300 likes | 457 Views
Industry Capability LINX Traceability Best Current Practice. Keith Mitchell keith@linx.net Executive Chairman London Internet Exchange ACPO Scotland Internet Awareness Seminar 8th Nov 1999. Overview. Background, History, Motivation Principles IP addresses Dial-up users Applications
E N D
Industry CapabilityLINX TraceabilityBest Current Practice Keith Mitchell keith@linx.net Executive Chairman London Internet Exchange ACPO Scotland Internet Awareness Seminar 8th Nov 1999
Overview • Background, History, Motivation • Principles • IP addresses • Dial-up users • Applications • Domain Name System
LINX Experiences • LINX is UK national Internet Exchange Point (IXP) • 5 years old today ! • Brings together and represents88 largest UK/EU ISPs • Also performs self-regulatory “non-core” activities
Industry Capabilities • Much work originated and motivated by ACPO/ISP/Government forum • Two important documents • Industry Capabilities • see www.ispa.org.uk • Traceability BCP • today’s talk
LINX Non-Core Activities • Content Regulation • Illegal material • Law Enforcement • Helping investigations • UBM Regulation • “spam” • Telecomms Regulation • Oftel
LINX & Regulation • Funding, and policy & management oversight of Internet Watch • Defines “good practice”, but only mandatory requirements concern IXP • Becoming involved in network abuse • 3 Best Current Practice documents published earlier this year:http://www.linx.net/noncore/bcp/
LINX BCP Documents • Published: • Traceability • Illegal Material • Unsolicited E-mail (UBE = “spam”) • Planned: • Internet User Privacy • Direct E-mail use
Internet Watch Foundation • Voluntary funding from large ISPs directly, and small/medium via associations • Operates hot-line for reporting illegal material - 0845 600 8844 • Working on content rating schemes (ICRA, INCORE projects) • http://www.internetwatch.org.uk
Key IWF Principle • UK ISPs supporting IWF are not held responsible for illegal content on their systems, provided: • it was placed there by customers • they have no prior knowledge of it • they take appropriate action when they do learn of it • n.b This is an informal agreement, not upheld by UK law
Traceability • Principle of who did what & when on the Internet • Key element of making individuals responsible for their actions • Rest of talk outlines contents of LINX “Best Common Practice” document for ISP industry
Uses of Traceability • Finding out sources of: • Illegal content(e.g. paedophile material) • Denial of Service attacks • Unsolicited Bulk Messaging (“spam”) • Hacking, fraudulent access
Traceability in Practice • Complete knowledge is 100% possible in theory • but practice will fall short of this • BCP document defines how to make practice closer to theory • Traceability is currently exception • ideally the norm • legitimate anonymity an exception
Traceability Obstacles • Vendor support • Passing information between ISPs and carriers, e.g. • across national borders • caller id • Unregistered trial etc accounts • 3rd party relaying (e-mail)
IP Addresses • All Internet activity has to come from some IP address • Starting point of any tracing exercise • Need to map from this through: • domain name system • one or more ISPs • authentication system • public telephone network • touser
IP Address Spoofing • Need to ensure traffic is coming from where its source address claims - easy to fake • Most applications require duplex communication, so spoof abuse scope limited: • Denial of Service attacks • “Single shot” attacks • Session sequence number interpolation
Spoof Prevention • Static source address filters: • between backbone and “edge” routers in ISP’s backbone • performance impact • hard to scale elsewhere, e.g. between providers • Dynamic filters: • per-user per dial-in session • More info in RFC 2267
Dial-up Users • Use of per-session dynamic IP address allocation is efficient • but makes traceability harder • User accounts and access numbers common to many dial-in routers • Need to reliably map from: • (IP address, time) to (user)
Dial-in Authentication • RADIUS authentication logs usually have info required, but: • need time synchronisation (NTP) • records can be lost (UDP) • vendor record format variations • Alternatives include: • syslog, dynamic DNS, finger/telnet, SNMP
Unregistered Users • e.g. • free trials • “pay as you go” services • public access terminals • Pose particular traceability problems • but there are ways to offer these services with safeguards
De-Anonymising Users • Credit card check • Voice phone call back • Fax phone call back • Avoid shared accounts • Digital certificates • Caller Id or CLI
Caller Id (CLI) • Ideally phone number being used to make modem call passes through telephony carriers and dial-in router to ISP’s logfiles • Some issues in practice: • carriers • router vendors • users
Caller Id Issues • Not all carriers present full CLI • regulatory intervention needed ? • Not all dial-in routers: • accept or log CLI • differentiate withheld vs unavailable • ISPs who are not carriers get user (possibly modified) CLI rather than network CLI
“Pay as you go” Services • e.g. BTclick, FreeServe et al • Need to be able to: • require and log CLI • block payphone, international, prepaid calls • maintain frequent abuser phone number blacklist • identify IP address ranges used for this
E-Mail Traceability • Very easy to make e-mail untraceable via fake headers • Default config of many mail servers dumb in this respect • Some routine precautions can tackle this • Modern servers which are wise to this are available
E-mail Server Config • Make sure actual IP addresses are stamped on headers • Disable 3rd-party relaying ! • Consider using SMAP, Exim software • Source filter which IP addresses can connect to SMTP port • Domain Name verification • valid ? • forward/reverse match ?
USENET News Servers • Always add X-NNTP-Posting-Host: header • Restrict posting from customer addresses only • Heavily restrict use of mail2news • Always add X-Mail2news: header • Importance of synchronised & verified time/date stamping
Domain Name Servers • in-addr address to name mapping critical when tracing • important to ensure server security • in theory dynamic DNS update could insert user name into reverse lookup for session duration - hard in practice
User Privacy • Laws to protect privacy of ISPs’ customers must be respected • e.g. ECHR, Data Protection Acts, IOCA • “Big Brother” PR is bad both for business and co-operation • LINX has set up Internet User Privacy Forum to engage in constructive dialog with activtists • See http://www.iupf.org.uk
Possible Future Work • Inter-provider issues • IRC & “chat” • Corrections, improvements • Feedback welcome !
Conclusions • You can’t solve the whole problem • ..but straightforward measures can make a big difference • Legal protection of legitimate users’ privacy must be addressed • The industry can take a responsible lead throughco-operation