Upload
pednekar-prajakta
View
1.724
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Final Pune university's B.E project presentation
Citation preview
Intelligent Adware Blocker
By : - Sonal Kamble (B 3208528) - Chaitali Magdum (B 3208537) - Aditi Pantoji (B 3208546) - Prajakta Pednekar (B 3208550)
Sponsored by : Symantec Corporation
External Guide: Internal Guide: Mr. Vikram Saurabh Mr. Harshad Wadkar
04/12/23 1Intelligent Adware Blocker
04/12/23 Intelligent Adware Blocker 2
Project Problem Statement:
To develop Intelligent Adware Blocker
Project Problem Statement Description:•Pop-up blocking application sits between client and server.
•It sniffs the traffic and applies policies before rendering it to the client and the
client will not be aware about this.
•The policies applied should be based on predefined categories read by the
application from database and user defined policies can also be added to it.
•User defined policies can depend on certain predefined keywords and regular
expressions. Predefined categories like bank, pornography, social media etc.
Area/Domain: Internet Security
• Adware or advertising-supported software is any software package which automatically plays, displays or downloads advertisements to a computer.• Adware, by itself, is harmless however some adware may come with integrated spyware such as key loggers and other privacy-invasive software.
What is Adware ?
04/12/23 3Intelligent Adware Blocker
Need of Adware Blocker Application
• Adware Blocker application will be used to block Adware which can be in the form of Pop-up and Pop-under which we come across while accessing many websites.
• Pop-up and pop-under blocker which comes along with Browsers like Internet Explorer, Mozilla blocks all categories of pop-ups and pop-unders.
• There can be various categories like sports, news, shares, banking etc. So these pop-up and pop-under blocker will not provide facility of selecting which category of pop-up to allow and to deny.
• Hence to provide facility of category selection we require Adware Blocker.
04/12/23 Intelligent Adware Blocker 4
04/12/23 Intelligent Adware Blocker 5
Client Server
ServerClient
ServerClient
HTTP Request
HTTP Request
HTTP Response
HTTP Response + Adware
Adware Blocker
HTTP Request HTTP Request
HTTP Response + Adware
HTTP Response
Ideal scenario
Actual scenario
Scenario in Project
Modes of Operation
IDS mode - Squid proxy server- Snort
IPS mode- Snort_inline
Bypass mode
04/12/23 Intelligent Adware Blocker 6
04/12/23 Intelligent Adware Blocker 7
Back
Packet Flow diagram IDS mode
04/12/23 Intelligent Adware Blocker 8
Intelligent Adware Blocker IDS Mode
04/12/23 Intelligent Adware Blocker 9
Back
Packet Flow diagram IPS mode
Intelligent Adware Blocker IPS Mode
04/12/23 Intelligent Adware Blocker 10
Squid Proxy Server• Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher,
and HTTP data objects.
• Steps required to use Squid Downlad and Install Squid
Configure Squid
acl bad_pc src 172.16.32.48
acl good dstdomain .google.com
http_access allow good
http_access deny bad_pc
Restart squid service
Monitoring User Access The access information gets stored in the access.log file.
04/12/23 Intelligent Adware Blocker 11Back to previous slide
Transparent Squid Proxy• Modify Squid.conf http_port 3128 transparent• iptables -F• iptables -t nat -F
# set this system as a router for Rest of LAN• iptables --table nat --append POSTROUTING --out-interface eth1 -j
MASQUERADE• iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN• iptables -A INPUT -i eth0 -j ACCEPT• iptables -A OUTPUT -o eth0 -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
• iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j ACCEPT
# if it is same system• iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-
port 3128
04/12/23 Intelligent Adware Blocker 12
04/12/23 Intelligent Adware Blocker 13
Back
Snort
• Snort is a signature detection-based intrusion detection system (IDS) issues an alert when network traffic matches a signature in the dataset.
• Snort can be used as a packet sniffer to capture traffic from the network, as a packet logger to save packets to a file or database, or as an IDS.
04/12/23 Intelligent Adware Blocker 14
Back to previous slide
Snort IDS mode
04/12/23 Intelligent Adware Blocker 15
• IDS (Intrusion Detection System):-• An intrusion detection system (IDS) is a device or software application that
monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.
• Modes of Snort IDS:- Sniffer mode Packet logger mode NIDS mode
• Snort IDS rule generation alert tcp any 80 -> any any (content:”uim”; msg :“uim popup”; sid:1001;)
• Command to run snort in IDS mode snort –dev –i eth0 –l /var/log/snort –c /etc/snort/rules/ids.rules
• Report Generation IDS mode
04/12/23 Intelligent Adware Blocker 16
Using Dom parser (ids.rules)
Back
04/12/23 Intelligent Adware Blocker 17
Back
Snort IPS mode
• IPS (Intrusion Prevention System):
• The main functions of “intrusion prevention systems’’ are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.
