Once the call has been answered by AOL’s modem, the two modems need to “talk” to each other to establish who you are and to grant you permission to connect. They can’t “talk” in English (or in any other spoken language) so what they do is use audio signals to transmit information to each other.
  4. Once the modems “handshake” (that is, once they agree that a connection between your computer and AOL’s computer should be established), your modem is assigned an IP address from AOL that it can use throughout your web-surfing session.
  5. The IP address your modem gets is for the actual physical address of AOL’s computer (in this case, that IP address is 205.188.116.65 – and you’re not the only person using it – chances are, thousands of other people all over the country are, too).
  6. AOL passes that IP address to your modem to allow the connection to AOL’s computer to take place. The IP address can (and when using AOL, it usually does) change every time you connect.
  7. While you are using the IP address that AOL assigned to your modem, you are actually connecting to the Internet through one of AOL’s proxy servers. “Proxy server” simply means “any computer that is allowing you to surf using their connection to the Internet”.

Think of a proxy server this way. Every computer in the world can have it’s own unique IP address which identifies where it is located (this is especially true with the next version of Internet Protocol, called IPv6). When you connect to AOL, your own IP address is not used to connect to any of the websites you visit. Instead, a proxy address (one of AOL’s IP addresses) is used. AOL’s computer is acting as a “proxy” (a middleman, so to speak) which handles all of the connections and communications between you and the websites you visit.

AOL’s proxy servers are “special”. Like that aunt of yours with the “photographic” memory…

AOL is not the only “proxy server” out there. Any dial-up company you sign up with provides you with the same exact way of connecting to the Internet. What sets AOL apart is that they run “caching” (pronounced “cashing”) proxy servers, not regular proxy servers.

The difference between a regular proxy server and one that performs caching is this: A regular proxy server does not store copies of the web pages anyone visits. A caching proxy server does. Caching is used to store copies of web pages you visit so they can be delivered to you faster the next time you visit them.

AOL goes a step further than that and uses its caches to speed up web page delivery by serving pages out of it’s cache for Joe when Sally wants the same pages. AOL basically downloads the entire Internet using their customer’s visited web pages to build up their cache. AOL flushes the entire cache and builds a new one every 24 hours or so, so that the copies of pages that you get each time you connect are not so out-of-date as to be useless.

Is UDP out to get me? What is it doing?

No, UDP is not a harmful thing. Once you’re connected to the Internet, AOL, like all dial-up ISPs, uses special packet-delivery protocols to get web pages to you – namely TCP/IP and UDP.

  • A “packet” is simply a small bit of data that one computer sends to another computer.
  • A “protocol” is simply a set of rules that is agreed upon by two computers for how to transmit the data.

UDP is concerned only with transporting packets, while TCP takes IP packets (IP packets are the simplest form of data packets), decides which protocol is “best” to deliver them to another computer with, then “streams” them to their destination.

Each packet, as I said above, contains a bit of data; together, these packets transmit information that allows AOL’s proxy server to serve you the web pages you want when you want them. AOL has a glossary that covers most of these terms in a fairly easy-to-comprehend manner.

As for AOL’s UDP port scanning, the easiest way to explain what’s going on is this: Your computer receives the data packets that AOL sends it through what is known as a “port” – a software “endpoint” on your computer designed to receive and process the data that an ISP sends. While port scanning can be (and often is) used to malicious ends by hackers and other “nefarious” types, AOL is simply checking if ports are open while you are connected to ensure it can continue streaming data.

A quick primer on TCP/IP and UDP is here. You can also check Wikipedia, eHow, and your favorite tech sites and computer forums for more information.

10 thoughts on “What is an AOL proxy server – is it a Trojan on my computer?

