Check out the new USENIX Web site. next up previous
Next: Results Up: Protecting CoDeeN Previous: Privilege Separation

Effectiveness of the Solutions


We have received a handful of queries/complaints from system administrators at the local PlanetLab sites, and all but one have been false alarms. Most queries have been caused by system administrators or others using/testing the proxies, surfing through them, and then concluding that they are open proxies.

We have been using CoDeeN daily, and have found that the security restrictions have few effects for local users. Using non-Princeton nodes as our forward proxy, we have found that the restrictions on licensed sites can be overly strict at times. We expect that in the future, when we bounce such requests to completely unprivileged proxies, the special handling for those sites will not be noticeable. These bounced requests will obtain the privilege level of those proxies (i.e., no subscriptions), and will be able to access unrestricted portions of those sites. By changing the configuration information, we have also been able to use CoDeeN as an outside user would see it. Even on our high-speed links, the request rates limits have not impacted our daily browsing.

Restricting outside users from using POST does not appear to cause significant problems in daily use. Searches are commonly handled using the GET method instead of the POST method, and many logins are being handled via HTTPS/SSL, which bypasses the proxy. The most noticeable restrictions on outsiders using POST has been the search function on Amazon.com and some chat rooms. Over two months, local users have generated fewer than 300 POST requests, with the heaviest generator being software update checkers from Apple and Microsoft.

Our security measures have caused some confusion amongst malicious users, and they could not figure out whether or not CoDeeN is a network of real ``open'' proxies. We routinely observe clients testing proxies and then generating requests at very high rates, sometimes exceeding 50K reqs/hour. However, rarely do CoDeeN nodes see more than 20K valid reqs/hour. Some clients have generated over a million unsuccessful requests in stretches lasting longer than a day.



next up previous
Next: Results Up: Protecting CoDeeN Previous: Privilege Separation
Vivek Pai
2004-05-04