Cyber Crime How and Why Hackers Attacks Systems

Only available on StudyMode
  • Topic: Proxy server, IP address, Network address translation
  • Pages : 5 (1647 words )
  • Download(s) : 120
  • Published : January 10, 2013
Open Document
Text Preview
IRJMST Volume 3 Issue 3 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 243
Cyber crime How and Why Hackers attacks Systems - IRJMST
By Jagmender Singh
How and Why Attackers Use Proxies
Masking one's IP address is a standard practice when conducting illicit activities. A well-configured proxy provides robust anonymity and does not log activity, thereby frustrating law enforcement efforts to identify the original location of the person(s) involved. A proxy allows actors to send network traffic through another computer, which satisfies requests and returns the result. Students or employees can use proxies to communicate with blocked services such as Internet Relay Chat (IRC) and instant messaging, or to browse websites that administrators block. Attackers also use proxies because Internet Protocol (IP) addresses are traceable, and they do not want to reveal their true locations. As one example, iDefense wrote about the fast-flux architecture (ID# 484463), which uses a proxy infrastructure to satisfy requests. Proxies are also a common source of spam e-mail messages, which use open relays (a simple mail transfer protocol [SMTP] proxy). Proxies are useful to attackers in many ways. Most attackers use proxies to hide their IP address and, therefore, their true physical location. In this way, attackers can conduct fraudulent financial transactions, launch attacks, or perform other actions with little risk. While law enforcement can visit a physical location identified by an IP address, attackers that use one (or multiple) proxies across country boundaries are more difficult to locate IRJMST Volume 3 Issue 3 Online ISSN 2250 - 1959

International Research Journal of Management Science & Technology http:www.irjmst.com Page 244
(see Exhibit 2-1). The endpoint can only view the last proxy with which it is directly communicating and not any of the intermediary proxies or the original location. Exhibit 2-1: Multiple proxies make identifying the true source of an attack difficult. Proxies provide attackers with a way to lower their risks of investigator identification of their true IP address. In the hypothetical attack displayed in Exhibit 2-1, the victim's log file contains only one of the many IP addresses that investigators need to locate the attacker. Attackers operate free proxies or alter a victim's proxy settings because proxies can serve as a monitoring tool. AnonProxy is one example of a malicious proxy that its authors designed to monitor users and steal information such as social-networking passwords.1 Since a proxy relays traffic, it also has the ability to log and alter sensitive pages or information. Attackers must either convince users or install malicious code to modify proxy settings themselves. Malicious code authors also install local proxies. By altering the host's file or browser configuration to use the proxy, the attacker redirects requests and captures confidential information. Some banking Trojans give attackers the ability to proxy requests through IRJMST Volume 3 Issue 3 Online ISSN 2250 - 1959

International Research Journal of Management Science & Technology http:www.irjmst.com Page 245
the victim's browser because conducting fraud from a legitimate user's IP address is less suspicious. Local proxies are more difficult to identify because the local proxy does not open any network ports and scanning the system will reveal no changes. Types of Proxies

Proxies are so common that many attackers scan the Internet for common listening proxy ports. The most common proxies listen on TCP port 80 (HTTP proxies), 8000, 8081, 443, 1080 (SOCKS Proxy), and 3128 (Squid Proxy), and some also handle User Datagram Protocol (UDP). Attackers who install custom proxies often do not use standard ports but instead use random high ports. Some lightweight proxies are written in scripting languages, which run with an HTTP server and are easier for attackers...
tracking img