  1. Very good way of explaining it …
    I’d like to touch on a couple things… but you certainly answered the question about AOL Proxy servers.
    Proxy servers are GOOD. They help people browse the Web faster. However, older cached versions of Web sites tend to cause problems for surfers
    AOL uses the proxy servers to block a few phishing Web sites or other imminent security risks. From the inside, I have not seen AOL maliciously block a site for editorial, business or political reasons. A few might say so, but it’s purely coincidental.
    For dial-up users, AOL issues an IP for the connection and another IP is used for Web surfing. Web surfing is the only activity that is routed through AOL’s hundreds of proxies. In most cases, proxies improve performance for users, but in several cases they can cause problems for ip-based Web sites like forums, message boards, chat rooms, etc. To address this, ensure you are setting a cookie and using session-based Web sites.
    For people concerned with their privacy, proxies are completely automatic and no human intervention as to take place. They flush themselves on a routine basis and for some Web sites, they will reset automatically, (MySpace for example).
    If AOLers would like to browse the Web WITHOUT a proxy, minimize AOL and use a Web Browser like Firefox or IE.
    ~Joe

    Like

  2. Re: Very good way of explaining it …
    Hey, Joe. I think caching is more or less fine in itself but I see two problems with it: How cookies are handled and how often the cache is refreshed.
    1) According to AOL’s info on it (if I have it right – correct me if I’m wrong), if Jeff uses AOL’s proxy to visit Tech Forum X, leaves 10 minutes later, and Sally shows up next on the last page Jeff visited, Sally is going to get Jeff’s cookie for the session, because the cookie was cached along with the web page (assuming the website allows user cookies to be cached). Obviously, such a security hole, if it does exist, is easily exploited by anyone malicious (say, Sally).
    2) According to AOL’s info on it, how long web pages are cached depends on information stored in each website’s HTTP headers. That can be up to 60 HOURS. I think that’s a bit too long to keep pushing the same version of a web page on everyone – anything up to or over 24 hours is pushing it in my opinion. I can update a web page every five minutes (and sometimes I do) – how would anyone using AOL’s proxy know when they get the *first version* of the page they saw every time they return within the same session?
    I kept the tone of the OP fairly neutral in order to explain somewhat advanced concepts and ideas to someone who doesn’t want my opinion so much as she wants the facts. If this was one of my normal posts, I’d have come down harder on AOL for caching – just as I’ve done in the past – for the above-mentioned reasons – not to mention that many webmasters have indeed accused AOL of blocking pages on sensitive, popular subjects at crucial times within the life of those pages or of blocking their entire websites when they carried what even a small segment of the online populace found “controversial”.
    Neither side can prove their case – AOL cannot prove themselves innocent of ill intent while blocking pages – nor can any webmaster prove AOL blocked their pages with ill intent. Without the required proof, I’m disinclined to let AOL off the hook, so let’s just call it a draw.
    “If AOLers would like to browse the Web WITHOUT a proxy, minimize AOL and use a Web Browser like Firefox or IE.”
    That’s only true if you have another connection to the Internet besides AOL. If an AOL dial-up connection is the only connection you have, then it doesn’t matter which browser you using…you’re still connecting through (and surfing the web with) AOL’s proxy server.

    Like

  3. Re: Very good way of explaining it …
    As to how well the OP explained things, it was OK, but I left some info on UDP out and wasn’t precise enough in my use of language, so it’s been updated to fix what I decided was wrong with it between last night and today.

    Like

  4. Re: Very good way of explaining it …
    I know people LOVE to use the AOL proxy to vandalize Wikipedia. I think some [wiki]pages even have AOL proxies blocked.
    People will do ANYTHING just to troll these days — ANYTHING. :-S
    Good read Marah & hope you and Joe had a good Thanksgiving.

    Like

  5. Re: Very good way of explaining it …
    Oh, thanks Mike…hope you did, too. I owe both you and Joe emails but I’m working all week (I even worked on Turkey Day…yes, I am that selfless – or that in need of money), unlike the rest of you slobs, so I don’t have much time to spare.
    What gets me most is phishers using AOL’s proxy servers – and AOL ignoring the topic even after Plenty of Fish and many other “big” blogs jumped on it and I promoted it on Digg and like a dozen other places. Ignore it and it goes away, I suppose – that is AOL’s official answer to everything.

