Upload
elsa-cristina-david
View
217
Download
0
Embed Size (px)
Citation preview
7/27/2019 Ssh Escape NSA VPN Detection
http://slidepdf.com/reader/full/ssh-escape-nsa-vpn-detection 1/2
ssh -N -L 6000:localhost:4000 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
The NSA TCP/IP traffic analysis program primarly focuses on the traffic analysis of WAN ATM
(Asynchronous Transfer Mode) cell header and payload data at IXPs (Internet Exchange
Points) globally that employ Cisco Systems routing equipment.
Concerned persons should implement the following:
1. If possible, ensure that your network routing equipment’s’ ATM switched virtual
connections and permanent virtual connections are disabled; AND
2. Tunnel your TCP/IP connections over a new SSH2 session for each and every new WAN
TCP/IP routed connection (for EVERY transmission to any WAN address); AND
3. Create transmission latency for each of your new WAN SSH2-enabled TCP/IP routed
connections through a modified SSH login command such as:
ssh -N -L 6000:localhost:4000 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
7/27/2019 Ssh Escape NSA VPN Detection
http://slidepdf.com/reader/full/ssh-escape-nsa-vpn-detection 2/2
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User
1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
Note that localhost is on port 6000 and remote web host proxy is on port 4000; username is User
(if using SSH user authentication); and remote SSH server IP is 1.2.3.4; transmission latency is
created with multiples of -l User 1.2.3.4.
More to follow on creating transmission latency when using remote port forwarding through
OpenVPN.
If your server traffic is a specific collection target of NSA/Level 3 Communications Regional
Security Center (NSA/CSS Georgia) at Fort Gordon Georgia USA or of one of NSA’s non-US
affiliates, flagging of sniffed IXP traffic for subsequent analysis can only be triggered by your
server’s SECOND or subsequent routing connection to one or more WAN addresses.
Perhaps surprisingly, if your server’s traffic is a collection target, your users’ use of the above SSH
transmission latency will also actually increase users’ upload and download speeds during SSH2sessions.