Fingerprinting reverse proxies using timing analysis of TCP flows

Download
Author
Weant, Matthew S.
Date
2013Advisor
Xie, Geoffrey
Beverly, Robert
Second Reader
Rohrer, Justin P.
Metadata
Show full item recordAbstract
Reverse proxy servers are valuable assets to defend outside hosts from seeing the internal network structure upon which the reverse proxy is serving. They are frequently used to protect valuable files, systems, and internal users from external users while still providing services to outside hosts. Another aspect of reverse proxies is that they can be installed remotely by malicious
actors onto compromised machines in order to service malicious content while masking
where the content is truly hosted. Reverse proxies interact over the HyperText Transfer Protocol
(HTTP), which is delivered via the Transmission Control Protocol (TCP). TCP flows provide
various details regarding connections between an end host and a server. One such detail is the
timestamp of each packet delivery. Concurrent timestamps may be used to calculate round trip
times with some scrutiny. Previous work in timing analysis suggests that active HTTP probes
to servers can be analyzed at the originating host in order to classify servers as reverse proxies
or otherwise. We collect TCP session data from a variety of global vantage points, actively
probing a list of servers with a goal of developing an effective classifier to discern whether each
server is a reverse proxy or not based on the timing of packet round trip times.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Related items
Showing items related by title, author, creator and subject.
-
Inferring the presence of reverse proxies through timing analysis
Alexander, Daniel R. (Monterey, California: Naval Postgraduate School, 2015);This thesis presents a method for inferring the presence of a reverse proxy server using packet timing analysis from the vantage point of a client system. This method can determine whether Internet users are receiving web ... -
Retention Analysis Model (RAM) For Navy Manpower Analysis
Arkes, Jeremy; Ahn, Tom; Menichini, Amilcar; Gates, William (Monterey, California. Naval Postgraduate School, 2019); NPS-GSBPP-19-003In the first year of our Retention Analysis Modeling project, we began developing the modelling approach by performing the following analyses: Describe the retention models used to analyze policy levers affecting reenlistment ... -
Product Recovery Planning for Remanufacturing Under Uncertainty
Dahel, Nasr-Eddine (2016-04);Product recovery and remanufacturing often requires refitting an existing forward distribution network with additional capabilities to provide such reverse logistics functions as collection, disassembly, remanufacturing, ...