Cyber Crime and Cyber Terrorism

Download 5,67 Mb.

Pdf ko'rish

bet	80/283
Sana	19.05.2022
Hajmi	5,67 Mb.
	#604880

1 ... 76 77 78 79 80 81 82 83 ... 283

Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

ANONYMIZING PROXY RELAY SERVICES

73

Anonymizing proxy relay services
the most notable being the use of IP spoofing and anonymizing proxy relay services.
These are discussed in the following.
IP SPOOFING
IP spoofing is a process whereby a malicious hacker manually crafts data packets
with a false source IP address. This not only hides their true IP address but also al-
lows them to impersonate another system. The limitation is that it cannot be used in
an attack which relies on a return communication from the victim to the attacker, for
example, to take control of or view data from, the victim’s machine. As a result it is a
popular attack method for denial of service attacks which render a system inoperable
by either overwhelming the system with a large quantity of packets, or by specifically
crafting a packet which causes the service to terminate.
ANONYMIZING PROXY RELAY SERVICES
Anonymizing proxy relay services, such as
Tor (2014)
, offer privacy and anonym-
ity of origination. This is achieved by a using encryption and a relaying algorithm
respectively. The Tor algorithm selects a random path from the source to destination
via specific network nodes that have chosen by a supporting community to form part
of the relay service. The connections between these nodes are encrypted in such a
way that each node only has the IP address of the nodes it is immediately connected
to. While the communication between the exit node and the final destination is not
encrypted the original source IP address is still guarded behind multiple layers of en-
cryption, one for each node. The final destination will only be aware of the IP address
of the exit or final node used by the service, not the originating host of the message.
This means if the logs of a server which has been compromised are examined; they
will not reveal the details of an attacker using Tor, but rather the exit node of the Tor
relay.
While proxy relay services such as Tor offer malicious hackers anti-surveillance
and anonymity of origination, they also carry some drawbacks. Firstly they are slower
than using the Internet conventionally; this is due to the additional nodes traversed
(three in the case of Tor). These nodes can be in different countries and of poor qual-
ity and thus both the route and throughput becomes suboptimal. Second they can be
difficult to configure, this is especially true if connectivity is not required through a
web browser, as is the case with Internet Relay Chat (IRC), which although becoming
less popular with the general public continues to remain a communication channel for
malicious hackers. Lastly, they rely on the malicious party remembering to engage the
service before each and every malicious operation, they only to need to forget on one
occasion for their identity to be compromised. This is widely believed to have been
the principal method by which Hector Xavier Monsegur, otherwise known as Sabu,
from the hacking fraternity LulzSec was identified in 2011. He allegedly logged into

Download 5,67 Mb.

Do'stlaringiz bilan baham:

1 ... 76 77 78 79 80 81 82 83 ... 283