Open Proxy Servers Kevin Guthrie ALA, January 2003

Slides:



Advertisements
Similar presentations
HINARI – Accessing Articles: Problems and Solutions.
Advertisements

HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.
The results for this search are displayed in the Summary format with a total of 3808 citations.
Enabling Secure Internet Access with ISA Server
OhioNET EZProxy Service
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Open Proxy Servers Kevin Guthrie ALA, January 2003.
PubMed Search Options (Basic Course: Module 6). Table of Contents  History  Advanced Search  Accessing full text articles from HINARI/PubMed  Failure.
TUTORIAL NO. 24 Create Alerts and files in EBSCO.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Enabling Secure Internet Access with ISA Server.
PubMed/History; Accessing Full-Text Articles (module 4.4)
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
Using JSTOR November What is JSTOR?JSTOR 2.JSTOR demonstration −Searching JSTOR −Format of the journal content −Using a MyJSTOR account to organize.
Internet Filtering with DansGuardian By Daniel Zobel Director of Technology Heyworth CUSD#4.
Technology Coordinators Training. Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All rights.
Getting started on informaworld™ How do I register my institution with informaworld™? How is my institution’s online access activated? What do I do if.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Network Installation. Internet & Intranets Topics to be discussed Internet. Intranet. .
HINARI Basic Course Module 3 Appendix HINARI – Accessing Articles: Problems and Solutions HINARI – Printing, Copying, Saving and ing Articles: Problems.
Company profile John Wiley & Sons Founded 1807 Wiley-VCH Acquisition 1995 International publisher of scientific and professional.
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
PubMed/History, Advanced Search and Review (module 4.3)
Office of Campus Information Security Incident Response Briefing Jeffrey Savoy, CISSP.
Sustainability: Web Site Statistics Marieke Napier UKOLN University of Bath Bath, BA2 7AY UKOLN is supported by: URL
JSTOR Open Proxy Session ALA Midwinter January 26, 2003.
We now will use Advanced Search Builder option. Access to Advanced is from the initial PubMed page or the Search Results page. Advanced Search.
Review of last Session Learning Objectives 1. Create an on-line account with weebly.com along with a blank website 2. What a domain names are & how to.
HINARI – Accessing Articles: Problems and Solutions (Appendix 1)
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Journals can be accessed by title from an alphabetical list. For this exercise, click on ‘L’ from the A-Z list. Note: there also is a View complete list.
HINARI Basic Course Module 3 Appendix HINARI – Accessing Articles: Problems and Solutions HINARI – Printing, Copying, Saving and ing Articles: Problems.
Full-text Article Access Problems Using the ‘Journals by title A-Z’ list, we are attempting to access a full-text article from the Blood. Although HINARI.
From the Free Collections drop down menu, you can access other free e-journal gateways and be able to obtain full-text articles. We will examine one of.
Role Of Network IDS in Network Perimeter Defense.
We now will sample several of the resources from the Other Free Collections drop down menu.
PROXY SERVER Kalyani Ravi. A proxy server is essentially an electronic gatekeeper, residing between an organization's internal network and the Internet,
Collecting Copyright Transfers and Disclosures via Editorial Manager™ -- Editorial Office Guide 2015.
USER GUIDE TO BOOKS AT JSTOR November WHAT IS BOOKS AT JSTOR? Books at JSTOR is a program that offers ebooks from leading scholarly publishers,
Page PearsonAccess™ Technology Training Online Test Configuration.
Once logged-in, you will be taken into the Full text journals, databases, and other resources sub-page of the website. Note the ‘You are logged’ in message.
Accessing journals by title 1 Journals can be accessed by title from an alphabetical list. For this exercise, click on ‘L’ from the A-Z list. Note: there.
PubMed Database Interface (Basic Course Module 4).
Chapter 7: Using Windows Servers
Access Problems and Solutions for Full-text Articles or E-books
Module 3: Enabling Access to Internet Resources
Using JSTOR May 2016.
Enabling Secure Internet Access with TMG
User guide to books at jstor
Introduction to Computers
The Move to Hosted Ezproxy Experienced by Texas Tech University
IIS.
Using JSTOR November 2013.
Access Problems and Solutions for Full-text Articles or E-books
HINARI – Accessing Articles: Problems and Solutions (Appendix 1)
Configuring Internet-related services
(PubMed) MY NCBI (Advanced Course: Module 2)
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
PubMed Database Interface (Basic Course: Module 4)
HINARI – Access Problems and Solutions
HINARI – Accessing Articles: Problems and Solutions
Designing IIS Security (IIS – Internet Information Service)
Hinari Basic Course Module 3 Appendix 1
The Internet and Electronic mail
How Enterprise Agents can be installed remotely on protected objects
PubMed/How to Search, Display, Download & (module 4.1)
Presentation transcript:

