Upload
galya
View
33
Download
1
Embed Size (px)
DESCRIPTION
Industry Capability LINX Traceability Best Current Practice. Keith Mitchell [email protected] Executive Chairman London Internet Exchange ACPO Scotland Internet Awareness Seminar 8th Nov 1999. Overview. Background, History, Motivation Principles IP addresses Dial-up users Applications - PowerPoint PPT Presentation
Citation preview
Industry CapabilityIndustry CapabilityLINX TraceabilityLINX Traceability
Best Current PracticeBest Current Practice
Keith [email protected]
Executive Chairman
London Internet Exchange
ACPO Scotland Internet Awareness Seminar
8th Nov 1999
OverviewOverview
• Background, History, Motivation
• Principles
• IP addresses
• Dial-up users
• Applications
• Domain Name System
LINX ExperiencesLINX Experiences
• LINX is UK national Internet Exchange Point (IXP)
• 5 years old today !
• Brings together and represents88 largest UK/EU ISPs
• Also performs self-regulatory “non-core” activities
Industry CapabilitiesIndustry Capabilities
• Much work originated and motivated by ACPO/ISP/Government forum
• Two important documents
• Industry Capabilities– see www.ispa.org.uk
• Traceability BCP– today’s talk
LINX Non-Core ActivitiesLINX Non-Core Activities
• Content Regulation– Illegal material
• Law Enforcement– Helping investigations
• UBM Regulation– “spam”
• Telecomms Regulation– Oftel
LINX & RegulationLINX & Regulation
• Funding, and policy & management oversight of Internet Watch
• Defines “good practice”, but only mandatory requirements concern IXP
• Becoming involved in network abuse• 3 Best Current Practice documents
published earlier this year:
http://www.linx.net/noncore/bcp/
LINX BCP DocumentsLINX BCP Documents
• Published:– Traceability– Illegal Material– Unsolicited E-mail (UBE = “spam”)
• Planned:– Internet User Privacy– Direct E-mail use
Internet Watch FoundationInternet Watch Foundation
• Voluntary funding from large ISPs directly, and small/medium via associations
• Operates hot-line for reporting illegal material - 0845 600 8844
• Working on content rating schemes (ICRA, INCORE projects)
• http://www.internetwatch.org.uk
Key IWF PrincipleKey IWF Principle
• UK ISPs supporting IWF are not held responsible for illegal content on their systems, provided:– it was placed there by customers– they have no prior knowledge of it – they take appropriate action when
they do learn of it• n.b This is an informal agreement, not
upheld by UK law
TraceabilityTraceability
• Principle of who did what & when on the Internet
• Key element of making individuals responsible for their actions
• Rest of talk outlines contents of LINX “Best Common Practice” document for ISP industry
Uses of TraceabilityUses of Traceability
• Finding out sources of:– Illegal content
(e.g. paedophile material)
– Denial of Service attacks
– Unsolicited Bulk Messaging (“spam”)
– Hacking, fraudulent access
Traceability in PracticeTraceability in Practice• Complete knowledge is 100%
possible in theory
• but practice will fall short of this
• BCP document defines how to make practice closer to theory
• Traceability is currently exception– ideally the norm– legitimate anonymity an exception
Traceability ObstaclesTraceability Obstacles
• Vendor support
• Passing information between ISPs and carriers, e.g.– across national borders– caller id
• Unregistered trial etc accounts
• 3rd party relaying (e-mail)
IP AddressesIP Addresses• All Internet activity has to come
from some IP address– Starting point of any tracing exercise
• Need to map from this through:– domain name system– one or more ISPs– authentication system– public telephone network
• to user
IP Address SpoofingIP Address Spoofing
• Need to ensure traffic is coming from where its source address claims - easy to fake
• Most applications require duplex communication, so spoof abuse scope limited:– Denial of Service attacks– “Single shot” attacks– Session sequence number interpolation
Spoof PreventionSpoof Prevention• Static source address filters:
– between backbone and “edge” routers in ISP’s backbone
– performance impact– hard to scale elsewhere, e.g.
between providers
• Dynamic filters:– per-user per dial-in session
• More info in RFC 2267
Dial-up UsersDial-up Users
• Use of per-session dynamic IP address allocation is efficient
• but makes traceability harder
• User accounts and access numbers common to many dial-in routers
• Need to reliably map from:– (IP address, time) to (user)
Dial-in AuthenticationDial-in Authentication
• RADIUS authentication logs usually have info required, but:– need time synchronisation (NTP)– records can be lost (UDP)– vendor record format variations
• Alternatives include:– syslog, dynamic DNS, finger/telnet,
SNMP
Unregistered UsersUnregistered Users
• e.g.– free trials– “pay as you go” services– public access terminals
• Pose particular traceability problems
• but there are ways to offer these services with safeguards
De-Anonymising UsersDe-Anonymising Users
• Credit card check
• Voice phone call back
• Fax phone call back
• Avoid shared accounts
• Digital certificates
• Caller Id or CLI
Caller Id (CLI)Caller Id (CLI)
• Ideally phone number being used to make modem call passes through telephony carriers and dial-in router to ISP’s logfiles
• Some issues in practice:– carriers– router vendors– users
Caller Id IssuesCaller Id Issues
• Not all carriers present full CLI– regulatory intervention needed ?
• Not all dial-in routers:– accept or log CLI– differentiate withheld vs unavailable
• ISPs who are not carriers get user (possibly modified) CLI rather than network CLI
““Pay as you go” ServicesPay as you go” Services
• e.g. BTclick, FreeServe et al
• Need to be able to:– require and log CLI– block payphone, international,
prepaid calls– maintain frequent abuser phone
number blacklist– identify IP address ranges used for
this
E-Mail TraceabilityE-Mail Traceability
• Very easy to make e-mail untraceable via fake headers
• Default config of many mail servers dumb in this respect
• Some routine precautions can tackle this
• Modern servers which are wise to this are available
E-mail Server ConfigE-mail Server Config• Make sure actual IP addresses are
stamped on headers
• Disable 3rd-party relaying !
• Consider using SMAP, Exim software
• Source filter which IP addresses can connect to SMTP port
• Domain Name verification– valid ?– forward/reverse match ?
USENET News ServersUSENET News Servers
• Always add X-NNTP-Posting-Host: header
• Restrict posting from customer addresses only
• Heavily restrict use of mail2news– Always add X-Mail2news: header
• Importance of synchronised & verified time/date stamping
Domain Name ServersDomain Name Servers
• in-addr address to name mapping critical when tracing
• important to ensure server security
• in theory dynamic DNS update could insert user name into reverse lookup for session duration - hard in practice
User PrivacyUser Privacy
• Laws to protect privacy of ISPs’ customers must be respected– e.g. ECHR, Data Protection Acts, IOCA
• “Big Brother” PR is bad both for business and co-operation
• LINX has set up Internet User Privacy Forum to engage in constructive dialog with activtists
• See http://www.iupf.org.uk
Possible Future WorkPossible Future Work
• Inter-provider issues
• IRC & “chat”
• Corrections, improvements
• Feedback welcome !
ConclusionsConclusions
• You can’t solve the whole problem
• ..but straightforward measures can make a big difference
• Legal protection of legitimate users’ privacy must be addressed
• The industry can take a responsible lead throughco-operation