The Dark Side of the Web: An Open Proxy’s View Vivek Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, and Larry Peterson Princeton University.

Slides:

Advertisements

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Advertisements

Enabling Secure Internet Access with ISA Server

DMZ (De-Militarized Zone)

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

FIREWALLS Chapter 11.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Introduction to Your Name Goes Here

Toolbox Mirror -Overview Effective Distributed Learning.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Fermilab VPN Service What is a VPN ?.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

1 Enabling Secure Internet Access with ISA Server.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

1 ITGS - introduction A computer may have: a direct connection to a net (cable); or remote access (modem). Connect network to other network through: cables.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

CIS 450 – Network Security Chapter 3 – Information Gathering.

The Dark Side of the Web: An Open Proxy’s View Vivek S. Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, Larry Peterson Princeton University.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

CONTENTS  INTRODUCTION.  KEYWORDS  WHAT IS FIREWALL ?  WHY WE NEED FIREWALL ?  WHY NOT OTHER SECURITY MECHANISM ?  HOW FIREWALL WORKS ?  WHAT IT.

POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.

Types of Electronic Infection

Protecting Students on the School Computer Network Enfield High School.

NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.

Security fundamentals Topic 9 Securing internet messaging.

Amanda Fristy Damara Thea Bayu Gerhana Yuda Evita Fitri Ila Uswatun Hasanah Putri Ayuning Kartika Presented by :

RYAN HICKLING. WHAT IS AN An messages distributed by electronic means from one computer user to one or more recipients via a network.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

The CoDeeN Content Distribution Network Vivek S. Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, Larry Peterson Princeton University August 12, 2003.

Uploading Web Page  It would be meaningful to share your web page with the rest of the net user.  Thus, we have to upload the web page to the web server.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

ANONYMIZING / WEB PRIVACY. TOOLS: STAYING ANONYMOUS ON THE INTERNET Proxy Server Tor.

Important of Firewall Security in LAN Presented by: Guo Chean Ooi.

Chapter 9 Intruders.

TMG Client Protection 6NPS – Session 7.

Configuring Windows Firewall with Advanced Security

Secure Software Confidentiality Integrity Data Security Authentication

LINUX ADMINISTRATION 1

Introduction to Your Name Goes Here

Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.

Co* Projects : CoDNS, CoDeploy, CoMon

The Internet of Things (IoT)

6.6 Firewalls Packet Filter (=filtering router)

Auditing Etsy The Security of Etsy

Chapter 27: System Security

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

Firewalls Routers, Switches, Hubs VPNs

Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.

Introduction to Your Name Goes Here

HOW DO I KEEP MY COMPUTER SAFE?

Introduction to Networks

Chapter 9 Intruders.

Lecture 2 - SQL Injection

Communications & Computer Networks Resource Notes - Introduction

Introduction to Network Security

(DNS – Domain Name System)

Security in mobile technologies

Presentation transcript:

The Dark Side of the Web: An Open Proxy’s View Vivek Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, and Larry Peterson Princeton University

CoDeeN (Content Distribution Network) PlantLab’s network of open web proxies Used for forward and reverse proxying Free and open to anyone Motivation: provide a secure open proxy that anyone can use for community caching or avoiding censorship. Live testing on the internet helped developers quickly find bugs and security problems.

Security Problem #1: Spam Spammers used CONNECT method to build TCP tunnels to port 25 on remote hosts. POST/formmail often stores destination address in hidden input fields. Spammers exploited forms by inserting their recipient’s e- mail address into these forms. IRC spim via CONNECTs to port 6667

Security Problem #2: Anonymity Some users were going to SpotLife to download webcam images and used CoDeeN to mask their identity. Asian users downloaded movies via CoDeeN’s west coast servers (Asia-US- Asia) to bypass ACL restrictions. Users used stenography to embed content inside other files (parts of movies inside gifs and jpegs).

Security Problem #3: Abuse Users used CoDeeN to launch dictionary attacks against Yahoo accounts. Users built Google crawlers on a series of words. Click-Counter abuse. Some click counters use page views instead of ad views, inviting abuse.

Security Problem #4: Content Theft CoDeeN often run at universities which may have address authenticated site licenses for electronic journals. One user downloaded over 50K articles. Some sites allow private content for local users only (ACL based). Users exploited CoDeeN server locality to gain access to these files.

Security Problem #5: Blacklists Due to these abuses and their status as an “open proxy”, many CoDeeN hosts were getting blacklisted, reducing the network’s usefulness.

Solutions/Countermeasures Users classified into 3 groups: local CoDeeN users, local to PlantLab hosts, and outside users. Outside users were rate limited CONNECTs to port 25 and 6667 were disallowed. POST methods were disallowed. Blacklists were used to shut out malicious users.

Yahoo login attempts limited to 30 per day. Specific vulnerability signatures charged users with a full day’s worth of traffic (locking the user out for a day). Cache misses were sent to a pair of proxies (forward and reverse) so that a user’s aggregate bandwidth could be tracked. Licensed content (e-journals, etc...) made available to local users only, outside users got an error page.

Results CoDeeN now serves over 59,000 users at up to 50K requests per hour. Denying POST methods has not been a significant problem. Rate limiting yahoo logins and aggregating user totals across proxies has greatly reduced password cracking attempts.