Open Proxy Servers Kevin Guthrie ALA, January 2003

Outline Background: what are “open proxies”? What’s the exposure? What happened? How was it done? Not an isolated case What to do JSTOR – January 2003

What has been taken: 51,392 Articles from 11 Titles # of articles Pct. of Run Sociology Journal 1 4,997 95% Sociology Journal 2 11,340 87% Economics Journal 3 5,514 77% Sociology Journal 4 349 73% Economics Journal 2 402 71% Sociology Journal 5 14,537 65% 3,619 55% Statistics Journal 1 6,555 44% Economics Journal 4 120 3% Sociology Journal 6 3,728 23% 231 <1% JSTOR – January 2003

Proxy Servers A proxy server is a web server that acts as an intermediary or relay station between a workstation user and the Internet. JSTOR – January 2003

proxy.inst.edu IP: 2.3.4.5 http://www.jstor.org/browse http://www.jstor.org/browse www.jstor.org User IP: 1.2.3.4

Proxy Servers Common Reasons for Their Use Caching Remote access Usage tracking Controlled access Approved filtering JSTOR – January 2003

What is an “open” proxy server? October 2002 What is an “open” proxy server? There is a configuration process to specify who is authorized to access the server. It is similar to the configuration process for any web server When a proxy server is not set up with the appropriate access controls, anyone can access that machine and “assume its identity” JSTOR – January 2003 JSTOR Retreat

“Open” Proxy Servers: How and Why are they Created October 2002 “Open” Proxy Servers: How and Why are they Created Some are organizational or departmental proxy servers incorrectly configured. Some are set up intentionally to provide access to restricted resources (probably for convenience). We believe many are set up accidentally as an unknown by-product of setting up a web server. JSTOR – January 2003 JSTOR Retreat

What’s the Exposure?

Search For Lists of Open Proxy Servers

Find Lists of Open Proxy Servers

Lists of Open Proxy Servers by Domain Type

A List of Open .edu Proxies [The server hostnames have been edited to protect the institutions with open proxy servers listed on this page.]

What Happened and How it was Discovered

October 2002 JSTOR Monitors Use We have triggers to alert us to unusual levels of usage activity We investigate when usage seems unusual JSTOR – January 2003 JSTOR Retreat

The Abuse What Happened August 22nd to the 27th -- 13413 articles are downloaded from Proxy #1. August 27th we deny this IP access to JSTOR. ------------------------------------------------------------- August 26th to September 4th -- 3859 articles are downloaded from Proxy #2 at a different participating site. September 4th we deny the IP address of this second proxy. JSTOR – January 2003

The Abuse What Happened October 2002 The Abuse What Happened It appeared the two abuse situations were related: There was an overlap in journals downloaded, but not an overlap in articles downloaded. Analysis of our log files showed that the URLs being downloaded via Proxy #2 were created through use at Proxy #1. JSTOR – January 2003 JSTOR Retreat

The Abuse The Pattern Continues Between August 27th and October 31st downloads occurred from: 27 open proxy servers at 16 different sites As JSTOR staff denied each proxy server, the abuse moved on. ~51,000 articles downloaded from 11 journals JSTOR – January 2003

How Is It Done?

Automate The Process Download lists of open proxies Automate a process to probe each to see if there is access to restricted resources Identify a set of open proxy servers with such access and set them aside Automate a process to download content From the “confirmed” list – commence downloading. JSTOR – January 2003

Not an Isolated Case We have found web pages providing explicit instructions for others to help them exploit open proxies in order to download content. JSTOR – January 2003

Not an Isolated Case

Not an Isolated Case - Translations “The Bible for Downloading Journal Articles” “To be blunt about it, you find an overseas proxy. The institution that the proxy server belongs to has spent money to buy the electronic edition of some journal, and then you use this proxy, (so) of course you can download the entire text of that journal!” “I cannot deny that some servers can download complete texts from many journals, but please, everyone, let’s not grab onto the ones which are easy to use and use them madly. The result of doing so will be to hasten the death of that server! So when you are using them, it’s best to do so equitably!” JSTOR – January 2003

Not an Isolated Case

Questions & Discussion

What to do? Shibboleth DLF Certificates Education October 2002 What to do? Shibboleth http://shibboleth.internet2.edu/ DLF Certificates http://www.diglib.org/architectures/digcert.htm Education Drive all campus access through a set of properly authenticated proxy servers JSTOR – January 2003 JSTOR Retreat

http://www.jstor.org/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.