Dissecting Darknets: Measurement and Performance Analysis
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Combining Bittorrent with Darknets for P2P Privacy
Combining Bittorrent with Darknets for P2P privacy Öznur Altintas Niclas Axelsson Abstract Over the last few years, traditional downloading of programs and application from a website has been replaced by another medium - peer to peer file sharing networks and programs. Peer- to-peer sharing has grown to tremendous level with many networks having more then millions of users to share softwareʼs, music files, videos and programs etc. However, this rapid growth leaves privacy concerns in its awake. P2P applications disable clients to limit the sharing of documents to a specific set of users and maintain their anonymity. Using P2P applications like BitTorrent exposes clientsʼ information to the other people. OneSwarm is designed to overcome this privacy problem. OneSwarm is a new P2P data sharing system that provides users with explicit, configurable control over their data. In this report, we will discuss briefly Darknets and privacy terms, and mainly how OneSwarm solves privacy problem while providing good performance. Introduction For a better understanding of this report, we begin with the explanation of some terms such as Darknets and privacy and brief background information underlies the idea of OneSwarm. Darknet—a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on existing networks. Examples of Darknets are peer-to-peer file sharing, CD and DVD copying and key or password sharing on email and newsgroups. When used to describe a file sharing network, the term is often used as a synonym for "friend-to-friend", both describing networks where direct connections are only established between trusted friends. -
The Internet Organised Crime Threat Assessment (IOCTA) 2015
The Internet Organised Crime Threat Assessment (IOCTA) 2015 2 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 3 TABLE OF FOREWORD 5 CONTENTS ABBREVIATIONS 6 EXECUTIVE SUMMARY 7 KEY FINDINGS 10 KEY RECOMMENDATIONS 12 SUGGESTED OPERATIONAL PRIORITIES 15 INTRODUCTION 16 MALWARE 18 ONLINE CHILD SEXUAL EXPLOITATION 29 PAYMENT FRAUD 33 SOCIAL ENGINEERING 37 DATA BREACHES AND NETWORK ATTACKS 40 ATTACKS ON CRITICAL INFRASTRUCTURE 44 CRIMINAL FINANCES ONLINE 46 CRIMINAL COMMUNICATIONS ONLINE 50 DARKNETS 52 BIG DATA, IOT AND THE CLOUD 54 THE GEOGRAPHICAL DISTRIBUTION OF CYBERCRIME 57 GENERAL OBSERVATIONS 62 APPENDICES 67 A1. THE ENCRYPTION DEBATE 67 A2. AN UPDATE ON CYBER LEGISLATION 70 A3. COMPUTER CRIME, FOLLOWED BY CYBERCRIME FOLLOWED BY …. ROBOT AND AI CRIME? 72 4 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 FOREWORD These include concrete actions under the three main mandated Threat Assessment (IOCTA), the annual presentation of the areas – child sexual exploitation, cyber attacks, and payment I am pleased to present the 2015 Internet Organised Crime fraud – such as targeting certain key services and products Centre (EC3). offered as part of the Crime-as-a-Service model, addressing the cybercrime threat landscape by Europol’s European Cybercrime growing phenomenon of live-streaming of on-demand abuse of children, or targeted actions with relevant private sector partners ofUsing cybercrime the 2014 for report the asperiod a baseline, under this consideration. assessment Itcovers offers the a cross-cutting crime enablers such as bulletproof hosting, illegal viewkey developments, predominantly changes from a lawand enforcement emerging threats perspective in the based field tradingagainst onlinesites on payment Darknets fraud. -
Darknet As a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks
Darknet as a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks Claude Fachkha A Thesis in The Department of Electrical and Computer Engineering Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at Concordia University Montreal, Quebec, Canada November 2015 c Claude Fachkha, 2015 CONCORDIA UNIVERSITY SCHOOL OF GRADUATE STUDIES This is to certify that the thesis prepared By: Claude Fachkha Darknet as a Source of Cyber Threat Intelligence: Entitled: Investigating Distributed and Reflection Denial of Service Attacks and submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy complies with the regulations of the University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: 'U'HERUDK'\VDUW*DOH Chair 'U0RKDPPDG=XONHUQLQH External Examiner 'U-RH\3DTXHW External to Program 'U5DFKLGD'VVRXOL Examiner 'U5RFK+*OLWKR Examiner 'U0RXUDG'HEEDEL Thesis Supervisor Approved by 'U$EGHO5D]LN6HEDN Chair of Department or Graduate Program Director 'U$PLU$VLI Dean of Faculty ABSTRACT Cyberspace has become a massive battlefield between computer criminals and com- puter security experts. In addition, large-scale cyber attacks have enormously ma- tured and became capable to generate, in a prompt manner, significant interruptions and damage to Internet resources and infrastructure. Denial of Service (DoS) attacks are perhaps the most prominent and severe types of such large-scale cyber attacks. Furthermore, the existence of widely available encryption and anonymity techniques greatly increases the difficulty of the surveillance and investigation of cyber attacks. In this context, the availability of relevant cyber monitoring is of paramount im- portance. -
