SOCKs as a Service and Botnet Discovery
On the internet, no one knows you’re a dog, but they know that you are accessing their website from an IP announced by an ASN that belongs to an ISP on the East Coast of the United States. As the DOM renders a piece of third party fraud detection, javascript runs and collects details about local time, flash, etc, creating a finger print for your browser. It also takes a look at your IP address to see if it is a reasonable match to the zip code associated with the credit card you’re using and possibly confirming that it matches the netblock you frequently login from. This second component, access to secure sockets (SOCKS) in ISP networks and other netblocks, is the topic covered in this presentation. We will cover the market for SOCKs, including vendors and pricing models, as well as a botnet that we came across when monitoring SOCKs markets
Chris Baker is an Internet cartographer, data analyst, and wanderlust researcher at Dyn, where he is responsible for an array of data analysis and research projects ranging from trends in the DNS to Internet measurement and infrastructure profiling. Previously, Chris worked at Fidelity Investments as a senior data analyst. He graduated from Worcester Polytechnic Institute with a master’s degree in system dynamics and a bachelor’s degree in management of information systems and philosophy.