The Real ThreatTOR : The Truly Anonymous

LuC1F3RLuC1F3R

Information Security ConsultantPenetration Tester

Security Researcher

ACIS Professional CenterACIS Professional Center

Outline

- Introduction to Tor Network- How to Bypass ISP’s Blacklist- How to Tor Work- How to Detect Tor- Tor VS. Proxy- Anonymity with Tor- DEMO

Introduction Tor Network

- Anonymous Proxies- Hide the real IP Address (Http_x_forwarded_for Header don’t sent)

- Can’t Detect the real source address- Bypass ISP’s Blacklist

ISP’s Blacklist

User

Web site

Internet

ISP’s Blacklist (Cont)

User

Blacklist

www.xxx.com

………

………

Equipments

Your website was block by ISP

Web site (www.xxx.com)

Bypass ISP’s Blacklist By Tor

User

Blacklist

www.xxx.com

………

………

Web site (www.xxx.com)

…....

How to Tor work: 1

Tor node

Unencrypted link

Encrypted link

John

Smith

David

Mary

How to Tor work: 2

Tor node

Unencrypted link

Encrypted link

John

Smith

David

Mary

How to Tor work: 3

Tor node

Unencrypted link

Encrypted link

John

Smith

David

Mary

Tor Map

How to Detect Tor

How to Detect Tor

IP: 203.144.143.2X: 58.8.14.224

How to Detect Tor

IP: 192.251.226.205X: -

Tor vs. Proxy

SSLSSL

Internet

PolicyPolicy SSLSSL

InternalNetwork

User

Apps

SSL Provides a Private Link for Legitimate Apps,Plus Malware, Confidential Info, Unsanctioned Traffic, Non-SSL Traffic

See SSL traffic Control SSL traffic

Detect and Prevent threats How users are being impacted

Ensure a “trusted” Web session Apply effective Web traffic policies

Determine if bandwidth is adequate Provide useful reports to management

Anonymous Proxies in Browser

Checking Source Address

CH-ChinaISP CHINANET

The Real Address

DEMO