The internet has been utilized in various aspects of the daily living and work with the popularization of the information technology, especially the network technology. Many problems arise due to the improper network behaviors by the employees, such as lower working efficiency, leakage of the company's confidential information and so on. Consequently, the controllable network has been intended to build up in every company, enterprise, government agency or other entities.
However, the proxy connecting technology in the intranet becomes an obstacle to the building-up of the controllable network as mentioned above. By means of proxy technology, the terminal PC without access right can be accessible to the internet, and the monitoring device is unable to distinguish the invalid PC. Therefore, it's necessary to identify whether there is proxy connection in the intranet at the gateway for achieving the network control.
There are many methods for detecting common proxy and nat proxy in the prior art, such as track detection, clock offset, application feature detection, web page redirection with cookie counting and so on. But all of the methods named above have shortages.
Firstly, the track detection method relies on the sections with changes in the 16 bits identification of the IP address header during the TCP connection. If a certain source IP address address has 3 identification sections changing continuously after a period of time, it means that at least 3 users are now occupying the bandwidth simultaneously through the IP address. This method is effective in detecting nat proxy, but invalid in detecting common proxy.
Secondly, the different physical clock offsets of different hosts is utilised in the clock offset method. Because of the correspondence between the clock in the network protocol stack and physical stock, a statistically corresponding relationship is between the message sending frequencies of the different hosts and the clock. The different hosts can be identified by finding different network clock offsets with the use of certain spectrum analysis algorithm. It is not effective either in detecting the common proxy owing to similarly using the IP address header information for detection.
Thirdly, the application feature detection method detects by analyzing the User-agent field of the HTTP header in the data messages, the said User-agent field of the HTTP header being different according to the versions of OS, IE and patches. It is hard to detect in most of the companies with the software uniquely installed and thus the method is not reliable.
Finally, the key technologies of the web page redirection with cookie counting are the web page redirection, embedding cookie and cookie counting. This method can achieve the proxy detection in the intranet (including the common proxy detection and nat proxy detection), while the web page redirection is a bit inferior and can be realized significantly by the terminal PC users. The URL of the website to be visited in the browser address bar is directed to the gateway's URL, and redirected to such website. The considerable directing time is tested to be 1 to 2 seconds. Besides, it is not scientific and practical for simply counting the cookie and PC. For example, it will lead to inaccurate cookie counting with the one IP address if the PC clients clear all the cookies. In addition, the cookie counting is hard to be accurate in the case of the environments with randomly assigned or frequently changed IP address addresses, and the misjudging of terminals will be caused.