I, Dhiraagu proxy server

Now I know quite a few people would wet themselves on hearing of the dirty things one can do to Dhiraagu. I also know quite a few people would risk actually trying what I am about to narrate, so here I begin with a disclaimer.

-----
Disclaimer: The information presented in this article is mostly for entertainment purposes and whatever educational value it may posses must be the result of some exotic butterfly flapping its wings under the canopy of the Amazon. At no time do I recommend you or any circus animals attempting these and consequently, I take no responsibility for your actions.
-----

If you are a dialup user on Dhiraagu Dhivehinet then every time you dial-in you get an IP address assigned automatically. An IP address is sort of a unique identifier for your computer on the internet. I was setting up an internet dialup connection to Dhiraagu on a friend's computer a few years ago when I wondered what would happen if I were to specify my own IP address in the settings rather than let Dhiraagu automatically assign me. If things were set correctly at Dhiraagu, what I was about to do should not be possible. However, I decided to try it out anyway, hoping that they might have mucked it up.

I decided I would attempt using the IP for the Dhiraagu proxy server, i.e. assign myself the same identity as the web proxy operated by Dhiraagu. As you might already know, all WWW traffic flows through a proxy server if you are a Dhivehinet customer, therefore the proxy server knows what you browse, when you browse and can totally keep tabs on you. Similarly, by assuming myself its identity I should be able to see what the real proxy sees. I should be able to grant myself the same power! Sure enough, as soon as I dialed in with the forced IP, the connection status icon at the bottom of the screen lit up. The received packet count in the connection status window kept on increasing endlessly. I was getting bombarded by the web traffic coming into the proxy! I had successfully assumed its identity. I then disconnected and I sat there with a wicked smile painted on my face, imagining the possibilities this opened up.

Few minutes later, my fingers were flying over the keyboard furiously as I wrote a quick ?n dirty proxy server software. Its purpose was to act as a proxy, logging all the data it receives. I could have done a kazillion fun things to add to that but I resisted the temptation. An hour or so later, I had the proxy program working as I wanted and so went back to dialing in. As soon as my connection got established, the program started displaying the various requests coming in from users on the Dhiraagu network. Less than a minute into the dialup and my program crashed due to overflow. There was too much data! I reprogrammed bits to fix the issue and went back on, logging data for about 5 minutes before disconnecting.

I opened up the log file created by my program and analyzed the various connection attempts. By the end of going over the log, I had another reason to be quite amused. The log indicated that about 75% of all requests I had intercepted was for pornographic websites. This was proof that much of the Maldivian internet users used the internet for porn!!

Anyway, this "flaw" gives rise to a whole set of opportunities. I could impersonate any server on Dhiraagu. I could become one of their FTP servers and start logging username/passwords. I could become one of the web servers and start serving rogue web pages. I could become the email server and log username/password as people attempt to check mail. The possibilities were almost endless...

I have mailed Dhiraagu several times over the years regarding this issue but never received a reply. Sadly, this was still working about 6 months ago according to a friend who tried it. However, it may have been fixed in the recent endeavor by Dhiraagu to improve the security in their networks.


UPDATE (11-09-2005):
I just received a log from "Fatty" of Digitial Squid that re-confirms what I revealed in the article. Thanks Fatty!

Below is a screenshot of the captured traffic in Ethereal where I have placed a "http" filter to list only the web traffic. On the right side, it shows the various websites people are browsing and on the left of that is the associated IP address requesting that particular page. It is interesting to note that 53 percent of the requests are for porn :-)

For the technical lot who are keen to see the actual Ethereal capture, HERE is the log that Fatty provided me with.


Captured data on Ethereal when posing as Dhiraagu proxy

Trackbacks

  1. No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. No comments

Add Comment


HTML-Tags will be converted to Entities.
Standard emoticons like :-) and ;-) are converted to images.
To leave a comment you must approve it via e-mail, which will be sent to your address after submission.