Fingerprint Tor or Government Anonymized Network

How To  Fingerprint Anonymized Network visiting your website

gAtO hAs – been learning about the Tor-.onion network and one thing I wanted to understand was how China, Iran and Syria block the Onion-Router (OR). / Fingerprint Profile – I have read in the Tor wiki about the Tor signal simulating a Skypes fingerprint to hide in the clutter of the web. So how do I figure this out? Ok with WireShark I can capture the packets and check out the signature and fingerprint of a Tor anoymized network. This is one way.

Another way – just check out your website statistics and look for anyone that visited your site that does not have a country code.  From  observation of my site uscyberlabs.com I have found a pattern lately most “no country flag” indicates a Tor OR or a private – Anonymized Network. Not all of them are Tor so some of the others are the most interesting because they are anonymized but not Tor, I2P maybe, government networks –mAyBe -sI -nO gAtO is a gAtO let’s check this out

I have a few SEO packages on my site to check out the back-end statistics of the site. This give you information about your web visitor like the referal of the site that you came from, The OS, the platform and the Country were you came from, your geo-Location. One of the things that Tor does for you is prevent people from knowing your IP / geo-location. So guess what??? people have been visiting my site using not just Tor-networks – c00l b3ans, but so what else can I find out about these other  non-Tor relay— so I started digging around and this is what I found about some of these exit-relays… gAtO wArNiNg – I have to hold back some information about governments anonymized networks due to privacy and vulnerabilities possibilities.

A fingerprint of NO COUNTRY FLAGS – on my logs show’s Tor Exit-Relay type anonymized network according to the Visitor statistics: Figure 1(below) a snapshot of my log from ExtremeTracking.com –//  You noticed the ip or names of referred site with no country flags. Example: 217.79.231.13 for-exit0-readme.dfi.se – tor21.anonymizer.ccc.de – and a few more —

 

I decide to –Trust but Verifythe security Dude’s secret mottomEoW

I went to the command line:

curl tor21.anonymizer.ccc.de   – it came back with information that this exit-relay come’s from the Tor-Project personal relays- and it’s private-relay because I checked it against and guess what it’s hosted by there dear friends Chaos Computer Club – that brings back the “way-back machine” to the old day of real hacking but these are the guy’s from Germany and they are good friends of the Tor project, so this is a trusted Tor exit relay for the Tor project..// interesting // they were reading my “recon the deep web article

curl tor21.anonymizer.ccc.de

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-<ol>

<li><a href=”https://www.torproject.org/overview.html“>Tor Overview</a></li>

<li><a href=”https://www.torproject.org/faq-abuse.html“>Tor Abuse FAQ</a></li>

<li><a href=”https://www.torproject.org/eff/tor-legal-faq.html“>Tor Legal FAQ</a></li>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-</ol>

IP – 31.172.30.4 – All (Onion Router) OR from Chaos seem to be – OS window 7

27 Jun, Wed, 14:02:33 tor21.anonymizer.ccc.de uscyberlabs.com/blog/2012/02/05/recon-deep-web/

 

 I found out all 3 Tor OR-relays had this signature – No Flag Fingerprint = TOR/i2p = secure traffic/anoymized  traffic-

***  –Trust but Verify –/ What caught my attention in the log was  141.101.70.66it is owned by nLayer Communication    — Who is nLayer they provides Internet connectivity solutions. The company provides IP transit, data transportation, and managed networking services to governments agencies. CIA, FBI, NSA any alphabet soup agency that you want from the .gov folks.

How did we get from 141.101.70.66 to nLayer: a traceroute- command

[2] traceroute to 141.101.70.66 (141.101.70.66), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  11.513 ms  10.851 ms  8.521 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  10.120 ms  11.272 ms  7.912 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  11.896 ms  9.496 ms  12.044 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  10.429 ms  13.194 ms  11.063 ms

5  nyrkbprj01-ae2.0.rd.ny.cox.net (68.1.1.173)  18.038 ms  15.177 ms  14.140 ms

6  ae0-50g.cr1.nyc3.us.nlayer.net (69.31.95.193)  16.279 ms  17.128 ms  17.859 ms

7  xe-7-3-0.cr1.lhr1.uk.nlayer.net (69.22.142.133)  87.076 ms  83.085 ms  82.096 ms

