PDA

View Full Version : Highest possible Anonimization in internet by Ip spoofing and vpn chaining?



mandi
12-18-2010, 03:19 AM
I am having some ideas in my mind regarding obtaining Maximum possible anonimization by ip-spoofing along with chaining vpn connections for the maximum possible anonimization by exploiting the lack of ingress,egress filtering by the ISP's

,but i can not able to find any useful resources for studying,understanding and practical implementation of these concepts So decided to ask here,

I have the following questions

1)Is it possible to chain the vpn connections like we do for proxy?
if yes ,Then to be honest i don't know about chaining multiple vpn's together ,Will it work with out issues?


2)Also most of us know that Internet routers cares only about the destination address not the source adress,it will also one of the greater advantage to us for anonimization


I am not only looking to spoof my internet IP address to some random address ,i am much concerned about getting responses or packets back from the target with my spoofed ip,with out the connection or packets going to the "original" ip i have been using for spoofing ...


in simple i want to you address as my source address and communicate with a third party ,And when the third party sends a reply ,the reply should not be sent to you,it should comes to me...

how to do this?

Also can we use a able to get back replies from the target if we use a spoofed CLASS D OR E address?



I hope this is definitely possible,I had seen some guys using these kind of techniques for anonimization,

But i don't know to do this,but i am very much interested in understanding them theoretically and practically.




3)Next my doubt is regarding hop by hop packet tracing,if we do like the above idea then law enforcing agencies should have do hop by hop packet tracing to trace the real attacker right?,Also i am sure when we do like this it involves atleast 15 hops from various countries for a single vpn ,So if we do the same spoofing technique from multiple VPN connections hosted on multiple VPS servers and chain them together to a single ,will it gives us maximum anonimization?


I do know if we do serious crimes these kind of chains can be traced at any cost,but what if it was an low profile attack scenes like web-site defacements,piracy and e-mail abuse etc?

Just want to know the "truth" regarding real time crime investigations,

I hope many of you guys have seen many similar scenes in your life..

hope some one will help me out...

AnArKI
12-19-2010, 03:35 PM
1)Is it possible to chain the vpn connections like we do for proxy?

I highly doubt the praticality of this chaining VPN connection......each VPN (site to site) say VPN A,B,C,D is used for chaining then D should have the decryption keys of A,B and C.....which is highly uunlikely........



in simple i want to you address as my source address and communicate with a third party ,And when the third party sends a reply ,the reply should not be sent to you,it should comes to me...

IP spoofing at the internet is gud in theory but doesnt work much in praticality......the only use I can see to DoS a particular IP......IP spoofing useful for port scanning and probes, denial of service.

THe use of IP spoofing in anonimization is a big MISCONCEPTION.

If you go through basic functioning of IP protocol that would explain thing more clear for you and you might also read this post

http://www.garage4hackers.com/showthread.php?81-Tut-How-to-proxify-the-console-data%28b0nd-Punter%29

mandi
12-20-2010, 12:02 AM
I highly doubt the praticality of this chaining VPN connection......each VPN (site to site) say VPN A,B,C,D is used for chaining then D should have the decryption keys of A,B and C.....which is highly uunlikely........


Why can't we able to do that if we do have own some vpn servers?

Also what about creating some kind of tunnel relays in between the chains?don't it be possible?




IP spoofing at the internet is gud in theory but doesnt work much in praticality......the only use I can see to DoS a particular IP......IP spoofing useful for port scanning and probes, denial of service.

THe use of IP spoofing in anonimization is a big MISCONCEPTION.

If you go through basic functioning of IP protocol that would explain thing more clear for you and you might also read this post


I do think exactly like you before some days,I had seen guys using ip spoofing for AV evasion,refective DDOS and in spoofed port scans to bypass IDS and firewalls,but i did seen and studied some interesting theories in the past 1 week that made me think like these

1)Internet operates or routes the packet mostly by caring about the destination address,they wont pay much attention on the source address

2)As we do know that internet only uses class A,B and C ip address,but it is possible to use a class D or E ip address on the internet,because all we need to do is some proper configurations on the router,if the configurations are correct it can be routed,this is what i studied and this made me surprised ,why this is not possible?
That is what comes in my mind

Also i do started to seen some interesting stuff in the recent past,when i tried to trace one of my Black hat friend,i got surprised ,Because the ip i got is 255.255.255.255(Believing is up to you),When i asked how it is possible .he refused to reveal the trick,...

So tought of asking these questions here,hope some one will make it clear...

AnArKI
12-20-2010, 12:56 AM
what about creating some kind of tunnel relays in between the chains?don't it be possible?


i did seen and studied some interesting theories in the past 1 week that made me

Gr8 mate.....do enlighten us when your theories become a reality and turns pratical.....

fb1h2s
12-20-2010, 12:58 AM
@mandi Its really good that you have a lot of thought s perfectly good for hacking environment, but you should also be able to justify your thoughts.


1)Is it possible to chain the vpn connections like we do for proxy? Anarki bro has already replayed to that question of yours , then you counter questioned with this one


Why can't we able to do that if we do have own some vpn servers?
Well if you are using your own VPN servers then where is the anonymity, its clear that the owner of your private VPN is "mandi", so whats the point in touching your nose round form back.


And about Ip spoofing Well I am a person who believes that nothing is impossible, but for making something possible you need to know a hell lot of stuffs about It :),

Anarki has also replayed to this, that Ip spoofing over tcp has always remained in papers, why because its a three way handshake and coz of the sequence no, As anrki mentioned DOS ing is possible with a half connection as u could use a spoofed IP and use it in you SYN packets, This stuff is already there in Nmap "decoy mode", But intercepting the communications.... well as you said you have seen few videos and stuffs form you Blackhat friends on TCP Ip spoofing well we all would be interested to see it :) if you dont mind sharing :)

And I think you read wayyy too much Ankid Fadia Crap :)

mandi
12-21-2010, 12:53 AM
Gr8 mate.....do enlighten us when your theories become a reality and turns practical.....


