1 / 43

Strategy To Filter And Blocking Traffic Create By Anti-Censorship Software In LAN

Strategy To Filter And Blocking Traffic Create By Anti-Censorship Software In LAN. by Kamal harmoni kamal Ariff kamal@kamalharmoni.com. “ Human Knowledge Belong To The World ”. Outline. Chapter 1. Introduction Overview Problem Statement Research Question Research Objective

finola
Download Presentation

Strategy To Filter And Blocking Traffic Create By Anti-Censorship Software In LAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Strategy To Filter And Blocking Traffic Create By Anti-Censorship Software In LAN by KamalharmonikamalAriff kamal@kamalharmoni.com “Human Knowledge Belong To The World”

  2. Outline • Chapter 1. Introduction • Overview • Problem Statement • Research Question • Research Objective • Scope And Limitation • Significant Of The Study • Chapter 2. Literature Review • Fundamental of anti-censorship software • Why Ultrasurf • About Ultrasurf • Why Ultrasurf difficult to detect ? • Any firewall can block Ultrasurf? • Chapter 3. Research Design • Methodology • Form Hypothesis • Perform experiment and data collection • Analyze data • Interpreter and draw Conclusion • Propose Strategy • Validate The Hypothesis

  3. Outline • Chapter 4. Experimental Result • Form Hypothesis • Perform experiment and collect data • Analyze data • Interpreter and draw Conclusion • Propose Strategy • Validate The Hypothesis • Chapter 5. Conclusion and future work • Recommendation and Possible Future Developments. • References

  4. Overview Chapter 1 • Computer technology change tremendously. • Internet access are commonly as an essential to everybody. • Internet policy become common to organization. • Prevent user from : • Accessing pornography web site • Conduct internet activities such as downloading movie, songs, etc • Network administrator need to • Filter traffic • Monitor trafic • Block trafic • War between users and network administrator never end. • Users will find away to bypass firewall

  5. Problem Statement Chapter 1 By using Ultrasurf user able to bypass firewall . Ayacock (2008), Ultrasurf is extremely difficult to block. Xia (2004) Uses http and https from local computer to external proxies. Only commercial firewal with DPI able to block.Becchi & Crowley, (2007) Cannot block port 80 & 443 and firewall with DPI is expensive. They have a thousands of proxies and proxies IP always change. Cannot block by IP. SOLUTION: This project presents a better way for filtering and blocking Ultrasurf at affordable cost.

  6. Research Question Chapter 1 • How to filter and block traffic that create byUltrasurf? • How Ultrasurf connected to internet? • How to filter traffic created by Ultrasurf? • How to block traffic created by Ultrasurf?

  7. Research Objective Chapter 1 • The aim of this study is to filter and blocking traffic created by Ultrasurf from LAN to internet. In order to achieve the main objective, the specific objective has been planned as follows: • To identify how Ultrasurf connected to internet. • To produce at lease 1 strategy that are able to block Ultrasurf. • To evaluate the strategies that are able to block trafic from Ultrasurf without disturbing others trafic.

  8. Scope and Limitation Chapter 1 • Scope • Focus only on Ultrasurf since Ultrasurf was the “possible as the best proxy server, 2008” Kaiser, (2008) and the most commontly use (GIFC, 2010) • These project used Linux Squid proxies to filter and block Ultrasurf. • Data Source (Wireshark captured data) • Tools ( Wireshark , Ultrasurf ) - Gerry (2009) and Vasil (2008), “ Wireshark is the best free tool for protocol analyzer ” • Limitation • Time (need to be complete within 2 month)

  9. GANTT Chart Chapter 1

  10. Significant of The Study Chapter 1 The purpose of this research are as stated below : • Allow network administrator to use an enhance propose technique and new strategies to filter and block traffic created by Ultrasurf. • Provide a worthy traffic for the benefit used in the organization. • Solution on overcome the weakness occurred in the firewall connection to access the restricted web sites.

  11. Fundamental of anti-censorship Chapter 2 • In this studies it define as “Software that has been used to bypass firewall that provides censorship system”. • Capable to hide user information such as user’s IP address, transmitting or receiving content. • Example of anti-censorship software are Ultrasurf, Freegate, Gpass, Garden, GTunnel, and FirePhoenix. • User used this anti-censorship software absolutely to bypass firewall,in order for them accessing the prohibited web sites.

  12. Internet censorship by countries Chapter 2 • Figure below show the level of internet censorship by country. User using anti censorship software to bypass the firewall. • Mostly come from countries which colored as black and red. There are 15 countries were labeling as “heavily censorship” (Strange Maps, 2007). Besides that, this 15 countries also being known as the “Internet Black Hole” based on the bad reputation.

