I sent out a question regarding how I discovered a odd proxy type behavior with IE while when asked by my teacher to upgrade all the lab Win2k pcs from IE 5.5 to IE6. All the nodes plug into a switch that plugs into a cisco 3640 that uses nat to talk to the Internet.
The issue at the time was that I noticed that IE 5.5 submits the data to a local port before accessing the remote destination. Normal process: IE opens a connection on a random high port and then connects to port 80 of destination i.e.localhost:1214 to www.abc.com:80 Prcoess on my lab pcs: IE opens a connection on a random high port =>to a random static high end port on the localhost and then connects to port 80 of destination i.e.localhost:1214 => localhost:1033=>to www.abc.com:80 The port 1033 will remain valid until the browser is closed. All subsequent http or https sessions from the browser or any type of connection all go to port 1033 prior to reaching the Internet. This behavior is similar to a proxy. The port 1033 is random. IE 5.5 assigns a different random static port for this proxy behavior every time it starts up. Telneting to this static port produces nothing so I don't really know why ie has this port on. ---UPDATE---- I can say I reconfirmed the behavior when installing on to two new pcs using different win 2k media. It occurs with IE 5 and 5.5. I even recently discovered this with 6.0. I perform the upgrads to 5.5 and 6.0 with either a microsoft update cd, the IE that comes with quicken, or through the Windows update function. This behavior is present on all my test systems. Some windows firewalls miss this because 1. There is a default rule that permits any localhost to localhost traffic so this behavior will not show up as a violation. It only shows up if logging is enabled. 2. Some firewalls do not even offer port number or destination configuration for their rulesets. They are based on the concept of all or nothing access. Either allow the app to access the Internet or not. So if you allow IE to access the Internet then it will not show you that it is going through the random static port first emulaing proxy behavior before heading off to the Internet. Once again, all proxies are off. No manual or automatic detection of proxies have been set. No proxies are running on the network since they were the only pc turned on at the time and everyone else has been disconnected from the switch. Also I repeat that ad-aware and norton anti-virus did not detect any spyware, trojans, or viruses. Some folks say to just not upgrade to IE6, but that still does not explain why this bevahior is present with IE 5.0 and 5.5. I know my machine has not been hacked because I even reinstalled a Win2k machine from scratch for these tests and it still exhibits the same proxy behavior. THe media is genuine also. So my question is if anyone else is seeing this behavior or is it just me? Why does IE bring up this random high port to be used as a proxy? Tools such as insider say it is owned by IE. Netstat shows it is binded locally. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
