I'm not presenting a scientific paper. Its an actual method that works. You can DDoS various networks to compare against active connections on TOR, and otherwise...
On Mon, Apr 10, 2017 at 12:22 PM, dawuud <daw...@riseup.net> wrote: > > > Dear Mike Guidry, > > My reply here is snarky but I just cannot help it. Please consider me > a friend that is snarky rather than an enemy or an asshole. > > I am finding it very hard to read. It is *extremely* annoying that you > present your definition of "hacking" at the beginning and then go on to > define TCP, UDP and other irrelavent things. it also buzzes and pops with > wtf terms like "reflect lateral hacking movements". Is your target audience > journalists who won't know what to look for in a good technical write up > of an actual attack? > > Perhaps it would be helpful for you to review some of the vast academic > literature > about breaking Tor since you are interested in breaking Tor: > > https://www.freehaven.net/anonbib/ > > > Sincerely, > > David Stainton > > > On Mon, Apr 10, 2017 at 11:17:13AM -0400, Mike Guidry wrote: > > I am not trolling you. I attached a PDF which explains how to trace TOR > > connections over the internet. It is not a joke. I have some other > > vulnerabilities at that URL I am releasing. > > > > I'll include here: > > > > Michael Guidry March 15, 2017 > > > > Tracing connections online from the virtual landscape to the physical > world > > > > Hacking is the intrusion of a computer by an unwanted guest, and is > usually > > used to express gaining access to corporate, or government networks. It > > requires either installing using malware, phishing, or directly > connecting > > to machines and attacking their software with exploits. It is currently > > impossible to accurately trace hackers online unless they use the same > > software, and techniques for all their targets. It has become a major > > problem within the last decade due to globalization, and corporate > networks > > directly connected to the Internet. > > > > Tracing Transmission Control Protocol (TCP) connections across the > Internet > > is inaccurate due to how routing is performed across global backbones. > The > > global routing table is modified constantly with nodes, and routes being > > adjusted for optimization, or quality of service needs. TCP is the most > > used protocol therefore it is the only protocol which really matters to > > attempt to trace. User Datagram Protocol (UDP) is state less therefore > less > > reliable for tracking, however has the same vulnerability. UDP is usually > > used by hackers for exfiltration, or remote control after other actions > > have been performed. > > > > It is currently impossible to track connections over the Internet > > accurately. Several cases relate to The Onion Router (TOR) sites aka > “Dark > > Web,” which were somehow uncovered using private technologies. > Technologies > > used for those cases do not work properly over regular hacking via > proxies > > online. Its an issue for the landscape of political hacking worldwide > which > > has been increasing annually across the globe. > > > > China, for example, has been having a lot of blame lately due to Internet > > Protocol (IP) addresses assigned within its borders being used in massive > > amounts of attacks. Some of these attacks have been supposedly verified, > > however it is impossible for China to have performed them all. Proxy > > servers being used in chains may just be victims themselves. The problem > > arises due to possible evidence planting being similar to proxying > through > > their others networks, or borders. It is completely different comparing > > cyber war to traditional conflicts due to evidence being traceable, and > > soldiers physical evidence being easily recovered. > > > > Hacking back is a concept any government, or corporation is now detailing > > within their playbook to understand how the liabilities may affect them. > It > > is the terminology used to attack the source of an intrusion by means of > > hacking itself. Repercussions of hacking a country due to incorrectly > > assuming an attack was originating there is highly possible. Cyber war > > policies exists for a lot of nations, and it may easily escalate their > > attention on whom they believe is performing the attacks. The same > happens > > with ‘proxy wars’ currently within the middle east, etc. Proxy wars > > traditionally will have global evidence allowing verification of weapon > > deliveries, or monetary exchanges to determine the origin of funding. > > Soldiers training methods, and other strategies may be impossible to > cloak. > > It is generally accepted once verified, and escalation is directed > towards > > the proper perpetrator. > > > > Internet Service Providers (ISP) have the ability to perform various > tasks > > internally to determine the pathways through their networks which would > > reflect lateral hacking movements. Connections leaving a single network > > that enter the realm of dynamic routing via Border Gateway Protocol (BGP) > > become a nightmare. The percentage of accuracy decreases > > > > exponentially as each separate network is used to route the connection to > > its