Saturday, 14 January 2012

Piece of Advice for using anonymous port scanning

Some pieces of advice:

1.  Nmap makes use of something that generates packets by the raw packet interface so the packets connect directly to the target, not by Tor. For example:
Doing a connect() scan (TCP) will work with Tor but using something like -sS connects directly to the target, revealing your true address.
2.  Nmap & Nessus will often ping a target so see if it is up before doing a port scan. This is usually completed by raw ICMP packet's, ICMP won't traverse the Tor network (since its not TCP) and will reveal your true address.
In the usage of socat, socks4 does client side DNS. So you resolve a target host name by DNS from your machine not by the Tor network proxies.
Hence it is impossible to leak your source IP because you tell your scanner to make use of as the target IP . Therefore, nmap / nessus has no host name to resolve, and in case you do forget to tell your scanner not to bother with ICMP pings, you will finish up pinging yourself – not the target directly.

Staying anonymous

Tor cannot solve all anonymity issues. It focuses only on defending the transport of information. You will need to make use of protocol-specific support program in case you don't require the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy and open relays while web browsing to block cookies and withhold information about your browser type ident.
Be clever. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast for web browsing, Tor does not provide protection against end-to-end timing assaults: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your selected location, they can use statistical analysis to discover that they are part of the same circuit.
The Electronic Privacy Information Centre (EPIC) lists down a comprehensive list which servers as a sampling of best available privacy enhancing tools

No comments:

Post a Comment