SSH IP Spoofing Attack on Tor

Рет қаралды 11,422

Күн бұрын

Пікірлер

@Sam_Bent 3 ай бұрын

One Weird trick article: delroth.net/posts/spoofed-mass-scan-abuse/ [thanks john for reminding me] OONI Probe/test for Relay Ops: ooni.org/install/ Template for abuse complaints: gitlab.torproject.org/tpo/network-health/analysis/-/issues/85#note_3126618Dir Autorities getting abuse complaints: gitlab.torproject.org/tpo/network-health/analysis/-/issues/85 Tor Project sysadmin team: gitlab.torproject.org/tpo/tpa/team/-/issues/41840 (technical details) Tor Relay Ops: community.torproject.org/relay/ Tor Dir. Authorities: community.torproject.org/relay/governance/policies-and-proposals/directory-authority/ GreyNoise: www.greynoise.io/ InterSecLab: www.opentech.fund/projects-we-support/supported-projects/interseclab/ Ignore abuse reports from "watchdogcyberdefense.com": seclists.org/nanog/2024/Nov/24

@Acid741981 3 ай бұрын

Thanks a lot for the info on that. I was on vacation when my provider sent the abuse complaint and could not immediately react to it. There are finally some answers... Would appreciate an update if there's more knowledge about the actual attacker. Great vid as always.

@ProfessorLinux 3 ай бұрын

Great setup. I love your background and lighting❤

@oOEmberOo 3 ай бұрын

I appreciate your angle

@effsixteenblock50 3 ай бұрын

Here's how I'm thinking the guy got caught: The traffic that would eventually tell the tale to investigators would be the TCP SYN packets that timed out, of which, in such a high volume there would be many. If there were enough of them, they could sort of "work backwards" to find his basic location, assuming he didn't fiddle with the TTLs. They could see where a packet was when it timed out and since some ASs are only reachable from a single path, they could get one piece of the puzzle at a time. Again, there would have to be a ton of traffic to do this but thankfully there obviously was. If the guy would have randomized the TTLs, he probably wouldn't have been caught. Another thing that could contribute to him revealling his whereabouts would be if there was something unique or non-standard in any of the TCP f(or even lower layers) fields. Some TCP stacks are by default slightly different - TCP window, TCP options etc.. Either way, I'm sure it involved a sh!t-ton of work. Hats off to the folks that did it!

@henrik2117 3 ай бұрын

Your humour is the best! 😅

@joshuatimothy2966 3 ай бұрын

Thanks for the update, keep doing your thing

@rakly347 3 ай бұрын

Your diagram is wrong. You connect Exit to onion service. That's never how a tor connection to a onion service works. I run a node, there were some issues triggering my DDoS protection. Other than that, I didn't really experience much trouble. My node remained operative, But I had to temporarily separate the node from the rest of my network (just a simple virtual lan) to stop the flooding from the node to my other devices. - I don't know the intricacies of the whole thing, just that my firewall had blocked all my wired connected devices from being reachable. (meaning, no inbound connections were accepted)

@FuckYouYourLibtardOpinion 2 ай бұрын

So its def effective even in this trail run

@BangBangBang. 3 ай бұрын

I used to work for a a large IaaS/hosting provider. There's so much garbage usually automated sent to the abuse desk that thats why providers don't really do much on it. Don't use automated tools to flood abuse contacts over the smallest things. It's usually copyright complaints, network stuff (pings/scans/connects) and spam with law enforcement/data retention requests sent in. Hey FYI that $4 VPS you're paying for, we're handing over any and all info to anybody with a law enforcement letterhead they're faxing/emailing to the record request contact. That's widespread in the industry. That's why VPN ads on KZbin make me laugh so hard

@Sam-rr4ek 3 ай бұрын

@@BangBangBang. so the only good VPN is mullvad?

@fd20231 3 ай бұрын

Thanks for the info big homie!!! Appreciate the video once again. Also, looking yoked bro! NO DIDDY Been working out or is it the winter 15 where thanksgiving just keeps on giving cuz im suffering from the latter myself 😂😂

@nezu_cc 3 ай бұрын

Oh so that's why my ISP is mad, damn

@noprivacyverner 3 ай бұрын

sound more like some was mapping the network or trying to i bet it was first round

@MikeJones-mf2rt 3 ай бұрын

Unit 8200

@Anonymous__007-m3l 3 ай бұрын

@@MikeJones-mf2rt 🙊🐵🙈

@naesone2653 3 ай бұрын

Interesting can u go more in-depth

@GOOGLE-IS-EVIL-EMPIRE 3 ай бұрын

@@MikeJones-mf2rtwhat is unit 8200?

@GreatTaiwan 2 ай бұрын

@@GOOGLE-IS-EVIL-EMPIRE israeli unit (punch ex-mossad agents who specialized in comp sec), they are known to middle in many countries (Israel can always just burn the connections unlike mossad which was formed officially before Israel ) one of known operations: - leaking Patroit Pak2 source code to CCP - destroying Brazil nuclear project (among Tunisia) now they weren't alone but a key player

@chams7960 3 ай бұрын

Hey sam ! Can you make a step by step guide on how to be safe? From buying a laptop to being safe in the net? That would be crazy content!

