• Like
Intelligent adware blocker symantec
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Intelligent adware blocker symantec


Final Pune university's B.E project presentation

Final Pune university's B.E project presentation

Published in Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Intelligent Adware Blocker By : - Sonal Kamble (B 3208528) - Chaitali Magdum (B 3208537) - Aditi Pantoji (B 3208546) - Prajakta Pednekar (B 3208550) Sponsored by : Symantec Corporation External Guide: Internal Guide: Mr. Vikram Saurabh Mr. Harshad Wadkar 06/26/11 Intelligent Adware Blocker
  • 2. 06/26/11 Intelligent Adware Blocker
    • Project Problem Statement:
    • To develop Intelligent Adware Blocker
    • Project Problem Statement Description:
    • Pop-up blocking application sits between client and server.
    • It sniffs the traffic and applies policies before rendering it to the client and the client will not be aware about this.
    • The policies applied should be based on predefined categories read by the application from database and user defined policies can also be added to it.
    • User defined policies can depend on certain predefined keywords and regular expressions. Predefined categories like bank, pornography, social media etc.
    • Area/Domain: Internet Security
  • 3.
    • Adware or  advertising-supported software is any  software  package which
    • automatically plays, displays or downloads advertisements to a computer.
    • Adware, by itself, is harmless however some adware may come with
    • integrated spyware such as key loggers and other privacy-invasive
    • software.
    What is Adware ? 06/26/11 Intelligent Adware Blocker
  • 4. Need of Adware Blocker Application
    • Adware Blocker application will be used to block Adware which can be in the form of Pop-up and Pop-under which we come across while accessing many websites.
    • Pop-up and pop-under blocker which comes along with Browsers like Internet Explorer, Mozilla blocks all categories of pop-ups and pop-unders.
    • There can be various categories like sports, news, shares, banking etc. So these pop-up and pop-under blocker will not provide facility of selecting which category of pop-up to allow and to deny.
    • Hence to provide facility of category selection we require Adware Blocker.
    06/26/11 Intelligent Adware Blocker
  • 5. 06/26/11 Intelligent Adware Blocker Client Server Server Client Server Client HTTP Request HTTP Request HTTP Response HTTP Response + Adware Adware Blocker HTTP Request HTTP Request HTTP Response + Adware HTTP Response Ideal scenario Actual scenario Scenario in Project
  • 6. Modes of Operation
    • IDS mode
    • - Squid proxy server
    • - Snort
    • IPS mode
    • - Snort_inline
    • Bypass mode
    06/26/11 Intelligent Adware Blocker
  • 7. 06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IDS mode
  • 8. 06/26/11 Intelligent Adware Blocker
      • Intelligent Adware Blocker IDS Mode
  • 9. 06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IPS mode
  • 10. Intelligent Adware Blocker IPS Mode 06/26/11 Intelligent Adware Blocker
  • 11. Squid Proxy Server
    • Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects.
    • Steps required to use Squid
    • Downlad and Install Squid
    • Configure Squid
    • acl bad_pc src
    • acl good dstdomain .google.com
    • http_access allow good
    • http_access deny bad_pc
    • Restart squid service
    • Monitoring User Access  The access information gets stored in the access.log file.
    06/26/11 Intelligent Adware Blocker Back to previous slide
  • 12. Transparent Squid Proxy
    • Modify Squid.conf http_port 3128 transparent
    • iptables -F
    • iptables -t nat -F
    • # set this system as a router for Rest of LAN
    • iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
    • iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
    • # unlimited access to LAN
    • iptables -A INPUT -i eth0 -j ACCEPT
    • iptables -A OUTPUT -o eth0 -j ACCEPT
    • # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
    • iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j ACCEPT
    • # if it is same system
    • iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
    06/26/11 Intelligent Adware Blocker
  • 13. 06/26/11 Intelligent Adware Blocker Back
  • 14. Snort
    • Snort is a signature detection-based intrusion detection system (IDS) issues an alert when network traffic matches a signature in the dataset.
    • Snort can be used as a packet sniffer to capture traffic from the network, as a packet logger to save packets to a file or database, or as an IDS.
    06/26/11 Intelligent Adware Blocker Back to previous slide
  • 15. Snort IDS mode
    • IDS (Intrusion Detection System):-
    • An intrusion detection system ( IDS ) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.
