1

Anonymous Digital Communications Anonymous Digital Communications Final Lab PresentationFinal Lab Presentation

ECE 4112ECE 4112Internetwork SecurityInternetwork Security

Group 3Group 3Alvin Schurman and Kelly LehmanAlvin Schurman and Kelly LehmanGeorgia Institute of TechnologyGeorgia Institute of Technology

http://www.afrl.af.mil/images/pictures/abl-sor.jpg

2

Presentation Topics

Topic Description and Controversy Project Scope and Proposed Lab Inclusion Laboratory Set-up Web Client Information IP Address Spoofing (Obfuscation) Web Bugs Tor Networks Conclusions Questions

3

Project Scope and Lab Inclusion

Too big for Lab addition

Related topics in current laboratory experiments

Lab 3, Address Spoofing, Denial of Service, Email Spoofing

Propose to retool Lab 3 and include this material

4

Laboratory Set-up

Simplify Lab Set-up

VMware Appliances

Ready-made apps

Pre-configured devices

5

Web Client Information

Easiest First

Shows client information

Uses Firefox extensions Spoofs client information IP/port address not spoofed

Not included in Lab Firefox extension detection with chrome element in javascript

6

IP Address Spoofing (Obfuscation)

Client data with PhProxy Proxy + Ethereal = hackerpot Snooping HTTPS Proxy Examining server logs Research HTTPS sniffers

Proxypot Sebek Open Proxy Honeypot

It’s just HTTP/HTTPS right? Wrong … desproxy

7

Web Bugs

Traditional image in html

CSS element web bug in html

Both elements hidden in .doc

8

Tor Networks

The Onion Router (TOR) Layered approach

Provides anonymity for Internet traffic Web browsing IM IRC SSH

Downsides to Tor Networks Exiting the network Traffic Analysis

9

Tor Networks

10

Tor Networks

11

Tor Networks

12

Local Windows Account Hijacking

QUESTIONS?

References/Sources/Tools Vmware Workstation 6.0 Beta WYSIWYG Web Builder 4.1 Grandma’s Lamp v1.0.0 PhProxy 0.5 Beta Microsoft Windows XP Professional Microsoft Office 2007 Trial Web Bug Howto from http://ha.ckers.org/webbug.html EFF from http://tor.eff.org