NSF PAR Search | NSF Public Access Repository

In the Line of Fire: Risks of DPI-triggered Data Collection

https://doi.org/10.1145/3607505.3607526

Mirian, Ariana; Ukani, Alisha; Foster, Ian; Akiwate, Gautam; Halicioglu, Taner; Moore, Cynthia T.; Snoeren, Alex C.; Voelker, Geoffrey M.; Savage, Stefan (August 2023, Proceedings of the 16th Cyber Security Experimentation and Test Workshop)

Cybersecurity companies routinely rely on telemetry from inside customer networks to collect intelligence about new online threats. However, the mechanism by which such intelligence is gathered can itself create new security risks. In this paper, we explore one such subtle situation that arises from an intelligence gathering feature present in FireEye's widely-deployed passive deep-packet inspection appliances. In particular, FireEye's systems will report back to the company Web requests containing particular content strings of interest. Based on these reports, the company then schedules independent requests for the same content using distributed Internet proxies. By broadly scanning the Internet using a known trigger string we are able to reverse engineer how these measurements work. We show that these side-effects provide a means to empirically establish which networks and network links are protected by such appliances. Further, we also show how to influence the associated proxies to issue requests to any URL.

Full Text Available

Search for: All records