Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anonymizing Packets yet ensuring 0 % packet loss

From: "Brett Cunningham" <cssniper22 () gmail com>
Date: Thu, 13 Sep 2007 20:58:47 -0500
Use Tor (http://tor.eff.org/). ISP's don't really track it, but that
shouldn't be a concern of yours if you're pentesting. The end device
can't tell it's been through tor.

It sounds like you're internal on the network. I can't tell by your
wording. If so, use SSH tunneling. Works like a charm.
(http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-port-forwarding)

On 9/13/07, Vivek P <iamherevivek () gmail com> wrote:

hi
it was quick & impressive

we had worked on socks proxy! there are some mertis & demerits

the network on which we are testing (80 % target simulation) has some
filters which blocked it..

Are you aware of some technology though which i can employ dns
poisoning to route it to a virtual location !! where i have control !!

I am interested to do something at packet level cos setting up a proxy
also can be traced at the ISP level!!

Any suggestion to go about it would be appretiated!

thanx

On 9/14/07, Utmost Bastard <utmostbastard () gmail com> wrote:

Other then delivering a payload with a forged packet you will have to proxy
through something.

If you are reverse tunneling a shell it will need to relay through a proxy
of sorts also if you truly need the originating IP concealed.

Basically anything other then a one way connection is going to need a valid
address to relay the data back and forth from.

The first and only truly reliable thing I can think of is a good fast socks
proxy.

----- Original Message -----
From: "Vivek P" <iamherevivek () gmail com>
To: "Utmost Bastard" <utmostbastard () gmail com>
Cc: <security-basics () securityfocus com>; "Pen-Testing"
<pen-test () securityfocus com>
Sent: Thursday, September 13, 2007 4:15 PM
Subject: Re: Anonymizing Packets yet ensuring 0 % packet loss



hi
thanks for the quick reply

my goal is to hide my ip adress, the n/w packets will be pentest
related  & general stuff!

there is no torrent, but FTP, HTTP & regular communications will take
place from the setup!

I am looking for a solution with which i can permanently show a
different IP adress! (not actual)

i did try creating packets, the problem is that the reply doesnt come
back to me!!

I was successful to broadcast a packet outside & it came back too..
but it was traceable (i used a carrier)... :-(

i would appretiate some one discussins techncalities. I am okay with
coding a program fr the same!


On 9/14/07, Utmost Bastard <utmostbastard () gmail com> wrote:

PeerGuardian just uses preset "block lists" of IP addresses to function.
If
an IP address is met any protocol/port transferring or receiving data is
blocked at the network layer.

I do not think that is the goal you are trying to achieve.

If this is for traffic such as torrent your IP will still be known from
the
tracker itself but you will not be sending or receiving data from any of
the
IP addresses you have in your list.

http://www.bluetack.co.uk/forums/index.php   ironically has a torrent to
download the latest blocklist set.

Hopefully this clears any questions up.


UB
----- Original Message -----
From: "Vivek P" <iamherevivek () gmail com>
To: <security-basics () securityfocus com>; "Pen-Testing"
<pen-test () securityfocus com>
Sent: Thursday, September 13, 2007 1:52 PM
Subject: Anonymizing Packets yet ensuring 0 % packet loss



hi all

I am on a lookout for IP hiding & anonymity for a project of mine!

I was googlin for some time now! most amusing one that i came across
was that of Peer Guardian..

I wanted to get directions frm hw best can i get my identity hidden!
atleast without using a proxy server from some providers (like
anonymiser)...

the link for Peer Guardian is here: http://phoenixlabs.org/pg2/

I  m pretty sure someone would have tried it..

I am testing it as i am writing this query...

thanks in advance
-------------------------------------------
Vivek P Nair
VP  Tech
Appin Group Of Companies
Appin Security Group
Module III TBIU
IIT DELHI
Hauz Khaus
New delhi
India
www.appinlabs.com
vivek.p () appinlabs com

We explore... and you call us criminals.
We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious
bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to
us and try to make us believe it's for our own good, yet we're the
criminals.

Yes, I am a criminal. My crime is that of curiosity.
My crime is that of judging people by what they say and think, not
what they look like.
I am a hacker, and this is my manifesto.
You may stop this individual, but you can't stop us all!

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------







--
-------------------------------------------
Vivek P Nair
Vice President Technology
Appin Group Of Companies
Appin Security Group
Module III TBIU
IIT DELHI
Hauz Khaus
New delhi
India
www.appinlabs.com
vivek.p () appinlabs com
+919910924675

We explore... and you call us criminals.
We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious
bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to
us and try to make us believe it's for our own good, yet we're the
criminals.

Yes, I am a criminal. My crime is that of curiosity.
My crime is that of judging people by what they say and think, not
what they look like.
I am a hacker, and this is my manifesto.
You may stop this individual, but you can't stop us all!






--
-------------------------------------------
Vivek P Nair
Vice President Technology
Appin Group Of Companies
Appin Security Group
Module III TBIU
IIT DELHI
Hauz Khaus
New delhi
India
www.appinlabs.com
vivek.p () appinlabs com
+919910924675

We explore... and you call us criminals.
We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious
bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to
us and try to make us believe it's for our own good, yet we're the
criminals.

Yes, I am a criminal. My crime is that of curiosity.
My crime is that of judging people by what they say and think, not
what they look like.
I am a hacker, and this is my manifesto.
You may stop this individual, but you can't stop us all!

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: