Upload
prathan-phongthiproek
View
897
Download
6
Embed Size (px)
Citation preview
The Real ThreatTOR : The Truly Anonymous
LuC1F3RLuC1F3R
Information Security ConsultantPenetration Tester
Security Researcher
ACIS Professional CenterACIS Professional Center
Outline
- Introduction to Tor Network- How to Bypass ISP’s Blacklist- How to Tor Work- How to Detect Tor- Tor VS. Proxy- Anonymity with Tor- DEMO
Introduction Tor Network
- Anonymous Proxies- Hide the real IP Address (Http_x_forwarded_for Header don’t sent)
- Can’t Detect the real source address- Bypass ISP’s Blacklist
ISP’s Blacklist
User
Web site
Internet
ISP’s Blacklist (Cont)
User
Blacklist
www.xxx.com
………
………
Equipments
Your website was block by ISP
Web site (www.xxx.com)
Bypass ISP’s Blacklist By Tor
User
Blacklist
www.xxx.com
………
………
Web site (www.xxx.com)
…....
How to Tor work: 1
Tor node
Unencrypted link
Encrypted link
John
Smith
David
Mary
How to Tor work: 2
Tor node
Unencrypted link
Encrypted link
John
Smith
David
Mary
How to Tor work: 3
Tor node
Unencrypted link
Encrypted link
John
Smith
David
Mary
Tor Map
How to Detect Tor
How to Detect Tor
IP: 203.144.143.2X: 58.8.14.224
How to Detect Tor
IP: 192.251.226.205X: -
Tor vs. Proxy
SSLSSL
Internet
PolicyPolicy SSLSSL
InternalNetwork
User
Apps
SSL Provides a Private Link for Legitimate Apps,Plus Malware, Confidential Info, Unsanctioned Traffic, Non-SSL Traffic
See SSL traffic Control SSL traffic
Detect and Prevent threats How users are being impacted
Ensure a “trusted” Web session Apply effective Web traffic policies
Determine if bandwidth is adequate Provide useful reports to management
Anonymous Proxies in Browser
Checking Source Address
CH-ChinaISP CHINANET
The Real Address
DEMO