Sunday, April 06, 2008

Proxy servers 5: an underlying IP

To the right is a screencap of a truehits log from Feb. 2, 2003 (on which, see here and here).  This gives the Proxy's IP, name, and software version (first column), that it is set to forward the IP of the computer that it is proxying for (second column), and the number of hits that it forwarded (third column), which in this case was 82 (see the red arrow).  

The truehit logs also report their top visitors, as you can see to the right.  The fourth largest visitor of the day was from a Rogers netblock, and it also 82 hits (see the red arrow).

It seems obvious and inevitable that these two entries are to be taken together, and that the 82 hits that had forwarded came from a single IP,  

Now, this IP is no longer part of a Rogers block (see here, for example).  But a few years ago it seems to have been based in West Toronto.  For reasons that we don't need to go into, "arfer" posted to a broad-band discussion boarded a long list (over three thousand items!) of the Rogers blocks that he could find (see here).  About half-way down his list is this entry:
    Rogers Cable Inc. Hnsn ON-ROG-10-HNSN-7 (NET-24-157-249-0-1) -
HNSN, according to this, abbreviates Hanson and is in the western GTA.  (Presumably this is the location of some equipment; perhaps Hanson Road in Mississauga?)

In a nutshell what does this mean?  Not much, except that in February 2003, a computer in Mississauga with the IP visited a site in Thailand; on its way there, however, its traffic was channeled by Rogers through one of its proxy servers,  Both the proxy and the individual IP was logged.

Update.  An out-of-date database of whois-information, here, produces this:
    NAME: ON-ROG-10-3HNSN-1
    NUMBER: -
    LAT: 43.70
    LONG: -79.42
    LAST_UPDATED: 18-Apr-2001
    LOOKUP_TYPE: Block Allocation
The block-name is slightly different, but the location is the same.