Unveiling the I2P Web Structure: a Connectivity Analysis
Unveiling the I2P web structure: a connectivity analysis Roberto Magan-Carri´ on,´ Alberto Abellan-Galera,´ Gabriel Macia-Fern´ andez´ and Pedro Garc´ıa-Teodoro Network Engineering & Security Group Dpt. of Signal Theory, Telematics and Communications - CITIC University of Granada - Spain Email: [email protected], [email protected], [email protected], [email protected] Abstract—Web is a primary and essential service to share the literature have analyzed the content and services offered information among users and organizations at present all over through this kind of technologies [6], [7], [2], as well as the world. Despite the current significance of such a kind of other relevant aspects like site popularity [8], topology and traffic on the Internet, the so-called Surface Web traffic has been estimated in just about 5% of the total. The rest of the dimensions [9], or classifying network traffic and darknet volume of this type of traffic corresponds to the portion of applications [10], [11], [12], [13], [14]. Web known as Deep Web. These contents are not accessible Two of the most popular darknets at present are The Onion by search engines because they are authentication protected Router (TOR; https://www.torproject.org/) and The Invisible contents or pages that are only reachable through the well Internet Project (I2P;https://geti2p.net/en/). This paper is fo- known as darknets. To browse through darknets websites special authorization or specific software and configurations are needed. cused on exploring and investigating the contents and structure Despite TOR is the most used darknet nowadays, there are of the websites in I2P, the so-called eepsites. -
Forensics of Bittorrent
Forensics of BitTorrent Jamie Acorn Technical Report RHUL-MA-2008-04 15 January 2008 Royal Holloway University of London Department of Mathematics Roal Holloway, University of London Egham, Surrey TW20 0EX, England http://www.rhul.ac.uk/mathematics/techreports Forensics of BitTorrent Jamie Acorn Supervisor: John Austin Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway, University of London. I declare that this assignment is all my own work and that I have acknowledged all quotations from the published or unpublished works of other people. I declare that I have also read the statements on plagiarism in Section 1 of the Regulations Governing Examination and Assessment Offences and in accordance with it I submit this project report as my own work. Signature: Date: 1 Table of Contents Table of Contents ................................................................................................... 2 EXECUTIVE SUMMARY........................................................................................ 4 INTRODUCTION.................................................................................................... 5 1.1 What is Bit Torrent and how does it work?.................................................... 5 1.2 The BitTorrent Client..................................................................................... 7 1.3 Legal Issues.................................................................................................. 9 1.4 Security Issues .......................................................................................... -
List of TCP and UDP Port Numbers from Wikipedia, the Free Encyclopedia
List of TCP and UDP port numbers From Wikipedia, the free encyclopedia This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half- duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full- duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number /etc/services, a service name range being unassigned. The Stream Control Transmission Protocol database file on Unix-like operating (SCTP) and the Datagram Congestion Control Protocol (DCCP) also systems.[1][2][3][4] use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[5] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports 3 Registered ports 4 Dynamic, private or ephemeral ports 5 See also 6 References 7 External links Table legend Official: Port is registered with IANA for the application.[5] Unofficial: Port is not registered with IANA for the application. Multiple use: Multiple applications are known to use this port. Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[6] They are used by system processes that provide widely used types of network services. -
List of TCP and UDP Port Numbers 1 List of TCP and UDP Port Numbers
List of TCP and UDP port numbers 1 List of TCP and UDP port numbers This is a list of Internet socket port numbers used by protocols of the Transport Layer of the Internet Protocol Suite for the establishment of host-to-host communications. Originally, these ports number were used by the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), but are also used for the Stream Control Transmission Protocol (SCTP), and the Datagram Congestion Control Protocol (DCCP). SCTP and DCCP services usually use a port number that matches the service of the corresponding TCP or UDP implementation if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[1] However, many unofficial uses of both well-known and registered port numbers occur in practice. Table legend Use Description Color Official Port is registered with IANA for the application white Unofficial Port is not registered with IANA for the application blue Multiple use Multiple applications are known to use this port. yellow Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports. They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports. Port TCP UDP Description Status 0 UDP Reserved Official 1 TCP UDP TCP Port Service Multiplexer (TCPMUX) Official [2] [3] -
Design and Implementation of a Bittorrent Tracker Overlay for Swarm Unification
ICNS 2011 : The Seventh International Conference on Networking and Services Design and Implementation of a BitTorrent Tracker Overlay for Swarm Unification Calin-Andrei˘ Burloiu, Razvan˘ Deaconescu, Nicolae T, apus˘ , Automatic Control and Computers Faculty Politehnica University of Bucharest Emails: [email protected],frazvan.deaconescu,[email protected] Abstract—The deployment of the BitTorrent protocol in the slots, geolocation and general behavior (aggressiveness, entry– early 2000s has meant a significant shift in Peer-to-Peer tech- exit time interval, churn rate). nologies. Currently the most heavily used protocol in the Internet The context in which a BitTorrent content distribution core, the BitTorrent protocol has sparked numerous implementa- tions, commercial entities and research interest. In this paper, we session takes place is defined by a BitTorrent swarm which is present a mechanism that allows integration of disparate swarms the peer ensemble that participate in sharing a given file. It is that share the same content. We’ve designed and implemented a characterized by the number of peers, number of seeders, file novel inter-tracker protocol, dubbed TSUP, that allows trackers size, peers’ upload/download speed. swarm, one that allows to share peer information, distribute it to clients and enable rapid content distribution to peers, is generally defined by a swarm unification. The protocol forms the basis for putting together small swarms into large, healthy ones with reduced good proportion of seeders and stable peers. We define stable performance overhead. Our work achieves its goals to increase peers as peers that are part of the swarm for prolonged periods the number of peers in a swarm and proves that the TSUP of time. -
Bittorrent Darknets Chao Zhang, Prithula Dhungel, Di Wu, Zhengye Liu and Keith W
BitTorrent Darknets Chao Zhang, Prithula Dhungel, Di Wu, Zhengye Liu and Keith W. Ross Woonhak Kang 2010. 11. 04 VLDB Lab. [email protected] Contents • Introduction • BitTorrent (Background) § Architecture and Term. § Public and Private torrent sites • Overview of BitTorrent Darknets Operation • Analysis § Macroscopic § Medium-scopic § Microscopic • Conclusion 2 SKKU VLDB Lab. Introduction • Darknet § 비공개 토런트 사이트(private torrent sites) § 가입자에게만 공개 § 초대(inviatation), 사이트 임시 가입기간에 가입 § 사용자의 upload, download 크기를 기록 - up/down 비율을 통해 사용자의 이용제한 - up/down 비율이 높은 유저에게 혜택 • Motivation § 연구분야에서 큰 주목을 받지 못했다. § 독특한 정책 때문에 공개 토런트와 특성이 다르다. § 토런트 전체 시스템의 이해를 위해서는 공개/비공개 모두를 고려할 필요 가 있다 3 SKKU VLDB Lab. Introduction • Analysis § Macroscopic - 800개 이상의 비공개 토런트 분석 - Sharky list 와 Alexa rank 이용 - 전체 토런트 파일, 유저, 피어(peer) 정보 분석 § Medium-scopic - 4개의 인기 비공개 토런트 분석 - 트랙커(trackers), 피어(peer), 유저, 실제 공유파일 분석 - 공개 사이트와 비공개 사이트간의 상관관계 § Microscopic - HDChina 분석 - 유저의 up/down 기록, 활동시간 조사 4 SKKU VLDB Lab. Contents • Introduction • BitTorrent (Background) § Architecture and Term. § Public and Private torrent sites • Overview of BitTorrent Darknets Operation • Analysis § Macroscopic § Medium-scopic § Microscopic • Conclusion 5 SKKU VLDB Lab. BitTorrent (Background) • Bittorrent is a system for efficient and scalable replication of large amounts of static data § Scalable - the throughput increases with the number of downloaders § Efficient - it utilises a large amount of available network bandwidth • The file to be distributed is split up in pieces and an SHA-1 hash is calculated for each piece 6 SKKU VLDB Lab. BitTorrent (Background) • A metadata file (.torrent) is distributed to all peers § Usually via HTTP • The metadata contains: § The SHA-1 hashes of all pieces § A mapping of the pieces to files § trackers reference 7 SKKU VLDB Lab. -
Well-Known Ports