• To make snort work as IPS it has to be configured in either of the 3 modes:
1. Flexible response
2. Snort_inline
3. SnortSam
04/12/23 Intelligent Adware Blocker 18
Back to previous slide
Snort_inline dependency packages
1. libipq
2. iptables-dev
3. libpcreflex
4. bison 1.2.1
5. Libpcap 0.7.2
6. Pcre
7. libdnet
8. libnet
9. libnet filter-queue-dev
10. dnet
04/12/23 Intelligent Adware Blocker 19
Topology Required For Snort_Inline (IPS)
04/12/23 Intelligent Adware Blocker 20
Steps to implement snort_inline• Implement Bridge.• Installation of required packages for snort_inline.• Install and Configure snort_inline with mysql facility.
• Apply Iptable rules:iptables –A INPUT –p icmp –j QUEUEiptables –A FORWARD –p tcp –dport 80 –j QUEUE
• Write rule in local.rules (Rule Generation) drop tcp any 80 -> any any (content :“google”; msg :“response from google”;
sid:1001;)
• Apply Snort_inline rule:snort_inline – dev –c /etc/snort_inline/rules/ips.rules -Q -l /var/log/snort_inline
• Report Generation IPS mode04/12/23 Intelligent Adware Blocker 21
04/12/23 Intelligent Adware Blocker 22
(ips.rules)
(ips.rules)Using dom parser
Back
04/12/23 Intelligent Adware Blocker 23
Back
04/12/23 Intelligent Adware Blocker 24
Technologies used:
• JAVA ( servlet ) for application controller
•jsp ( java server pages) and HTML for frontend
•Java script (For form validations)
•Perl script ( To store entries of Squid’s access.log into database table )
•Shell script ( To start and stop Snort, Snort inline and Squid’s services )
( To apply iptables rules according to modes )
Operating System: Ubuntu 10.10
Requirements for developing the system• Hardware Desktop PC’s or Laptops with Intel Pentium based x86 processor Desktop PC with two NIC cards Hard line/Wired internet connection Switch(To implement Snort_inline)
• Software Snort (IDS) 2.8.52 with Mysql facility Snort_inline and its dependency packages Squid Proxy Server 2.7 MySQL_Server 5.1.49 MySQL_Client 5.1.49 Apache Tomcat 6.0.32 web server gcc 4.4.5 and gdb 7.2 to compile and debug code JDK 1.6 sed 4.2.1 Browser software (Mozilla Firefox, Chromium, Epiphany)
04/12/23 Intelligent Adware Blocker 25
Requirements for using the system
• Hardware Desktop PC’s or Laptops with Intel Pentium based x86 processor Hard line/Wired internet connection
• Software Browser software (Mozilla Firefox, Chromium, Epiphany,
Internet Explorer) Operating system for client machine (Linux or windows) Operating system for server machine (Linux)
04/12/23 Intelligent Adware Blocker 26
View Log
LogBook.xslx
http://cumminsit14symantec.blogspot.com
04/12/23 Intelligent Adware Blocker 27
References
• Squid: the definitive guide - by Duane Wessel
• Snort: IDS and IPS toolkit - by Jay Beale, Andrew R. Baker
• Snort cookbook - by Angela Orebaugh, Simon Biles, Jacob Babbin
• Shell Scripting : Beginning Linux Programming by Neil Matthew and Richard Stones
• Bridge Configuration http://www.faqs.org/docs/Linux-HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
• Iptables http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
• Snort_inline• http://openmaniak.com/snort_tutorial_snort.php#ancre-manual
• http://support.avaya.com/css/P8/documents/003915688
04/12/23 Intelligent Adware Blocker 28
AchievementFirst prize in Project Competition
Arranged by
THE INSTITUTION OF ELECTRONICS AND
TELECOMMUNICATION ENGINEERS (IETE).
Held on
16 th April 2011 at AISSMS college of engineering
04/12/23 Intelligent Adware Blocker 29
Acknowledgement:
04/12/23 Intelligent Adware Blocker 30
Mr. Vikram Saurabh (External guide)
Mr. Harshad Wadkar (Internal guide)
Mrs. Madhura Tokekar (HOD)
Mr. Makarand Velankar (Project Coordinator)
Mr. Shripad Tawade
Thank you…
04/12/23 31Intelligent Adware Blocker