Fingerprinting reverse proxies using timing analysis of TCP flows
Weant, Matthew S.
Rohrer, Justin P.
MetadataShow full item record
Reverse proxy servers are valuable assets to defend outside hosts from seeing the internal network structure upon which the reverse proxy is serving. They are frequently used to protect valuable files, systems, and internal users from external users while still providing services to outside hosts. Another aspect of reverse proxies is that they can be installed remotely by malicious actors onto compromised machines in order to service malicious content while masking where the content is truly hosted. Reverse proxies interact over the HyperText Transfer Protocol (HTTP), which is delivered via the Transmission Control Protocol (TCP). TCP flows provide various details regarding connections between an end host and a server. One such detail is the timestamp of each packet delivery. Concurrent timestamps may be used to calculate round trip times with some scrutiny. Previous work in timing analysis suggests that active HTTP probes to servers can be analyzed at the originating host in order to classify servers as reverse proxies or otherwise. We collect TCP session data from a variety of global vantage points, actively probing a list of servers with a goal of developing an effective classifier to discern whether each server is a reverse proxy or not based on the timing of packet round trip times.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Alexander, Daniel R. (Monterey, California: Naval Postgraduate School, 2015-06);This thesis presents a method for inferring the presence of a reverse proxy server using packet timing analysis from the vantage point of a client system. This method can determine whether Internet users are receiving web ...
Dahel, Nasr-Eddine (2016-04);Product recovery and remanufacturing often requires refitting an existing forward distribution network with additional capabilities to provide such reverse logistics functions as collection, disassembly, remanufacturing, ...
Kridel, Donald; Dolk, Daniel (WDSI, 2015-03);Product recovery and remanufacturing often requires refitting an existing forward distribution network with additional capabilities to provide such reverse logistics functions as collection, disassembly, remanufacturing, ...