Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Dark Side of the Web: An Open Proxy’s View Vivek Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, and Larry Peterson Princeton University.

Published byWalter Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "The Dark Side of the Web: An Open Proxy’s View Vivek Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, and Larry Peterson Princeton University."— Presentation transcript:

1 The Dark Side of the Web: An Open Proxy’s View Vivek Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, and Larry Peterson Princeton University

2 CoDeeN (Content Distribution Network) PlantLab’s network of open web proxies Used for forward and reverse proxying Free and open to anyone Motivation: provide a secure open proxy that anyone can use for community caching or avoiding censorship. Live testing on the internet helped developers quickly find bugs and security problems.

3 Security Problem #1: Spam Spammers used CONNECT method to build TCP tunnels to port 25 on remote hosts. POST/formmail often stores destination e-mail address in hidden input fields. Spammers exploited forms by inserting their recipient’s e- mail address into these forms. IRC spim via CONNECTs to port 6667

4 Security Problem #2: Anonymity Some users were going to SpotLife to download webcam images and used CoDeeN to mask their identity. Asian users downloaded movies via CoDeeN’s west coast servers (Asia-US- Asia) to bypass ACL restrictions. Users used stenography to embed content inside other files (parts of movies inside gifs and jpegs).

5 Security Problem #3: Abuse Users used CoDeeN to launch dictionary attacks against Yahoo accounts. Users built Google crawlers on a series of words. Click-Counter abuse. Some click counters use page views instead of ad views, inviting abuse.

6 Security Problem #4: Content Theft CoDeeN often run at universities which may have address authenticated site licenses for electronic journals. One user downloaded over 50K articles. Some sites allow private content for local users only (ACL based). Users exploited CoDeeN server locality to gain access to these files.

7 Security Problem #5: Blacklists Due to these abuses and their status as an “open proxy”, many CoDeeN hosts were getting blacklisted, reducing the network’s usefulness.

8 Solutions/Countermeasures Users classified into 3 groups: local CoDeeN users, local to PlantLab hosts, and outside users. Outside users were rate limited CONNECTs to port 25 and 6667 were disallowed. POST methods were disallowed. Blacklists were used to shut out malicious users.

9 Yahoo login attempts limited to 30 per day. Specific vulnerability signatures charged users with a full day’s worth of traffic (locking the user out for a day). Cache misses were sent to a pair of proxies (forward and reverse) so that a user’s aggregate bandwidth could be tracked. Licensed content (e-journals, etc...) made available to local users only, outside users got an error page.

10 Results CoDeeN now serves over 59,000 users at up to 50K requests per hour. Denying POST methods has not been a significant problem. Rate limiting yahoo logins and aggregating user totals across proxies has greatly reduced password cracking attempts.

Download ppt "The Dark Side of the Web: An Open Proxy’s View Vivek Pai, Limin Wang, KyoungSoo Park, Ruoming Pang, and Larry Peterson Princeton University."

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Introduction to Your Name Goes Here

Introduction to Your Name Goes Here
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Fermilab VPN Service What is a VPN ?.

Fermilab VPN Service What is a VPN ?.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
1 ITGS - introduction A computer may have: a direct connection to a net (cable); or remote access (modem). Connect network to other network through: cables.

1 ITGS - introduction A computer may have: a direct connection to a net (cable); or remote access (modem). Connect network to other network through: cables.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

Similar presentations

Ads by Google