Fingerprinting reverse proxies using timing analysis of TCP flows
Weant, Matthew S.
Rohrer, Justin P.
MetadataShow full item record
Reverse proxy servers are valuable assets to defend outside hosts from seeing the internal network structure upon which the reverse proxy is serving. They are frequently used to protect valuable files, systems, and internal users from external users while still providing services to outside hosts. Another aspect of reverse proxies is that they can be installed remotely by malicious actors onto compromised machines in order to service malicious content while masking where the content is truly hosted. Reverse proxies interact over the HyperText Transfer Protocol (HTTP), which is delivered via the Transmission Control Protocol (TCP). TCP flows provide various details regarding connections between an end host and a server. One such detail is the timestamp of each packet delivery. Concurrent timestamps may be used to calculate round trip times with some scrutiny. Previous work in timing analysis suggests that active HTTP probes to servers can be analyzed at the originating host in order to classify servers as reverse proxies or otherwise. We collect TCP session data from a variety of global vantage points, actively probing a list of servers with a goal of developing an effective classifier to discern whether each server is a reverse proxy or not based on the timing of packet round trip times.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Alexander, Daniel R. (Monterey, California: Naval Postgraduate School, 2015-06);This thesis presents a method for inferring the presence of a reverse proxy server using packet timing analysis from the vantage point of a client system. This method can determine whether Internet users are receiving web ...
Schneidewind, Norman F. (1992-04);There are several issues that confront LAN management with respect to allocating servers and files in a LAN. These are: How many servers should be used for a given number of user computers? Should files be replicated ...
Fabby, James G. (Monterey, California. Naval Postgraduate School, 2001-12);Acquisition reform has resulted in many changes throughout DoD procurement. The draw down of the workforce and financial constraints demand acquisition professionals conduct business in a smarter, more efficient manner. ...