Identifying Tunnelled Proxies through Passively Monitoring Network Traffic

摘要

"Proxies" are Internet applications that enable Internet users to connect to (or tunnel through) remote resources using another machine for two distinct purposes. First, they allow users to access remotely all resources in a network (i.e. Virtual Private Network or VPN). Second, they bring some level of anonymity by bouncing traffic around proxies. The latter model may enable Internet users to bypass website censorship and services that prohibit access from some specific geographical locations. Similarly, Internet attackers may use the latter approach to stay unknown. In our previous research, we have introduced OverUDP (a novel approach of transferring all transport layer data over UDP tunnel for P2P communications of IPv4). In this study, we briefly explain how OverUDP works in practice and also show how an Internet attacker may misuse it and make it act as a proxy. Finding this type of proxy is relatively difficult because communications between the attacker and the victim are tunnelled. Furthermore, we discuss the security concerns of misusing our solution, and a detection approach if OverUDP was used as a proxy.