论文信息 - The Gh 0 st in the Shell : Network Security in the Himalayas

The Gh 0 st in the Shell : Network Security in the Himalayas

The town of Dharamsala in the Himalayas of India harbors not only the Tibetan government in-exile, but also a very unique Internet community operated by AirJaldi. The combination of high-profile clientele and naive users makes for a very interesting setting from a network security standpoint. Using packet capture and network intrusion detection systems (NIDS), we analyze the security of the network. Given the sensitive history between China and Tibet, and the general public’s penchant to support the freedom of Tibet, it would not be surprising for the Chinese government to be interested in the activities of the community in-exile. Therefore, we also look for evidence of malware targeted at this unique user-base. In our work, we find significant amounts of malicious activity in the traffic, including a solid link to a previously discovered highprofile spy network operated in China.

[1] Robert N. M. Watson,et al. Ignoring the Great Firewall of China , 2006, Privacy Enhancing Technologies.

[2] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[3] Zhuoqing Morley Mao,et al. Toward understanding distributed blackhole placement , 2004, WORM '04.

[4] Vinod Yegneswaran,et al. Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.

[5] Vern Paxson,et al. Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[6] Vern Paxson,et al. Detecting Forged TCP Reset Packets , 2009, NDSS.

[7] Somesh Jha,et al. Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[8] Anja Feldmann,et al. Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection , 2006, USENIX Security Symposium.

[9] Michael E. Lesk,et al. The New Front Line: Estonia under Cyberassault , 2007, IEEE Security & Privacy.

[10] Ross J. Anderson,et al. The snooping dragon: social-malware surveillance of the Tibetan movement , 2009 .

[11] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .