1 / 29

Insecured Proxies in Internet Abuse

Insecured Proxies in Internet Abuse. Eur Ing Brian Tompsett Department of Computer Science University of Hull B.C.Tompsett@dcs.hull.ac.uk. Analysis of Proxy Abuse. Web Server since 93/94 Large popular content (genealogy) 1-2M clicks month Same IP/domain 1999 saw first proxy requests

nida
Download Presentation

Insecured Proxies in Internet Abuse

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Insecured Proxies in Internet Abuse Eur Ing Brian Tompsett Department of Computer Science University of Hull B.C.Tompsett@dcs.hull.ac.uk

  2. Analysis of Proxy Abuse • Web Server since 93/94 • Large popular content (genealogy) • 1-2M clicks month • Same IP/domain • 1999 saw first proxy requests • Allowed a few, experimentally

  3. Proxy Server? • Web Server – Port 80 • Not a proxy • Scanned for Proxy ability • Pages/robots indicated not open • Added to lists of “open” servers

  4. Level of Intrusions? • Measured general Intrusion • 100’s a day per machine • Machine compromise risk high • Analysed bulk email • 1000s month since 1996 • Open proxies main vehicle

  5. Origins of Proxy Abuse • 1st Austrian Universities • Russian/Ukrainian Origin • CZ, CN, EDU.CA, IL • Russian Speakers • Proxy Abuse Software in Russian found

  6. General Problem of Proxies • Denial of Service • Tracking and Complaining • Scripts to assist log extracting • Others noticed • APAN-JP Proxy Abuse Campaign

  7. The Proxy Abusers • Initially Adult Oriented • Hotel/Travel material • Avoid local censorship/blocking • Education site seems inoffensive • ISP load sharing • Researchers cache timing experiments

  8. Counter Fraud • Manipulate Click Counters • Improving Ranking • Polls, Talent Contest, TV Votes • Make minority interests appear normal

  9. Pay-per-Click • Web pages full of adverts • Adverts Clicked Mechanically • Advert Revenue Collected • Organised Crime • Clicking Clubs • Software Promoted & Available

  10. The Advertisers • Unaware of Fraud • No expertise to control • Disbelieving • Minority aware and capable • Many Bankrupted • E-commerce growth harmed

  11. What is a Proxy? • Application Gateway • Carry Traffic for third parties • http proxy • Socks Proxy • NAT • Firewalls • SMTP • AnalogX, WinGate, Squid

  12. Proxy Trends • Make the Unacceptable Acceptable • Counter Manipulation • DSL connected proxies • World Growth in Broadband • Political Prominence • Technical Naivety • Commercial Imperatives

  13. Proxy Implantation • Worm delivers viral Proxy • Sobig • Web server Implantation • Pornographic distribution • Problem for Forensics • Criminals can claim virus caused it • Forensic Examination needs more rigour • ISP hindering public protection

  14. SuperZonda • Latest proxy use • Done by DNS control with open proxy • Method:www.doubtful-domain.zz • Web browser fetches page • DNS lookup => open proxy • Open proxy fetches page • DNS lookup return true IP • Can be layered

  15. Why? • Obscures True Page Location • Makes Organisation Appear Large • Improves apparent responsiveness • Millions of effective web servers • Enhances reputation of advertiser • Diverts Complaints

  16. Why Worry? • Paedophile Material • Appear to be hosted at schools • Fulfils their fantasy • Combined with AnalogX at Korean Schools • Damaged Reputation • Needs Local Action • Lobby Admins & Politicians

  17. Further Hiding • Bogons • Traffic from non-existent IP blocks • Identified by CIDR-report.org • Zombies • Dormant IP block taken over by fraud • Documentation is forged • Hides origins of Proxy Abusers • Traceroute fooling

  18. Regional Perspectives • Korean Schools • Japan • formerly free of proxies • Now broadband expansion • Many proxies – worrying • Malaysia, broadband proxies • Thailand – educational proxies • China – registration data & Language

  19. Dirty Money • Overseas Currency • Powerful draw • Naivety regarding issues • Causes Internet Routing Sanctions

  20. Solving The Problem • Too many proposals • Too a narrow perspective • Vested Interests – hope to profit • Vendors only looking at their part • Need holistic approach to abuse • Across applications • All Layers of protocol

  21. Layered Defence • Protection at all Levels of Network Model • Action by end users at application layer • Not fully protected • Need action at lower layers

  22. Physical/Datalink • Secure Physical Access • Plug in cables • Wireless range • Control Access by medium • Control Access by Authorization • No free rides • Particularly important in wireless

  23. Network (IP) Layer • Some IP not routed • RFC1918 • Bogons • Zombies • Own policy based restrictions • Manage this database

  24. Transport (TCP/UDP) Layer • Only route to provided services • Restrict port 25 through mailhubs • Restrict port 80 to web servers • No incoming port 23 • Restrict dialups (in and out) • Local Policy based restrictions • Manage this database • Protects from worm propagation

  25. Application Level • Enforce Protocols/Handshaking • Filter for application targetting • Web pages (e.g. browser attacks) • Email (e.g. browser attacks) • Viral content • Checksumming (DCC) • Content Filters (Bayesian) • Local & User filters

  26. Application User Filter; Baysian; DCC; Format; Handshake; RFC-Ignorant Transport Service Policy RFC-ignorant Network Policy; Zombie; Bogons; RFC1918 Datalink Authorised Physical Connection - Medium The Layers

  27. Managing Layered Prevention • Not a Single Point Solution • Distributed Responsibility • Network Managers • Customer Service • Clients • No unmanaged Broadband • Managed Software Install • Child Protection enabled

  28. Role of the Regulator • Legislators are confused • Abuse is immune to Legislation • Regulators need to enforce best practice • Managed Broadband • Track Best Practice • Regulate Registrars • More resources, better data

  29. Conclusions • National Interest to Regulate Registrar • Provide Resources • Operate as Internet Licensees • Identity Proved • Internet Product Safety Regulation • Regulate Network Best Practise • To protect the consumer

More Related