    • Modes of Snort IDS:-
    • Sniffer mode
    • Packet logger mode
    • NIDS mode
    • Snort IDS rule generation
    • alert tcp any 80 -> any any (content:”uim”; msg :“uim popup”; sid:1001;)
    • Command to run snort in IDS mode
    • snort –dev –i eth0 –l /var/log/snort –c /etc/snort/rules/ids.rules
    • Report Generation IDS mode
    06/26/11 Intelligent Adware Blocker
  • 16. 06/26/11 Intelligent Adware Blocker Using Dom parser (i ds.rules) Back
  • 17. 06/26/11 Intelligent Adware Blocker Back
  • 18. Snort IPS mode
    • IPS (Intrusion Prevention System):
    • The main functions of “intrusion prevention systems’’ are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.
    • To make snort work as IPS it has to be configured in either of the 3 modes:
    • Flexible response
    • Snort_inline
    • SnortSam
    06/26/11 Intelligent Adware Blocker Back to previous slide
  • 19. Snort_inline dependency packages
    • libipq
    • iptables-dev
    • libpcreflex
    • bison 1.2.1
    • Libpcap 0.7.2
    • Pcre
    • libdnet
    • libnet
    • libnet filter-queue-dev
    • dnet
    06/26/11 Intelligent Adware Blocker
  • 20. Topology Required For Snort_Inline (IPS) 06/26/11 Intelligent Adware Blocker
  • 21. Steps to implement snort_inline
    • Implement Bridge.
    • Installation of required packages for snort_inline.
    • Install and Configure snort_inline with mysql facility.
    • Apply Iptable rules:
    • iptables –A INPUT –p icmp –j QUEUE
    • iptables –A FORWARD –p tcp –dport 80 –j QUEUE
    • Write rule in local.rules ( Rule Generation)
    • drop tcp any 80 -> any any (content :“google”; msg :“response from google”; sid:1001;)
    • Apply Snort_inline rule:
    • snort_inline – dev –c /etc/snort_inline/rules/ips.rules -Q -l /var/log/snort_inline
    • Report Generation IPS mode
    06/26/11 Intelligent Adware Blocker
  • 22. 06/26/11 Intelligent Adware Blocker (ips.rules) (ips.rules) Using dom parser Back
  • 23. 06/26/11 Intelligent Adware Blocker Back
  • 24. 06/26/11 Intelligent Adware Blocker
    • Technologies used:
    • JAVA ( servlet ) for application controller
    • jsp ( java server pages) and HTML for frontend
    • Java script (For form validations)
    • Perl script ( To store entries of Squid’s access.log into database table )
    • Shell script ( To start and stop Snort, Snort inline and Squid’s services )
    • ( To apply iptables rules according to modes )
    • Operating System: Ubuntu 10.10
  • 25. Requirements for developing the system
    • Hardware
    • Desktop PC’s or Laptops with Intel Pentium based x86 processor
    • Desktop PC with two NIC cards
    • Hard line/Wired internet connection
    • Switch(To implement Snort_inline)
    • Software
    • Snort (IDS) 2.8.52 with Mysql facility
    • Snort_inline and its dependency packages
    • Squid Proxy Server 2.7
    • MySQL_Server 5.1.49
    • MySQL_Client 5.1.49
    • Apache Tomcat 6.0.32 web server
    • gcc 4.4.5 and gdb 7.2 to compile and debug code
    • JDK 1.6
    • sed 4.2.1
    • Browser software (Mozilla Firefox, Chromium, Epiphany)
    06/26/11 Intelligent Adware Blocker
  • 26. Requirements for using the system
    • Hardware
    • Desktop PC’s or Laptops with Intel Pentium based x86 processor
    • Hard line/Wired internet connection
    • Software
    • Browser software (Mozilla Firefox, Chromium, Epiphany, Internet Explorer)
    • Operating system for client machine (Linux or windows)
    • Operating system for server machine (Linux)
    06/26/11 Intelligent Adware Blocker
  • 27. View Log
    • LogBook.xslx
    • http://cumminsit14symantec.blogspot.com
    06/26/11 Intelligent Adware Blocker
  • 28. References
    • Squid: the definitive guide - by Duane Wessel
    • Snort: IDS and IPS toolkit - by Jay Beale, Andrew R. Baker
    • Snort cookbook - by Angela Orebaugh, Simon Biles, Jacob Babbin
    • Shell Scripting : Beginning Linux Programming by Neil Matthew and Richard Stones
    • Bridge Configuration http://www.faqs.org/docs/Linux-HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
    • Iptables http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
    • Snort_inline
    • http://openmaniak.com/snort_tutorial_snort.php#ancre-manual
    • http://support.avaya.com/css/P8/documents/003915688
    06/26/11 Intelligent Adware Blocker
  • 29. Achievement
    • First prize in Project Competition
    • Held on
    • 16 th April 2011 at AISSMS college of engineering
    06/26/11 Intelligent Adware Blocker
  • 30. Acknowledgement : 06/26/11 Intelligent Adware Blocker Mr. Vikram Saurabh (External guide) Mr. Harshad Wadkar (Internal guide) Mrs. Madhura Tokekar (HOD) Mr. Makarand Velankar (Project Coordinator) Mr. Shripad Tawade
  • 31.
    • Thank you…
    06/26/11 Intelligent Adware Blocker