April 19th, 2006, 07:47 PM
To Trace Anonymous Hack Behind Proxy
I am thinking whether a router can add some option headers in the IP datagram (invisible to the senders and recipients) for tracing the whereabout of the packets. The headers can contain a special signature that can identify the particular IP datagram. For example, you know where the proxy servers are, and you can find where the proxy servers are connected physically. So, what you do is to monitor the output of every node connected to the proxy server to see whether you can find the datagram with signature, and then step by step hopefully you can trace the origin.
I heard a solution like the one mentioned above. However nowadays many proxy server allow their client to connect through encrypted channel. Isn't it all the signature we put into the packet is encrypted and therefore cannot be detected?
April 19th, 2006, 08:22 PM
If you are monitoring the entry nodes to the proxies, then surely you can just find the destination IP from the monitored traffic (it must be in there somewhere). This would make the entire process of adding a trace to the packets kinda pointless.
The only possible useage of this I can think of would be to trace people using Tor or similar. If this is the case, maybe you could use something like taking a hash of a data part of the packet that will remain the same. Then if it is encrypted, the hash of the data of the packet should remain the same (I think).
This seems like massivly hard work, installing all the sniffers/monitoring equipment. Although if they broke my stuff I would want to know who they were.
Another thought that arrives in my caffiene fuelled mind as I type is, what would be the legality of this? Would it be covered by wiretap laws?
Any ideas out there guys?
Edit: just reread what I wrote, I'm not sure about the whole idea of taking a hash of parts that won't be encrypted. These will probably be the same throughout many packets. Maybe some kind of pattern of flags set, and look for a pattern of packets with patterns of flags that match going to the same address? Unless they to are encrypted.
I don't know. I need to cut back on the coffe to get proper thinking done.
If everything looks perfect, then there is something you don\'t know