Professional Documents
Culture Documents
Did Anyone Get The Name of That Hacker Who PWNED Me?: Lance Cottrell
Did Anyone Get The Name of That Hacker Who PWNED Me?: Lance Cottrell
Lance Cottrell
Chief Scientist: Ntrepid / Anonymizer
Did Anyone Get the Name of That Hacker Who PWNED Me?
IP: 37.123.118.67
Lat / Long: +54 / -2 Country: UK Ping: 110ms ISP: as13213.net (AKA UK2.net) server hosting Open Ports: SSH, HTTP
Known Anonymity IPOpen Proxy / VPN PortsInappropriate / Non-consumer IPBulletproof HostHigh Latency vs. PingProtocol Leakage
Browser Fingerprints
Fingerprint may stand outUnusual OS / BrowserSystem TOO cleanSystem TOO HardenedLying in UserAgent String
Disadvantages
Cloned Each Time Too Clean or Outdated Cruft
Can Be Detected as VM
Tools can be slow and cumbersomeMay go direct for innocent activity / reconnaissanceMay forget to use itAccidentally cross the streams of personasCorrelate attacker print with all previous activity
Using a known anon IP is good Use only VPN type privacy servicesUse a VM for identity isolation and malware preventionUse a different VM
Thanks
Contact me at: Email: lance.cottrell@ntrepidcorp.com Commercial / Gov: http://ntrepidcorp.com Consumer: http://anonymizer.com Blog: http://theprivacyblog.com Twitter: @LanceCottrell LinkedIn: http://linkedin.com/in/LanceCottrell