SOCKs as a Service and Botnet Discovery

On the internet, no one knows you’re a dog, but they know that you are accessing their website from an IP announced by an ASN that belongs to an ISP on the East Coast of the United States. As the DOM renders a piece of third party fraud detection, javascript runs and collects details about local time, flash, etc, creating a finger print for your browser. It also takes a look at your IP address to see if it is a reasonable match to the zip code associated with the credit card you’re using and possibly confirming that it matches the netblock you frequently login from. This second component, access to secure sockets (SOCKS) in ISP networks and other netblocks, is the topic covered in this presentation. We will cover the market for SOCKs, including vendors and pricing models, as well as a botnet that we came across when monitoring SOCKs markets


Chris Baker is an Internet cartographer, data analyst, and wanderlust researcher at Dyn, where he is responsible for an array of data analysis and research projects ranging from trends in the DNS to Internet measurement and infrastructure profiling. Previously, Chris worked at Fidelity Investments as a senior data analyst. He graduated from Worcester Polytechnic Institute with a master’s degree in system dynamics and a bachelor’s degree in management of information systems and philosophy.

Print Friendly, PDF & Email
Christopher Baker

Christopher Baker

Principal of Threat Intelligence at Dyn
Christopher Baker
Christopher Baker

Latest posts by Christopher Baker (see all)