//blog.rapid7.com/2014/10/21/r7-2014- 17- nat-pmp- implementation-
and-configuration-vulnerabilities/
[32] A. Hemel, “Universal Plug and Play: Dead simple or simply deadly?” in
5th System Administration and Network Engineering Conference, 2006.
[33] S. Huang, F. Cuadrado, and S. Uhlig, “Middleboxes in the Internet:
a HTTP perspective,” in Network Traffic Measurement and Analysis
Conference (TMA). IEEE, 2017.
[34] Internet Society, “State of IPv6 Deployment 2018,” Internet Society,
Tech. Rep., 2018. [Online]. Available: https://www.internetsociety.org/
resources/2018/state-of-ipv6-deployment-2018/
[35] S. Karve, “McAfee Discovers Pinkslipbot Exploiting Infected
Machines as Control Servers; Releases Free Tool to Detect,
Disable Trojan,” McAfee Blogs, 2017. [Online]. Available:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-
discovers-pinkslipbot-exploiting-infected-machines-as-control-servers-
releases-free-tool-to-detect-disable-trojan/
[36] B. Kelly, Z. Durumeric, D. Adrian, D. Corcoran, and J. A. Halderman,
“Censys,” 2018. [Online]. Available: https://censys.io
[37] R. Khare and S. D. Lawrence, “RFC 2817: Upgrading to TLS Within
HTTP/1.1,” RFC Editor, Tech. Rep., 2000.
[38] D. Koblas and M. R. Koblas, “SOCKS,” in USENIX
Summer 1992 Technical Conference, 1992. [Online]. Available:
https:/ / www.usenix.org/ conference / usenix - summer- 1992- technical-
conference/socks
[39] M. K
¨
uhrer, T. Hupperich, C. Rossow, and T. Holz, “Exit from Hell?
Reducing the Impact of Amplification DDoS Attacks,” in USENIX
Security Symposium, 2014.
[40] L. Kuppan, “JS-Recon,” 2010. [Online]. Available: http:
//www.andlabs.org/tools/jsrecon/jsrecon.html
[41] Y. Lee, “SOCKS: A protocol for TCP proxy across firewalls,” NEC,
Tech. Rep., 2005. [Online]. Available: https://ftp.icm.edu.pl/packages/
socks/socks4/SOCKS4.protocol
[42] ——, “SOCKS 4A: A Simple Extension to SOCKS 4 Protocol,”
NEC, Tech. Rep., n.d. [Online]. Available: https://www.openssh.com/
txt/socks4a.protocol
[43] M. Leech, “RFC 1929: Username/Password Authentication for SOCKS
V5,” RFC Editor, Tech. Rep., 1996.
[44] M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas, and L. Jones, “RFC
1928: SOCKS Protocol Version 5,” RFC Editor, Tech. Rep., 1996.
[45] I. Livadariu, K. Benson, A. Elmokashfi, A. Dhamdhere, and A. Dainotti,
“Inferring Carrier-Grade NAT Deployment in the Wild,” in IEEE
Conference on Computer Communications (INFOCOM), 2018.
[46] G. Lyon, “Firewall/IDS Evasion and Spoofing,” 2019. [Online].
Available: https://nmap.org/book/man-bypass-firewalls-ids.html
[47] A. Mani, T. Vaidya, D. Dworken, and M. Sherr, “An Extensive
Evaluation of the Internet’s Open Proxies,” in Annual Computer Security
Applications Conference (ACSAC), 2018.
[48] R. Merget, J. Somorovsky, N. Aviram, C. Young, J. Fliegenschmidt,
J. Schwenk, and Y. Shavitt, “Scalable Scanning and Automatic Clas-
sification of TLS Padding Oracle Vulnerabilities,” in USENIX Security
Symposium, 2019.
[49] X. Mi, Y. Liu, X. Feng, X. Liao, B. Liu, X. Wang, F. Qian, Z. Li,
S. Alrwais, and L. Sun, “Resident Evil: Understanding Residential IP
Proxy as a Dark Service,” in IEEE Symposium on Security and Privacy.
IEEE, 2019.
[50] C. Montonen, “Solar and Solstice - Two Mirai Variants,” Tech. Rep.,
2019. [Online]. Available: https://blog.race-conditions.net/posts/solar-
and-solstice-two-mirai-variants/
[51] H. Moore, “Security Flaws in Universal Plug and Play: Unplug.