destination. It becomes nearly impossible to trace after just a few > > gateways at least publicly, or academically. > > > > Unorthodox methods are required to allow tracing of connections under > these > > circumstances. Distributed Denial of Service (DDoS) is a solution that > > allows you to turn the internet’s own packet distribution system into a > > tracking mechanism. Most people do not consider performing DDoS attacks > for > > positive reasons. DDoS may have been used by targets to “quarantine” > their > > hacking source temporarily from the Internet. This strategy is beyond the > > scope of this technique, and is literally only a bandaid for a single > > attack originating from possibly just a proxy. > > > > DDoS is also illegal in most nations which have advanced their cyber > crime > > laws. The fact that this technique requires many computers performing > > attacks strategically placed across the globe also ensures that they will > > be performed from countries where these laws are being enforced. The > attack > > requires attacking all networks that you wish to verify against therefore > > you are immediately breaking laws on the destination side of most of the > > world simultaneously. It should not be used lightly, or regularly without > > cause and understanding. > > > > DDoS attacks transmit more data to a destination than a that network can > > handle which forces it to stop responding in a timely fashion. The > latency > > is so high that the TCP timeouts are reached, and connections break. New > > connections are also impossible during these attacks. It has only had > > negative effects since it began being used globally regularly. This > > technique could be considered a reverse DDoS. > > > > The approach is to attack the entire world in a very strategically timed > > manner using worldwide machines. Each separate DDoS attack using machines > > worldwide would use different synchronization, and timing information > which > > would allow embedding information directly into the latency it causes on > > those networks. The purpose is to compare that latency with the hack > taking > > place to verify its source location. If the attack disrupts networks your > > attempting to verify against for milliseconds up to a few seconds then > you > > can perform several of these sequentially to embed information in this > > timing itself. DDoS then becomes a positive useful solution even though > > technically illegal to a currently difficult problem. > > > > You wouldn’t necessarily have to attack the entire world. Conceptually it > > would be better to use databases of networks wishing to verify against. > > Residential, and commercial IP delegations throughout most nations would > > cover a large portion. Government hacking groups have their IPs leaked > > often as well. It is possible to just perform the attacks on these > > particular sets of IP addresses rather than the world as a whole. It is > > also equally possible to perform the attacks on entire ISPs, and > countries > > to quickly determine although this would not be accurate due to possible > > proxies in between being within that country. > > > > If the technique is used on a major ISP network rather than a gateway > going > > into an office then it is possible that a proxy exists within their > network > > which would read off as a false positive. Accuracy relies on the networks > > your verifying against to be actual end user machines which would have > > human attackers. If you were to attack a network, or router of a network > > which has an office then it is highly likely they are going to notice > other > > hackers using their network to hack externally on scales which would > > involve this type of solution. If you were to attack an entire country > then > > you are going to have a problem of not recognizing from timing alone > > whether or not a proxy (of possibly several) just exist in that country. > It > > is imperative to understand this, and always attempt to get as close to > the > > networks in question being verified. > > > > Original message: > > > > Are you trolling us? I don't get it! > > > > > > On Sun, Apr 09, 2017 at 08:19:28PM -0400, Mike Guidry wrote: > > > Hello, > > > > > > Here is a document I've wrote regarding a concept to trace connections > > even > > > through TOR. If you have any questions feel free to respond, and I'll > > > attempt to explain. I have also considered a way to mitigate this > > > situation being allowing TOR to be traced by using 'Transactional > > > Requests.' I'll proceed to write it up, and post soon. > > > > > > I have released some other short papers as well. It contains several > > files > > > regarding a few vulnerabilities, and a couple concepts regarding things > > > like quantum resistant cryptography, etc.. > > > > > > URL: https://mega.nz/#F!QnZRXKyS!oluyILlMPpyJjPS57w7axQ > > > > > > Feel free to e-mail me directly.. > > > > > > Thanks, > > > Mike Guidry > > > _______________________________________________ > > tor-dev mailing list > > tor-dev@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > > > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > >
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev