|
Boost Users : |
Subject: [Boost-users] [boost-user][asio] is packet analysis feasible, and if so how to proceed (references for learning about it needed)
From: Ted Byers (r.ted.byers_at_[hidden])
Date: 2011-04-12 15:33:58
I am investigating the possibility of developing something like a web-shield
using boost::asio.
What I mean is this. One vulnerability for ecommerce sites is that a
session may be hijacked once a user has been validated. Someone intent on
fraud may then use that session for a variety of different kinds of fraud.
I expect that the lowest level IP address has to be the actual machine
making each request (otherwise the attacker would not be able to get the
responses to requests he's made), and that one of the things a fraudster may
be doing is falsifying the IP addresses in HTTP headers. I also expect some
may be using proxy servers to hide their real identity or location.
The first thing I need to learn about is whether there are classes or
structs defined within asio that facilitate getting packets in a form that
would support the sort of packet analysis that may be useful. I would
suppose I would need to make a set of classes that collects HTTP headers, to
ease examining them particularly for IP data. Ideally, I'd like to be able
to examine each major OSI layer (in part, just to learn how they work in
real life). And I' like to try to examine the route by which a given HTTP
request as arrived at the server that is to handle it, if that is at all
possible. And, I'd like to investigate what sorts of patterns ought to be
considered with a view toward detecting any form of misbehaviour a fraudster
may resort to.
If any of this proves feasible, I'd like to create an intelligent 'shield'
based on asio that receives incoming http traffic, examines it for
misconduct, and if no such behaviour is found just forward the request on to
the real server, and if there is evidence of misbehaviour, redirect the user
to either static advertizing pages or whatever challenge-response system a
merchant may want to try to use in order to reduce his vulnerability to
online fraud.
I have yet to see any ecommerce software that tries to protect both
consumers and merchants from online fraud in this manner, and have spent
much of my time writing code that tries to detect fraud, among other
problems, after the fact. But it is such a costly process for some
merchants, I would like to become more pro-active, to try to prevent it.
Alas, although I have written plenty of quantitative code, I have no
experience with network programming in C++, so I don't really know what is
feasible (but being an R&D kind of guy, I have no qualms about trying to
learn stuff that is new to me ;-)
Any insights into what is available and what is possible (with URLs to
useful resources) would be greatly appreciated.
Thanks
Ted
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net