RPAT - Realtime Proxy Abuse Triangulation

From: Stephen Friedl (steve@unixwiz.net)
Date: 12/20/02

  • Next message: Gordon Chamberlin: "hpd, afb, sc, and sn"
    Date: Fri, 20 Dec 2002 08:17:15 -0800
    From: Stephen Friedl <steve@unixwiz.net>
    To: incidents@securityfocus.com
    
    

    Hello list,

    This isn't exactly an "incident", but it was suggested that I post this here.

    I've developed a technique for tracking down abusers of rotating proxy
    servers:

            RPAT - Realtime Proxy Abuse Triangulation

            http://www.unixwiz.net/rpat/

    The short description: when an "attack" is observed, query the source
    via SNMP and suck down the netstat table to see who's talking to the
    proxy. Over time and enough different sources, one can "triangulate"
    back to the abuser.

    There are plenty of caveats, but I believe the technique is original.
    The writeup includes the perl source code.

    Happy holidays, all.

    Steve

    ---
    Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561
    www.unixwiz.net | I speak for me only | KA8CMY | steve@unixwiz.net

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com



    Relevant Pages

    • Photovoltaic Maximum Power Point Tracking
      ... Dose anyone know what kind of technique for maximum power point tracking is the most widely used in industry? ...
      (comp.soft-sys.matlab)
    • Re: LED coaster
      ... Thanks for tracking that down. ... be fiddly to integrate exactly their technique with the current ... scanning circuitry. ...
      (sci.electronics.design)
    • tracking moving objects
      ... Does anyone know where I can find source code or a more specific description for the implementation of the technique for the tracking of moving objects that is described in the article ...
      (sci.image.processing)
    • tracking moving objects in traffic surveillance images
      ... Does anyone know where I can find source code or a more specific description for the implementation of the technique for the tracking of moving objects that is described in the article ...
      (comp.dsp)
    • tracking moving objects in traffic surveillance images
      ... Does anyone know where I can find source code or a more specific ... description for the implementation of the technique for the tracking ... "Detecting and Tracking Moving Objects for Video Surveillance" IEEE ...
      (comp.graphics.algorithms)