A Large-Scale Measurement Study of the PROXY Protocol and its Security Implications
Stijn Pletinckx
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Network Security 2
In a critical presentation at the NDSS Symposium, Stijn Pletinckx from UC Santa Barbara unveiled a comprehensive large-scale measurement study on the **PROXY protocol**, revealing widespread misconfigurations and significant security vulnerabilities. This talk sheds light on how a protocol designed to enhance visibility in load-balanced environments can be weaponized by attackers to bypass security controls, access sensitive internal infrastructure, and even turn email servers into persistent open relays. The research underscores a fundamental flaw in the common deployment assumptions of the PROXY protocol, where backend servers often blindly trust client information without adequate validation.
AI review
Solid internet-measurement research with real teeth: a protocol-level design gap, a reproducible scanning methodology, and concrete harm demonstrated at scale. The SMTP open relay finding via localhost spoofing is the standout — persistent, currently undetectable by standard scanners, and exploitable with a single crafted header.