    Like

  6. Deeper into the Abyss (AOL)
    Hi,
    Let us assume that Jeff, Sally, Bob, and Mary are all AOL users…(Firefox, IE, and Google Chrome browsers do not have this problem…at least when not AOL members.) Each of the four visit at random times and with varied number of pageviews per day. Sometimes, they are even on at the same time.
    First, if any of them get internet through AOL as their ISP, the browser is forced into using the proxy settings no matter what options the browser thinks are set since AOL is the pipeline for all the data it will receive. Is there anyway around that?
    Let’s say Jeff logs in first. A session is created in PHP using the standard automated session_start() function call before any output is sent. Since several HTTP requests are made to create the page, does AOL’s IP address switching through proxy cause separate sessions to be created. or lost? Does anyone know if the IP address itself is part of the session_start() “recipe” to generate the PHP session ID?
    Assuming Jeff is successful at logging in in the first place and the session retains the ID it started with including session variables, and cookies are enabled on both my server and the Jeff’s browser, where are the cookies stored? Jeff’s PC, or globally on the AOL Proxy Server? I guess from your article and the other it is the proxy server…which is bad news for me…and “Jeff”. Are the PHP global session variables retained at all (based on the session ID status I suppose)?
    Now, Jeff either leaves or stays on doing his business or reading the latest articles. Mary jumps on line (also using AOL) and goes to her pages (or tries to log in). Is she going to be logged in as Jeff because cookies are stored via proxy and not on their individual PC’s. If Jeff is still on and has a session started, does Mary automatically become part of his session? Would this then cause Jeff to become Mary as soon as she logs in? Would their attempts to log in be like a tug of war as they each cover the session and/or cookie values a few seconds after each other?
    Sally logs in later…maybe. Will she also be logged in back and forth as herself, Jeff, and Mary? Does Bob inherit the same issue when he logs in even if Jeff has logged out? If Bob logs in and no one else is in at the same time to “interfere” with the session and cookie settings, will Jeff then see Bob’s info the next day when he logs in because Bob was the last value the session or cookie had? Since AOL is supposed to kill the session after they log out (of AOL, not my site), the session is likely destroyed. However, the cookie is still “in the jar” and fresh so that each user can be remembered when they return. Does AOL flush cookies automatically like the cache? And if cookies are stored on the Proxy Server, how does AOL know which user has which cookie? If it is on the proxy server(s), does this mean that my site can only store 30 cookies for all X users at one time?
    My search revealed very little solutions to the problem, but was able to fine code to search if the user is browsing with AOL and sending a header to prevent caching. In my code, I plan to use this:
    if(strpos($_SERVER[‘HTTP_USER_AGENT’], ‘AOL’) !== false )
    {
    header(“Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0,pre-check=0, max-age=0, s-maxage=0”);
    }
    I see how it should affect the caching of the page, but I do not think it changes cookies at all, or affects the session issues (if they exist).
    Is there a way around this that will allow AOL users to keep their own cookies and retain session data while using a site? Or did they simply continue to plug their ears and close their eyes.
    I realize this is a long post, but I wanted enough info to establish the problem and the right questions. Since Cookie use is somewhat subjective to the browser implementation (an understatement no doubt), has anyone found a solution to make it work correctly? Am I doing something wrong (for AOL) or mistaken?

    Like

  7. Re: Deeper into the Abyss (AOL)
    Hi, and thanks for your comment. I will be moving it to the front page as my next post, credited to you, of course. These are the same questions (and the same answers that I reached both on my own and backed up through some online research) that have riddled me for years. Yes, Jeff does become Mary and so on. I would love to see other reader’s input as well…thank you!
    ETA: Your post is here.

    Like

  8. Pingback: A reader cancels AOL – but as usual, it’s not as easy as it sounds. « Anti-AOL -An InTooLate Production

  9. Pingback: How Google’s New Privacy Policy Will Affect You While You Use AOL « Anti-AOL

  10. Pingback: How to use AOL email anonymously (hint: don’t use AOL at all). | Anti-AOL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s