@joshuatimothy2966 3 ай бұрын

I think the opsec bible has something similar to it

@chams7960 3 ай бұрын

@ okay I’ll check that, I thought it would be really interesting to see how he set up his computer

@ashahahaha 3 ай бұрын

See his Defcon talks :)

@TevynSmith 3 ай бұрын

This isn’t direct advice but hypothetically in theory, make sure you run tails with Ethernet only and to have 16GB of ram to be most optimal

@joshuatimothy2966 3 ай бұрын

@@TevynSmith as well as flashing the BIOS/UEFI to CoreBoot/LibreBoot and other open source boot loaders

@serenditymuse 3 ай бұрын

Why do we need centralized control nodes? It could be done more on event decoupled basis where nothing knows about all the relays. Instead the relays respond to and put information about state on an event bus. If done right the IP addresses of relays may not be known with any dependably so difficult to spoof traffic from them.

@Iris_and_or_George 3 ай бұрын

Ooofff dat leet runtime!

@deannawolfe3900 3 ай бұрын

Bro you should cover whatever is up with abacus market

@wildweasel3001 3 ай бұрын

If you don't need to see the response you can spoof TCP messages.

@davegebbings7632 3 ай бұрын

Thanks Sam

@stevez5134 3 ай бұрын

would it be better to just use i2p?

@DAVE_ICEMAN 3 ай бұрын

It has no exit to clearnet

@zeus1141 3 ай бұрын

@@stevez5134 and is significantly smaller network and older tech.

@ashahahaha 3 ай бұрын

@elguero933 tbh good, dummy proof :P

@Bill_Bacon 2 ай бұрын

Cant diss Linus!

@plodoviski 2 ай бұрын

Sam, you would can talk about DeSnake ? Ex-Admin of AlphaBay.

@dennisestenson7820 3 ай бұрын

I'm 46 and if I had never shaved my beard in my life, it wouldn't be half that long.

@Flynn-Lives 3 ай бұрын

grate VHS video /me bows down ^_^ dank -bg lol

@JoeBrown-b7w 2 ай бұрын

Can you do a video explaining how to pgp encrypt a message?

@deannawolfe3900 2 ай бұрын

@@JoeBrown-b7w download tails first

@djksfhakhaks 3 ай бұрын

Omfg. Your beard is Sun Microsystems "Im so valuable im alloud to live in the mountans and just think things up" worthy.

@TevynSmith 3 ай бұрын

You seem like your personality is never up or down always stable, what do you attribute that to?

@Sam_Bent 3 ай бұрын

Lack of emotion. I'm an INTP-A and a Sigma. If I had to guess.

@TevynSmith 3 ай бұрын

@@Sam_Bent you remind me of a Patrick Bateman type , but with no smiling

@AndreeaCe 3 ай бұрын

Ever read what not to send via classic mail network? Don't send cash, jewellery or other high value goods...will be stolen. This being one side of the coin.

@ZerosAndTwos 3 ай бұрын

Personal opinion -- the original use case for tor is no longer necessary because the ships can use starlink ( dod paid for low earth orbit gps replacement satellites and elon took advantage with starlink ). So, tor is a problem now and there are other opsec friendly covert networks for government communication. Get ready for tor as you know it to be relentlessly assaulted and perhaps eventually gone. This is all a personal opinion and i am a no one from nowhere.

@etziowingeler3173 3 ай бұрын

Starlink has replaced Tor? lul ok

@ZerosAndTwos 3 ай бұрын

@etziowingeler3173 no? Go read how tor came to be. The US Navy invented it.

@onemoreguyonline7878 2 ай бұрын

Lol, 13:37 run time

@ZambeziSentinel 3 ай бұрын

What's crazy is it's not hard 😂

@whenindoubtgotowikipedia.8292 3 ай бұрын

Skid

@mikemaldanado6015 3 ай бұрын

If you want to maintain any sort of integrity you need to put out a correction video regarding the silk road. You're entire video was false. Dread Pirate Roberts was never even charged for running silk road, he got two life sentences for conspiracy to murder 8 people. It's sad that you won't like all other youtubers that get shit wrong, Then u wonder why nobody can agree on anything anymore.... it's mostly to do with youtube/redddit, etc.. how do u expect people to believe any of your videos now? whatevs. unsub.

@Sam_Bent 3 ай бұрын

reason.com/2018/07/25/ross-ulbrichts-murder-for-hire-charges-d/ Amplified through inaccurate and sensationalized reporting, these false murder-for-hire allegations were used to deny Ross Ulbricht’s bail, smear him in the media, and justify the life sentence he ultimately received. Ross was never tried for these allegations, which means the allegations were never ruled on by a jury and Ross was never found guilty of paying to have anyone killed. These unproven and unprosecuted accusations were eventually dismissed “with prejudice” in 2018, and therefore can never be re-filed or used against Ross again. The allegations were never proven in court and relied on anonymous chats and text files never proven to have been authored by Ross. Hard evidence and testimony-including from the lead Silk Road investigator-show that, over time, multiple people were behind the site admin’s handle (who was called Dread Pirate Roberts or “DPR” for short). Two corrupt federal investigators (sent to prison) also had unfettered access to Silk Road and were admittedly involved in numerous plots. Ross has always denied being involved with these allegations. And even Curtis Green, the only alleged victim ever identified in these allegations, has spoken out against these allegations and is a longtime, fervent supporter of Ross’s release. freeross.org/false-allegations/

@plodoviski 2 ай бұрын

Sam, you would can talk about DeSnake ? Ex-Admin of AlphaBay.