Don’t play,” Rapid7, Tech. Rep., 2013. [Online]. Available: https:
//hdm.io/writing/SecurityFlawsUPnP.pdf
[52] S. Neti and S. Sivakumaran, “CVE-2019-12527: Code execution on
squid proxy through a buffer overflow,” Trend Micro, Tech. Rep.,
2019. [Online]. Available: https://www.zerodayinitiative.com/blog/
2019/8/22/cve-2019-12527-code-execution-on-squid-proxy-through-a-
heap-buffer-overflow
[53] V. Olteanu and D. Niculescu, “SOCKS protocol version 6 -
draft,” RFC Secretariat, Tech. Rep., 2018. [Online]. Available:
https://tools.ietf.org/html/draft-olteanu-intarea-socks-6-02
[54] Open Connectivity Foundation, “UPnP Standards & Architecture,”
2019. [Online]. Available: https://openconnectivity.org/developer/
specifications/upnp-resources/upnp
[55] V. S. Pai, L. Wang, K. Park, R. Pang, and L. Peterson, “The Dark
Side of the Web: An Open Proxy’s View,” ACM SIGCOMM Computer
Communication Review, vol. 34, no. 1, 2004.
[56] Pat Padgett, “Corkscrew – A tool for tunneling SSH through HTTP
proxies,” 2001. [Online]. Available: https://github.com/bryanpkc/
corkscrew
[57] D. Perino, M. Varvello, and C. Soriente, “ProxyTorrent: Untangling
the Free HTTP(S) Proxy Ecosystem,” in World Wide Web Conference
(WWW), 2018.
[58] ProxyBroker Developers, “Proxybroker,” 2019. [Online]. Available:
https://proxybroker.readthedocs.io
[59] Y. Rekhter, B. G. Moskowitz, D. Karrenberg, G. J. de Groot, and
E. Lear, “RFC 1918: Address Allocation for Private Internets,” RFC
Editor, Tech. Rep., 1996.
[60] C. Rossow, “Amplification Hell: Revisiting Network Protocols for
DDoS Abuse,” in Symposium on Network and Distributed System
Security (NDSS), 2014.
[61] W. Scott, R. Bhoraskar, and A. Krishnamurthy, “Understanding open
proxies in the wild,” Chaos Communication Camp, 2015.
[62] C. Seaman, “UPnProxy: EternalSilence,” Akamai, Tech. Rep., 2018.
[Online]. Available: https://blogs.akamai.com/sitr/2018/11/upnproxy-
eternalsilence.html
[63] Shodan Developers, “Shodan,” 2019. [Online]. Available: https:
//www.shodan.io
[64] A. K. Sood, R. J. Enbody, and R. Bansal, “Dissecting SpyEye – Under-
standing the design of third generation botnets,” Computer Networks,
vol. 57, no. 2, 2013.
[65] J. Squire, “Universal Plug and Play IGD - A Fox in the Hen
House,” in Blackhat Briefings USA, 2008. [Online]. Available:
https://www.blackhat.com/presentations/bh-usa-08/Squire/BH
US 08
Squire A Fox in the Hen House%20White%20Paper.pdf
[66] K. Steding-Jessen, N. L. Vijaykumar, and A. Montes, “Using low-
interaction honeypots to study the abuse of open proxies to send spam,”
INFOCOMP Journal of Computer Science, vol. 7, no. 1, 2008.
[67] Symantec, “Inception framework: Alive and well, and hiding
behind proxies,” Symantec, Tech. Rep., 2018. [Online]. Avail-
able: https://www.symantec.com/blogs/threat-intelligence/inception-
framework-hiding-behind-proxies
[68] ”thecableguy“, “Security breached devices - port tcp 4145,” 2018. [On-
line]. Available: https://forum.mikrotik.com/viewtopic.php?t=137840
[69] G. Tsirantonakis, P. Ilia, S. Ioannidis, E. Athanasopoulos, and M. Poly-
chronakis, “A Large-scale Analysis of Content Modification by Open
HTTP Proxies,” in Symposium on Network and Distributed System
Security (NDSS), 2018.
[70] Z. Whittaker, “Hackers hijack thousands of Chromecasts to warn
of latest security bug,” TechCrunch, 2019. [Online]. Available: http:
//social.techcrunch.com/2019/01/02/chromecast-bug-hackers-havoc/
[71] D. Wing, S. Cheshire, M. Boucadair, R. Penno, and P. Selkirk, “RFC
6887: Port Control Protocol (PCP),” RFC Editor, Tech. Rep., 2013.
17