20 & 21: File Transfer Protocol (FTP) 22: Secure Shell (SSH) 23: Telnet remote login service 25: Simple Mail Transfer Protocol (SMTP) 53: Domain Name System (DNS) service 80: Hypertext Transfer Protocol (HTTP) used in the World Wide Web 110: Post Office Protocol (POP3) 119: Network News Transfer Protocol (NNTP) 143: Internet Message Access Protocol (IMAP) 161: Simple Network Management Protocol (SNMP) 443: HTTP Secure (HTTPS) Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports. They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports. Port TCP UDP Description Status 0 UDP Reserved Official 1 TCP UDP TCP Port Service Multiplexer (TCPMUX) Official 2 TCP UDP CompressNET[2] Management Utility[3] Official 3 TCP UDP CompressNET[2] Compression Process[4] Official 4 TCP UDP Unassigned Official 5 TCP UDP Remote Job Entry Official Port TCP UDP Description Status 7 TCP UDP Echo Protocol Official 8 TCP UDP Unassigned Official 9 TCP UDP Discard Protocol Official 10 TCP UDP Unassigned Official 11 TCP UDP Active Users (systat service)[5][6] Official 12 TCP UDP Unassigned Official 13 TCP UDP Daytime Protocol (RFC 867) Official 14 TCP UDP Unassigned Official 15 TCP UDP Previously netstat service[5] Unofficial 16 TCP UDP Unassigned Official 17 TCP UDP Quote of the Day Official 18 TCP UDP Message Send Protocol Official 19 TCP UDP Character Generator Protocol (CHARGEN) Official Port TCP UDP Description Status 20 TCP FTP data transfer Official 21 TCP FTP control (command) Official Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) 22 TCP Official and port forwarding 23 TCP Telnet protocol—unencrypted text communications Official 24 TCP UDP Priv-mail : any private mail system. -
Library Genesis and Sci-Hub
In solidarity with Library Genesis and Sci-Hub In Antoine de Saint Exupéry's tale the Little Prince meets a businessman who accumulates stars with the sole purpose of being able to buy more stars. The Little Prince is perplexed. He owns only a flower, which he waters every day. Three volcanoes, which he cleans every week. "It is of some use to my volcanoes, and it is of some use to my flower, that I own them," he says, "but you are of no use to the stars that you own". There are many businessmen who own knowledge today. Consider Elsevier, the largest scholarly publisher, whose 37% profit margin1 stands in sharp contrast to the rising fees, expanding student loan debt and poverty-level wages for adjunct faculty. Elsevier owns some of the largest databases of academic material, which are licensed at prices so scandalously high that even Harvard, the richest university of the global north, has complained that it cannot afford them any longer. Robert Darnton, the past director of Harvard Library, says "We faculty do the research, write the papers, referee papers by other researchers, serve on editorial boards, all of it for free … and then we buy back the results of our labour at outrageous prices."2 For all the work supported by public money benefiting scholarly publishers, particularly the peer review that grounds their legitimacy, journal articles are priced such that they prohibit access to science to many academics - and all non- academics - across the world, and render it a token of privilege.3 Elsevier has recently filed a copyright infringement suit in New York against Science Hub and Library Genesis claiming millions of dollars in damages.4 This has come as a big blow, not just to the administrators of the websites but also to thousands of researchers around the world for whom these sites are the only viable source of academic materials. -
Ohio Resident Pleads Guilty to Operating Darknet-Based Bitcoin
UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA UNITED STATES OF AMERICA : : v. : Criminal No. 19-cr-395 (BAH) : LARRY DEAN HARMON, : : Defendant. : STATEMENT OF THE OFFENSE AND RELATED CONDUCT I. THE ELEMENTS OF THE OFFENSES Conspiracy To Launder Monetary Instruments: The essential elements of the offense of Conspiracy To Launder Monetary Instruments, in violation of Title 18, United States Code, Section 1956(h), each of which the government must prove beyond a reasonable doubt to sustain a conviction, are: (1) that an agreement existed between two or more people to commit an act in violation of (a) Title 18, United States Code, Section 1956(a)(1)(A)(i), or (b) Title 18, United States Code, Section 1956(a)(1)(B)(i); and (2) that the defendant intentionally joined in that agreement. The essential elements of promotional money laundering, in violation of Title 18, United States Code, Section 1956(a)(1)(A)(i), are: (1) that the defendant knowingly conducted or tried to conduct a financial transaction; (2) that the defendant knew that the money or property involved in the transaction was the proceeds of some kind of unlawful activity; (3) that the money or property did come from an unlawful activity, specifically the felonious manufacture, importation, receiving, concealment, buying, selling, or otherwise dealing in a controlled substance or listed chemical, in violation of Title 21, United States Code, Sections 841(a)(1) and 846; and (4) that the defendant the defendant acted with intent to promote the carrying on of specified unlawful activity, specifically the felonious manufacture, importation, receiving, concealment, buying, selling, or otherwise dealing in a controlled substance or listed chemical, in violation of Title 21, United States Code, Sections 841(a)(1) and 846.