Inflight modifications of content: Who are the culprits?

Chao Zhang, Cheng Huang, Keith W. Ross, David A. Maltz, Jin Li

    Research output: Contribution to conferencePaperpeer-review

    Abstract

    When a user requests content from a cloud service provider, sometimes the content sent by the provider is modified inflight by third-party entities. To our knowledge, there is no comprehensive study that examines the extent and primary root causes of the content modification problem. We design a lightweight experiment and instrument a vast number of clients in the wild to make two additional DNS queries every day. We identify candidate rogue servers and develop a measurement methodology to determine, for each candidate rogue server, whether the server is performing inflight modifications or not. In total, we discover 349 servers as malicious, that is, as modifying content inflight, and more than 1.9% of all US clients are affected by these malicious servers. We investigate the root causes of the problem. We identify 9 ISPs, whose clients are predominately affected. We find that the root cause is not sophisticated transparent in-network services, but instead local DNS servers in the problematic ISPs.

    Original languageEnglish (US)
    StatePublished - 2011
    Event4th USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2011 - Boston, United States
    Duration: Mar 29 2011 → …

    Conference

    Conference4th USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2011
    CountryUnited States
    CityBoston
    Period3/29/11 → …

    ASJC Scopus subject areas

    • Information Systems
    • Artificial Intelligence
    • Computer Science Applications

    Fingerprint Dive into the research topics of 'Inflight modifications of content: Who are the culprits?'. Together they form a unique fingerprint.

    Cite this