I don't know in which way u said those above words,Also like i you said said it is just some theories,but also you can not say that it can not be done,Also just asking you personally and need you to answer me honestly,What methods does the high end hackers like guys who are breaching in to google,military networks,NASA,govt networks use for their anonimity,I don't believe they will just use some proxy or sock chain and some vpn's,I am just asking some honest answers from you ,Also i know a black-hat wont reveal his way of anonimity,all i need to know is what kind of methods does the guys use for anonimity,..., if you are black-hat i am sure you wont reveal this,All i am looking forward is to have some ideas,Atlleast i would like to know some concepts..

Don't think i am urguing with you bro,i am just saying my toughts,;)





Well if you are using your own VPN servers then where is the anonymity, its clear that the owner of your private VPN is "mandi", so whats the point in touching your nose round form back.


NO,I forgot to mention it clearly,Owning means we do can create vpn chains from one of the hacked server nah?that is what i am trying to said,




Well I am a person who believes that nothing is impossible, but for making something possible you need to know a hell lot of stuffs about It ,

Anarki has also replayed to this, that Ip spoofing over tcp has always remained in papers, why because its a three way handshake and coz of the sequence no, As anrki mentioned DOS ing is possible with a half connection as u could use a spoofed IP and use it in you SYN packets, This stuff is already there in Nmap "decoy mode", But intercepting the communications.... well as you said you have seen few videos and stuffs form you Blackhat friends on TCP Ip spoofing well we all would be interested to see it if you dont mind sharing

And I think you read wayyy too much Ankid Fadia Crap


I am not a fan of ankit fadia,he is an outdated guy,Also to be honest,i do come to kind of conclusion by reading your words,A high-tech anonimity can not be obtained by using the traditional methods such as some proxy-chaining,socks,vpn's,
Also even if we use a proxy-chain of 130 proxies,the law enforcement authorities will decrypt it ,if the crime was serious, I do believe there must be some other ways for do that,All i am looking for is some ideas ..

Hope i can get some more ideas...

AnArKI
12-21-2010, 02:20 AM
Also just asking you personally and need you to answer me honestly,What methods does the high end hackers like guys who are breaching in to google,military networks,NASA,govt networks use for their anonimity

I am black and dont answer honestly......so all the best....and really wish some one answers your valid queries.

mandi
12-21-2010, 03:02 AM
I am black and dont answer honestly......so all the best....and really wish some one answers your valid queries.

Ahh like i guessed,ok any-way,but Atleast you can confirm there are better ways other that this traditional anonimization like proxie chaining,socks,vpn exist nah?

just for confirmation...,Atleast i hope you may answer it,,..

b0nd
12-21-2010, 04:12 AM
Hi mandi,

Yes, for serious stuff people do not depend on the public proxies and things like that. The best bet would be to own a couple of servers in different territories who do not have good political relations. "owning" the servers gives you privilege to delete/edit the logs.

And btw please share the sources (videos/papers) from where you are obtaining these thoughts.

ps: please use "quote" instead of "code"

Regards

mandi
12-23-2010, 05:16 PM
Hi mandi,

Yes, for serious stuff people do not depend on the public proxies and things like that. The best bet would be to own a couple of servers in different territories who do not have good political relations. "owning" the servers gives you privilege to delete/edit the logs.

And btw please share the sources (videos/papers) from where you are obtaining these thoughts.

ps: please use "quote" instead of "code"

Regards


To be honest i got this idea mostly by my thinking and some researching,
Best way to example my tought,According to IANA we should use port 22 for ssh service,But most hackers running ssh services on port 80 or 443 on their home or own server's/pc's and bypassing the firewalls and IDS nah,like that i am just thinking According to the standards we hear'd only class A,B,C address are routable on the internet,But the Real life scene in INDIA is different you know,Because as far as i seen most ISP's here does not have implemented ingress and egress filtering ,So i tought it is still being possible to do that,Also i asked to a networking profession guy,he said the following lines



Certain Multicast addresses CAN be routed over the Internet, when they are the destination. By definition a multicast address is not allowed to be a source address, so I am assuming that most ISP's will put in place filters that block a multicast address as a source address in the same way ALL ISP's block RFC 1918 addresses from being used at all.


So this enlighten a spark in my mind,Because multicast address are class-D address and so it is possible to use a class-D Address On the internet right if the routers are configured correctly,am i right?

Also when i tried to traced one of my black-hat ,i ended up with getting a 255.xxx.xxx.xxx ip,quite surprised ,but can't able to unlock the mystery :)

These are all the things that lead me to my toughts,Nothing more ,
I hope some one may unlock these mysteries and help me for getting more anonimization...

"vinnu"
12-24-2010, 11:08 AM
Well, the above posts by u [mandi], infers seriously the strange behavior. If you, attain such an attitude towards the other colleagues in a conversation, no one will answer the posts, and soon no one will even bother to read/study the stuff posted by u.

So the best behavior is to be polite and hear everyone, then say ur part.

mandi
12-24-2010, 03:19 PM
uhh,No,I am not that kind of guy,I just tried to discuss the thing,if you guys thinking that i am strange i am sorry,and i tender an apology to the guys who posted here ,I am waiting and willing to here some more ideas from the members here,Sorry once again to the members here..

the_empty
02-10-2011, 12:34 PM
amusing stuff... nice for a bit "light" reading

keval_domadia
04-04-2011, 08:32 PM
IMHO, I liked the concept but, I am worried about 'speed of data tx'... 'Onions' are rotten now... You sparked a cucumber :)