New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
routing traffic through 34 servers located in nearly 20 countries
hyperblast
Member
sirs,
"The government says the men disguised their hacking activity by routing attack traffic through 34 servers located in nearly 20 countries, using encrypted communications channels within Equifax’s network to [...]"
(https://krebsonsecurity.com/2020/02/u-s-charges-4-chinese-military-officers-in-2017-equifax-hack/)
how can somebody route traffic through 34 servers?
Thanked by 1greattomeetyou
Comments
Are you asking how to disguise your hacking cause latency otherwise will kill you.
Find a "underground" forum and ask the question there.
no my question does not refer to hacking activities on my part! i am rather interested in how this works technically and want to understand it.
That's what they all say
"It's for educational purpose only"
edu.cn?
It's not so hard, Tor does the same thing right?
I thought the saying is "it's for research purposes" or is that only applicable to certain clips of videos?
Clips? Aren't you the fastest hand in the west.
Well, if you can route through one server, you can run through more. But they don't mean 34 relays each time, just up to 34 when taking all servers into account. 2-5 relays I would get realistic.
The more interesting question is how this gets detected. From what we know from Snowden leaks, traffic is mirrored on major connections and they can register callbacks so that if a source/destination address passes through the connection they can see to/from the traffic came. "Follow the
moneyIPs"I'm guessing slot of European countries, otherwise TCP connections would probably just timeout lol.
Basically, you just chain SOCKS proxies. Make a proxy request to the first one, then it forwards the data, which is a SOCKS request to another, then it sends on the data, which is a SOCKS request to another proxy, and so on. Turtles all the way down.
Tor does three levels of proxy chaining.
Because of MTU and overhead, does that mean there's going to be one full size packet and one fragment for each packet?
Well you could do something like this: https://github.com/cryptostorm/voodoo.network/blob/master/README.md