Detecting Anonymous Proxy Usage Final Report

Download 0.59 Mb.
Date conversion16.07.2017
Size0.59 Mb.
  1   2   3   4   5   6   7   8   9   ...   20

Detecting Anonymous Proxy Usage

Final Report

Jonathan McKeague - B00443636
BSc Computer Science

School of Computing and Intelligent Systems

Faculty of Engineering

University of Ulster at Magee


Date: 11/12/13

Supervisor: Kevin Curran


The Internet is built atop the Internet Protocol (IP) which has at its heart a unique identifier known as an IP address. The IP address serves two principal functions: host or network interface identification and location addressing. IP addresses by themselves do not point to specific geographical real-world locations by default but they will be registered to specific geographical locations and so can be used for crude or sometimes very accurate geographical location determination. Knowing the location of an IP address can be very useful in many situations such as for banks to know if a connection is in progress from online fraud hotspots. There exists a problem however in that IP addresses can be spoofed. This allows hackers to bypass geographical IP restrictions and thus render some category of fraud prevention useless. Anonymous proxies (AP) which act as intermediate relays which disguise the source IP addresses can play a large role in cybercrime. There is thus a need to ascertain whether an incoming IP connection is an original source matched IP address or one being routed through an anonymising proxy. This report concentrates on various methods used by anonymising proxies, the characteristics of the anonymous proxies and the potential mechanisms available to detect if a proxy is in use. It outlines the prototype system specification in addition to future plans and overall architecture.


Firstly I would like to thank my project supervisor, Dr. Kevin Curran, his guidance and support throughout the project has been extremely helpful. He has been an invaluable mentor to me and has always been very quick to respond to any queries I had.

My friends and family have been there for me throughout and given me support when needed, for this I am very grateful and wish to thank them also.


I declare that this is all my own work and does not contain unreferenced material copied from any other source. I have read the University’s policy on plagiarism and understand the definition of plagiarism. If it is shown that material has been plagiarised, or I have otherwise attempted to obtain an unfair advantage for myself or others, I understand that I may face sanctions in accordance with the policies and procedures of the University. A mark of zero may be awarded and the reason for that mark will be recorded on my file.

Jonathan McKeague

Table of Contents

Abstract 2

Acknowledgements 3

Declaration 3

Table of Contents 4

Table of Figures 5

1. Introduction 6

1.1 Project Aims and Objectives 7

1.2 Chapter Overview 7

2. Literature Review 9

2.1 PHPProxy 9

2.2 CGIProxy 10

2.3 Glype 11

2.4 Onion Routing and Tor 12

2.5 SSL Proxy 13

2.6 IP Blocking 14

2.7 Access Control Lists 15

2.8 Geolocation Security 16

2.9 Base64 Encoding 17

2.10 Snort 19

2.11 Wireshark 20

3. Requirements Analysis 21

3.1 Project Problem Statement 22

3.2 Project Solution Overview 22

3.3 Functional Requirements 22

3.3.1 User Requirements 22

3.3.2 System Requirements 23

3.4 Non- Functional Requirements 23

3.5 Hardware Requirements 25

3.6 Software Requirements 25

3.7 Development Methodologies 26

3.7.1 Selected Methodology 29

3.8 System Structure 29

4. Project Plan 30

4.1 Milestones and Deliverables 30

4.2 Project Plan 31

4.3 Time Management 33

4.4 Working with Supervisor 34

4.5 Risk Management 35

5. Design 37

5.1 Monitoring Network Traffic 37

5.2 Software used 38

5.3 System Design 38

5.4 Log Files 40

6. Implementation 43

6.1 Wamp Server 43

6.2 Network Packet Capturing 44

6.3 Glype Proxy Detection 47

6.4 PHPProxy Detection 50

6.5 CGI Proxy Detection 52

6.6 Tor Browser Detection 55

6.7 Limiting the result log 58

7. Testing 61

7.1 Normal Browsing Test 62

7.2 Glype Proxy Test 63

7.3 PHPProxy Test 64

7.4 CGI Proxy Test 65

7.5 Tor Browser Test 67

7.6 Further System Tests 69

8. Evaluation & Reflection 73

8.1 Future Work and Enhancements 74

10. References 76

11. Appendices 79

Appendix A: Source Code 79

Appendix B: Network Packets containing the different proxies 85

Appendix C: Instruction Set 103

Table of Figures

1. Introduction

When the internet was first being developed back in 1958 as a means for communication, it was inconceivable the success that it would have worldwide (Mallia, 2013). Over 2.7 billion people now access the Internet daily (ITU, 2013). When you compare this to the Internet usage in 1990, which was 3 million people worldwide (SASI, 2006); you can see a stark difference. Whether Internet users are checking and sending emails, reading an online newspaper, researching, doing online shopping or online banking, the need for a secure system is a major challenge for those who develop internet security systems. This is especially true for users that use the internet to do business, or send private information, as more people are finding different ways to ‘hack’ into secure servers and exploit vulnerable data. In 2011 alone, the total amount that was stolen from businesses online amounted to $3.4 billion, which was up by $700 million from 2010 (Neustar, 2012). This figure is only going to increase, with businesses using the internet more to do the majority of their business. This increase in business activity online could lead to more criminals targeting online businesses; it is therefore a priority for businesses to invest in methods to protect themselves against such attacks.

Internet misuse is also a major headache for employers due to the increase in popularity of websites such as Facebook, YouTube, Twitter and Google+. This has led to a decrease in the productivity of their employees, which in turn leads to less profit, and more loss. Network administrators have therefore had to block many of these websites from being used in the workplace in an attempt to mitigate the problem. Initially they attempted to simply block the IP of the websites. IP addresses are registered to specific geographical locations, although they don’t give the exact area of where the user is located. However it does pinpoint the country that is accessing the network (Goralski, 2008). IP blocking worked quite well, as anytime a user tried to access a website that had its IP blocked they would be denied access. This prompted users to try to find a way around the blocked IP’s.

One simple method was the use of a proxy. A proxy website masks the IP of the website that you are trying to view, which bypasses the IP blocking method used to detect the blocked website. Due to an increase in online banking, banks themselves have had to increase security in their systems and networks; examining IP’s is one method they utilize. If a user is making a transfer online and the IP looks fraudulent, then the account holder will be contacted before the transfer is verified.

There are thousands of free PHP/CGI proxies to use online, making it a simple way to bypass this basic security feature. Even if the proxy server that was used was blocked there are thousands more to choose from, making the task of blocking them difficult (Lyon, 2009). The code for all of these proxies is open source, it can be downloaded and setup with ease, which means that anyone with a computer could theoretically create a proxy server. Another method that can be used to bypass security measures is Onion Routing (e.g. Tor Browser) which is used to anonymize a user’s traffic on the internet. This method uses a different port than what is typically used to access blocked websites. Onion Routing works by routing internet traffic through many different hosts, encrypting data at each different host (Dingledine et al, 2004).

  1   2   3   4   5   6   7   8   9   ...   20

The database is protected by copyright © 2016
send message

    Main page