Catch this article over at ha.ckers.org regarding an easy way to bypass most anonymizing proxies (such as Tor) and figure out the true origin IP of a web surfer. Plugins such as Java or Flash can be written to make a socket call back to the server. Since the plugin isn’t making a normal HTTP request, it ignores the proxy settings of your browser and connects directly to the server.
A safer anonymizing solution might be to route all traffic through a transparent proxy, while also blocking all traffic not destined for port 80.
De-anonymizing Tor and Detecting Proxies – Link