Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insecured Proxies in Internet Abuse Eur Ing Brian Tompsett Department of Computer Science University of Hull

Similar presentations

Presentation on theme: "Insecured Proxies in Internet Abuse Eur Ing Brian Tompsett Department of Computer Science University of Hull"— Presentation transcript:

1 Insecured Proxies in Internet Abuse Eur Ing Brian Tompsett Department of Computer Science University of Hull

2 2 Analysis of Proxy Abuse Web Server since 93/94 Large popular content (genealogy) 1-2M clicks month Same IP/domain 1999 saw first proxy requests Allowed a few, experimentally

3 3 Proxy Server? Web Server – Port 80 Not a proxy Scanned for Proxy ability Pages/robots indicated not open Added to lists of open servers

4 4 Level of Intrusions? Measured general Intrusion –100s a day per machine –Machine compromise risk high Analysed bulk email –1000s month since 1996 –Open proxies main vehicle

5 5 Origins of Proxy Abuse 1 st Austrian Universities Russian/Ukrainian Origin CZ, CN, EDU.CA, IL –Russian Speakers Proxy Abuse Software in Russian found

6 6 General Problem of Proxies Denial of Service –Tracking and Complaining –Scripts to assist log extracting Others noticed –APAN-JP Proxy Abuse Campaign

7 7 The Proxy Abusers Initially Adult Oriented Hotel/Travel material Avoid local censorship/blocking –Education site seems inoffensive ISP load sharing Researchers cache timing experiments

8 8 Counter Fraud Manipulate Click Counters Improving Ranking Polls, Talent Contest, TV Votes Make minority interests appear normal

9 9 Pay-per-Click Web pages full of adverts Adverts Clicked Mechanically Advert Revenue Collected Organised Crime –Clicking Clubs –Software Promoted & Available

10 10 The Advertisers Unaware of Fraud No expertise to control Disbelieving Minority aware and capable Many Bankrupted E-commerce growth harmed

11 11 What is a Proxy? Application Gateway Carry Traffic for third parties –http proxy –Socks Proxy –NAT –Firewalls –SMTP –AnalogX, WinGate, Squid

12 12 Proxy Trends Make the Unacceptable Acceptable –Counter Manipulation DSL connected proxies World Growth in Broadband –Political Prominence –Technical Naivety –Commercial Imperatives

13 13 Proxy Implantation Worm delivers viral Proxy –Sobig Web server Implantation –Pornographic distribution Problem for Forensics –Criminals can claim virus caused it –Forensic Examination needs more rigour –ISP hindering public protection

14 14 SuperZonda Latest proxy use Done by DNS control with open proxy Method: www.doubtful-domain.zz www.doubtful-domain.zz –Web browser fetches page –DNS lookup => open proxy –Open proxy fetches page –DNS lookup return true IP –Can be layered

15 15 Why? Obscures True Page Location Makes Organisation Appear Large Improves apparent responsiveness –Millions of effective web servers Enhances reputation of advertiser Diverts Complaints

16 16 Why Worry? Paedophile Material Appear to be hosted at schools Fulfils their fantasy Combined with AnalogX at Korean Schools Damaged Reputation Needs Local Action –Lobby Admins & Politicians

17 17 Further Hiding Bogons –Traffic from non-existent IP blocks –Identified by Zombies –Dormant IP block taken over by fraud –Documentation is forged Hides origins of Proxy Abusers Traceroute fooling

18 18 Regional Perspectives Korean Schools Japan –formerly free of proxies –Now broadband expansion Many proxies – worrying Malaysia, broadband proxies Thailand – educational proxies China – registration data & Language

19 19 Dirty Money Overseas Currency –Powerful draw –Naivety regarding issues –Causes Internet Routing Sanctions

20 20 Solving The Problem Too many proposals –Too a narrow perspective –Vested Interests – hope to profit –Vendors only looking at their part Need holistic approach to abuse –Across applications –All Layers of protocol

21 21 Layered Defence Protection at all Levels of Network Model Action by end users at application layer –Not fully protected –Need action at lower layers

22 22 Physical/Datalink Secure Physical Access –Plug in cables –Wireless range Control Access by medium Control Access by Authorization –No free rides –Particularly important in wireless

23 23 Network (IP) Layer Some IP not routed –RFC1918 –Bogons –Zombies –Own policy based restrictions Manage this database

24 24 Transport (TCP/UDP) Layer Only route to provided services –Restrict port 25 through mailhubs –Restrict port 80 to web servers –No incoming port 23 Restrict dialups (in and out) Local Policy based restrictions –Manage this database Protects from worm propagation

25 25 Application Level Enforce Protocols/Handshaking Filter for application targetting –Web pages (e.g. browser attacks) –Email (e.g. browser attacks) –Viral content Checksumming (DCC) Content Filters (Bayesian) Local & User filters

26 26 The Layers Transport Network Datalink Physical ApplicationUser Filter; Baysian; DCC; Format ; Handshake; RFC-Ignorant Service Policy RFC-ignorant Policy; Zombie; Bogons; RFC1918 Authorised Connection - Medium

27 27 Managing Layered Prevention Not a Single Point Solution –Distributed Responsibility –Network Managers –Customer Service –Clients No unmanaged Broadband Managed Software Install –Child Protection enabled

28 28 Role of the Regulator Legislators are confused Abuse is immune to Legislation Regulators need to enforce best practice –Managed Broadband –Track Best Practice Regulate Registrars –More resources, better data

29 29 Conclusions National Interest to Regulate Registrar –Provide Resources –Operate as Internet Licensees –Identity Proved Internet Product Safety Regulation Regulate Network Best Practise –To protect the consumer

Download ppt "Insecured Proxies in Internet Abuse Eur Ing Brian Tompsett Department of Computer Science University of Hull"

Similar presentations

Ads by Google