Penetration Testing mailing list archives
Re: Anonymizing Packets yet ensuring 0 % packet loss
From: "Brett Cunningham" <cssniper22 () gmail com>
Date: Thu, 13 Sep 2007 20:58:47 -0500
Use Tor (http://tor.eff.org/). ISP's don't really track it, but that shouldn't be a concern of yours if you're pentesting. The end device can't tell it's been through tor. It sounds like you're internal on the network. I can't tell by your wording. If so, use SSH tunneling. Works like a charm. (http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-port-forwarding) On 9/13/07, Vivek P <iamherevivek () gmail com> wrote:
hi it was quick & impressive we had worked on socks proxy! there are some mertis & demerits the network on which we are testing (80 % target simulation) has some filters which blocked it.. Are you aware of some technology though which i can employ dns poisoning to route it to a virtual location !! where i have control !! I am interested to do something at packet level cos setting up a proxy also can be traced at the ISP level!! Any suggestion to go about it would be appretiated! thanx On 9/14/07, Utmost Bastard <utmostbastard () gmail com> wrote:Other then delivering a payload with a forged packet you will have to proxy through something. If you are reverse tunneling a shell it will need to relay through a proxy of sorts also if you truly need the originating IP concealed. Basically anything other then a one way connection is going to need a valid address to relay the data back and forth from. The first and only truly reliable thing I can think of is a good fast socks proxy. ----- Original Message ----- From: "Vivek P" <iamherevivek () gmail com> To: "Utmost Bastard" <utmostbastard () gmail com> Cc: <security-basics () securityfocus com>; "Pen-Testing" <pen-test () securityfocus com> Sent: Thursday, September 13, 2007 4:15 PM Subject: Re: Anonymizing Packets yet ensuring 0 % packet losshi thanks for the quick reply my goal is to hide my ip adress, the n/w packets will be pentest related & general stuff! there is no torrent, but FTP, HTTP & regular communications will take place from the setup! I am looking for a solution with which i can permanently show a different IP adress! (not actual) i did try creating packets, the problem is that the reply doesnt come back to me!! I was successful to broadcast a packet outside & it came back too.. but it was traceable (i used a carrier)... :-( i would appretiate some one discussins techncalities. I am okay with coding a program fr the same! On 9/14/07, Utmost Bastard <utmostbastard () gmail com> wrote:PeerGuardian just uses preset "block lists" of IP addresses to function. If an IP address is met any protocol/port transferring or receiving data is blocked at the network layer. I do not think that is the goal you are trying to achieve. If this is for traffic such as torrent your IP will still be known from the tracker itself but you will not be sending or receiving data from any of the IP addresses you have in your list. http://www.bluetack.co.uk/forums/index.php ironically has a torrent to download the latest blocklist set. Hopefully this clears any questions up. UB ----- Original Message ----- From: "Vivek P" <iamherevivek () gmail com> To: <security-basics () securityfocus com>; "Pen-Testing" <pen-test () securityfocus com> Sent: Thursday, September 13, 2007 1:52 PM Subject: Anonymizing Packets yet ensuring 0 % packet losshi all I am on a lookout for IP hiding & anonymity for a project of mine! I was googlin for some time now! most amusing one that i came across was that of Peer Guardian.. I wanted to get directions frm hw best can i get my identity hidden! atleast without using a proxy server from some providers (like anonymiser)... the link for Peer Guardian is here: http://phoenixlabs.org/pg2/ I m pretty sure someone would have tried it.. I am testing it as i am writing this query... thanks in advance ------------------------------------------- Vivek P Nair VP Tech Appin Group Of Companies Appin Security Group Module III TBIU IIT DELHI Hauz Khaus New delhi India www.appinlabs.com vivek.p () appinlabs com We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all! ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads -------------------------------------------------------------------------- ------------------------------------------- Vivek P Nair Vice President Technology Appin Group Of Companies Appin Security Group Module III TBIU IIT DELHI Hauz Khaus New delhi India www.appinlabs.com vivek.p () appinlabs com +919910924675 We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all!-- ------------------------------------------- Vivek P Nair Vice President Technology Appin Group Of Companies Appin Security Group Module III TBIU IIT DELHI Hauz Khaus New delhi India www.appinlabs.com vivek.p () appinlabs com +919910924675 We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all! ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Anonymizing Packets yet ensuring 0 % packet loss Vivek P (Sep 13)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Utmost Bastard (Sep 13)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Vivek P (Sep 13)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Utmost Bastard (Sep 13)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Vivek P (Sep 13)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Brett Cunningham (Sep 14)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Vivek P (Sep 13)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Dotzero (Sep 14)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Vivek P (Sep 16)
- RE: Anonymizing Packets yet ensuring 0 % packet loss Strykar (Sep 16)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Vivek P (Sep 16)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Brett Cunningham (Sep 17)
- RE: Anonymizing Packets yet ensuring 0 % packet loss Strykar (Sep 17)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Utmost Bastard (Sep 13)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Dotzero (Sep 17)
- Re: Anonymizing Packets yet ensuring 0 % packet loss Vivek P (Sep 17)