  13. Comparison of anti-censorship software Chapter 2

  14. Why Ultrasurf ? Chapter 2 • “Ultrasurf are the most commonly used”- (GIFC, 2010) • “Possible as The Best Proxy Server, 2008”. Kaiser (2008),

  15. About Ultrasurf Chapter 2 The overview and the idea on Ultrasurf being implemented • Pioneer of Ultrasurf was Ultrareach, who one of a member of Global Internet Freedom Consortium. • Being developed originally to gain the privacy, security and freedom in surfing the internet. • Strongly against the internet censorship in China as on that moment, goverment imposed strictly controlled on web content and accessing. • According to Tan, Mueller & Foster in 1997, “In February 1996, all internet users are required to register with ministry of Public Security and their activities may be monitored by police”. Under China golden shield project and as reported by Reuters (2007).

  16. Why Ultrasurf difficult to detect ? Chapter 2 • According to Xia (2004), “Ultrasurf is extremely difficult to block”. • Ultrasurf is using port 9666 to communicate from web browser to the Ultrasurf services, but communication using this port only at local computer that can’t be block. • Ultrasurf also use a secure socket layer (SSL) to communicate from local computer to their proxies. • Due to thousand of proxies and the IP address that increasing from time to time, the blocking of IP address is not practical at this circumstances. • Ultrasurf also use Port 80 and 443 to communicate with external proxies and should not block by firewall.

  17. Any firewall can block Ultrasurf ? Chapter 2 • “Filteration can be done by using SSL interceptor and perform DPI (deep packet inspection)”. Kumar, Turner, & Williams (2006) and Piyachon & Luo (2006), • Firewalls that have DPI capabilities are able to filter traffic that come from anti-censorship software. • Sonic Wall and Symantec firewall are example of firewall that capable to prevent anti-censorship but the price is extremely expensive for small organization to buy.

  18. Research Design Chapter 3 • This methodology is adapted from (Peisert & Bishop, 2007). This methodology has been used for “How To Design Computer Security Experiment ”. • The original methodology only has five phases which are : • Form hypothesis • Perform experiment and collecting data • Analyse the data • Interpret data and draw the conclusion • Depend on conclusion, return to #1 • The two phases “Propose Strategy ” and “Validate hypothesis” being added to meet this project requirement.

  19. Methodology used in this studies Chapter 3 • Review from the proposed methodology, this project been divided into 7 main phases.

  20. Form Hypothesis Chapter 4 • Hyphothesis information gathered from the literature review. • Below is the table of how hypothesis was formed. Table 3.1 : Process of connection and location of Ultrasurf

  21. Perform experiment and data collection Chapter 4 Experiment being conduct in 2 conditions : • Firewall block specify domain nameWITHOUT Ultrasurf installed. • Firewall block specify domain name WITH Ultrasurf installed. On two network Infrastructure : • Firewall at Router • Firewall at Proxies

  22. Chapter 4 Figure 3.2 : Web filtering at router (Exp: 1) Figure 3.3 : Web filtering at proxy (exp 2)

  23. Chapter 4 Figure 3.5: Web filtering at squid (Exp: 3) Figure 3.5: Web filtering at squid (Exp: 4)

  24. Ability to Access internet site (Outcome from Experiment) Chapter 4

  25. Analyze Data Chapter 4 • Client installed with Ultrasurf are able to access black list domain. The table below show the result of the experiment. • Wireshark is used to capture packet that transmit and receive data at client site. This provided with a data that can be used for filtering and blocking. Table 3.2 : Ability client to access web site

  26. Interpreter and Draw conclusion Chapter 4 • Ultrasurf used http and https port to communicate with outside server and used various IP that become Ultrasurf external proxies and used TCP protocol. • That is possible to block traffic create by Ultrasurf • This phase suggest that by blocking communication trough IP, It will block Ultrasurf connection. • On this phase objective 1 “To identify how Ultrasurf connect to internet” has been achieve.

  27. Propose Strategy Chapter 4 • One final strategy that been defined in this project is : “To reject ALL traffic using TCP protocol port 80 and 445 that try to connect based on IP address.” • Strategy to filter and block traffic should be place at centralize location. This means, all connections from LAN are passed through this filter • Only network using proxies server (experiment no 4) will be test due lack of resources. Experiment no 4 has been modify to include propose strategy diagram is as below :

  28. Chapter 4 Figure 3.11 : propose strategy diagram

  29. Chapter 4 • “Drop connection if client request URL using IP address”. • http_access deny access_by_ip • acl access_by_ip url_regex \b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b • On this phase objective 2 “To produce strategy that able to block Ultrasurf” has been achieve.

  30. Chapter 4 squid.conf

  31. Chapter 4 blacklist_domain.acl blacklist_domain_contain.acl

  32. Validate the hypothesis Chapter 4 • This phase of the project is to show either the Ultrasurf blocking method that being used is working or not. • Based on the proposed strategy that been used, Experiment 4 (Web filtering at squid with Ultrasurf Installed) has been conducted again to validate the requirement needed. • It show that “it is possible to block Ultrasurf traffic” by using propose strategy derive from hypothesis • Below is figure of Ultrasurf 9.4 Vs Proposed strategy. • On this phase objective 3 “To evaluate the strategy” has been achieve

  33. Ability to Access internet site (Outcome for validation) Chapter 4

  34. Chapter 4 Figure 3.16 : Ultrasurf 9.4 Vs Proposed Strategy.

  35. Chapter 4 Figure 3.17 : Ultrasurf 9.5 Vs Proposed Strategy

  36. Chapter 4 Figure 3.18 : Ultrasurf 9.92 Vs Proposed Strategy

  37. Chapter 4

  38. Conclusion Chapter 5 • This project has introduced a strategy to block user from accessing prohibited website via Ultrasurf. • Squid proxy server has ability to provide a blocking IP address based on http and https connection. • Below are the two strategies that being implemented in this project to block Ultrasurf :

  39. Chapter 5 Figure 5.1: Router, Firewall and Proxy In a Box

  40. Chapter 5 Figure 5.2: Independent Proxy

  41. Future work Chapter 5 • This project will be a good resource and as a guide for the never ending enchantment in this method to block Ultrasurf. • The following pit points maybe useful for this project regarding the developing and finding the new approach in the future. • Performance. • What happen if 1000 user request at same time ? • Squid new technology. • working perfectly in all version of squid ? • Network model. • Can this applied at IPTables ? • Integrate into current firewall technology • incorporate this strategy into low end firewall ? • Others type of anti-censorship software • May the same strategy work on others anti-censorship software ?

  42. References. Aycock, J., & Maurushat, A. (2008, March ). "Good" worms and human rights. SIGCAS Computers and Society, Volume 38 Issue 1 . Becchi, M., & Crowley, P. (December 2007). A hybrid finite automaton for practical deep packet inspection. CoNEXT '07: Proceedings of the 2007 ACM CoNEXT conference. ACM. Becchi, M., & Crowley, P. (December 2007). A hybrid finite automaton for practical deep packet inspection. CoNEXT '07: Proceedings of the 2007 ACM CoNEXT conference. ACM. GIFC. (2010). Retrieved 01 05, 2010, from About Global Internet Freedom Consortium: http://www.internetfreedom.org/ Hunter, C. D. (April 2000). Internet filter effectiveness (student paper panel): testing over and underinclusive blocking decisions of four popular filters. CFP '00: Proceedings of the tenth conference on Computers, freedom and privacy: challenging the assumptions. ACM. Kaiser, A. (2008, Aug 12). technopedia. Retrieved 01 05, 2010, from UltraSurf : Probably The Best Proxy Server Ever!!!: http://technopedia.info/tech/2008/08/12/ultrasurf-probably-the-best-proxy-server.html Kumar, S., Turner, J., & Williams, J. (December 2006). Advanced algorithms for fast and scalable deep packet inspection. ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems. ACM. Peisert, S., & Bishop, M. (2007). how to Design Computer Security Experiments. Springer Boston.Volume 237/2007, pp. 141-148. Springer Boston. Piyachon, P., & Luo, Y. (December 2006 ). Efficient memory utilization on network processors for deep packet inspection. ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems. ACM. Regular Expressions.info. (2010). Retrieved 4 20, 2010, from Sample Regular Expressions: http://www.regular-expressions.info/examples.html Reuters. (2007, July 18). Retrieved 01 05, 2010, from Chinese Internet censors blamed for email chaos: http://www.reuters.com/article/idUSPEK9185520070718 Strange Maps. (2007, 8 3). Retrieved 3 20, 2010, from A Map of the Internet’s Black Holes: http://strangemaps.wordpress.com/2007/08/31/170-a-map-of-the-internets-black-holes/ Tan, Z. A., Mueller, M., & Foster, W. (1997). China's new Internet regulations: two steps forward, one step back. Communications of the ACM archive , 11 - 16. Whitten, J. L., Bentley, L. D., & Dittman, K. (2004). System Analysis and Design Method. 6th ed. Boston: Mc-Graw-Hill Education. Wikipedia. (2010). Retrieved 01 05, 2010, from Internet censorship: http://en.wikipedia.org/wiki/Internet_censorship Wikipedia. (2010). Retrieved 4 20, 2010, from Regular_expression: http://en.wikipedia.org/wiki/Regular_expression Xia, B. (2004). The Coming Crash Of The Matrix. China Right Forum , pp. 42-44.

  43. Thank You Q & A “Human Knowledge Belong To The World”

More Related