8  ae1-70g.ar1.lhr1.uk.nlayer.net (69.22.139.63)  83.856 ms  84.420 ms  85.732 ms

as13335.xe-4-0-6.ar1.lhr1.uk.nlayer.net (63.141.223.42)  82.774 ms  102.143 ms  82.082 ms

10  141.101.70.66 (141.101.70.66)  83.317 ms  83.772 ms  82.424 ms

And of course this all goes thru some dummy corporate stuff to fool anyone // if you dig a little // I guess Global Telecom & Technology, Inc. (“GTT”), (OTCBB: GTLT.OB – // – have you seen their stock almost double since the US government stepped up it’s cyber position- good cyber investment I guess–// ), a global network operator providing managed data services to large enterprise, government and carrier customers in over 80 countries worldwide, today announced the acquisition of privately-held, Chicago-based nLayer Communications, Inc. –government and carrier customers/ government and carrier customers / government and carrier customers…//

…—…

So gaTo what does all this mean / a simple website statistics can help you see your anonymized visitors — No Flag Fingerprint = TOR/i2p = secure traffic/anoymized  traffic- / or it could be from a government site -knock, knock, knocking at your website door- also or business spying your site, your information. gAtO think it’s a waste of time because gAtO is wasted most of the time when he writes this stuff- RI MMP program, life sucks big time.

Besides the Tor or I2P  traffic// the pattern in the fingerprint that show no country flag: — secure traffic/anoymized — this is open source software that governments have modified for their own skunk work… Governments have taken the 3rd level Tor-Onion routing (code) and has their own similar network, but under the hood is the same core code – “ no Flag” show’s root code flaw, So any webmaster that has a website can find Tor like Exit-Relays or govs, watching you watching them –

: As long as the visitor is visiting from inside the matrix of a anoymized network they must use and Exit-Node-no country flag GOTCHA—gATO ouT

by the way Chaos Computer Club 31.172.30.4 nice Tor- exit-node

 

gAtOmAlO lAb nOtEs –=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

traceroute 31.172.30.4

traceroute to 31.172.30.4 (31.172.30.4), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  46.027 ms  12.175 ms  9.976 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  15.444 ms  11.472 ms  10.996 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  10.043 ms  9.272 ms  10.127 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  9.597 ms  9.633 ms  16.782 ms

5  68.1.4.133 (68.1.4.133)  21.272 ms  22.538 ms  21.357 ms

6  ae-6.r21.asbnva02.us.bb.gin.ntt.net (129.250.3.113)  42.541 ms  50.629 ms  61.680 ms

7  ae-2.r23.amstnl02.nl.bb.gin.ntt.net (129.250.2.145)  133.403 ms  162.975 ms  137.493 ms

8  ae-2.r02.amstnl02.nl.bb.gin.ntt.net (129.250.2.159)  136.255 ms  128.778 ms  133.927 ms

9  xe-4-1.r02.dsdfge01.de.bb.gin.ntt.net (129.250.2.65)  142.335 ms  142.499 ms  141.396 ms

10  xe-3-4.r00.dsdfge02.de.bb.gin.ntt.net (129.250.5.173)  133.058 ms  128.793 ms *

11  213.198.77.122 (213.198.77.122)  132.148 ms  136.187 ms  132.329 ms

12  tor21.anonymizer.ccc.de (31.172.30.4)  123.563 ms  130.866 ms  121.906 ms —

 

traceroute 199.48.147.35

traceroute to 199.48.147.35 (199.48.147.35), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  1842.973 ms  9.712 ms  10.324 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  9.961 ms  10.751 ms  10.437 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  12.393 ms  10.226 ms  9.773 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  19.731 ms  9.270 ms  18.419 ms

5  nyrkbprj01-ae2.0.rd.ny.cox.net (68.1.1.173)  15.479 ms  15.045 ms  16.067 ms

6  ae0-50g.cr1.nyc3.us.nlayer.net (69.31.95.193)  15.114 ms  22.195 ms  16.909 ms

7  ae2-70g.cr1.ewr1.us.nlayer.net (69.31.95.145)  16.976 ms  28.552 ms  15.767 ms

8  xe-3-1-0.cr1.sjc1.us.nlayer.net (69.22.142.137)  90.901 ms  104.251 ms  90.386 ms

9  ae1-40g.ar2.sjc1.us.nlayer.net (69.22.143.118)  97.274 ms  91.747 ms  92.165 ms

10  as18779.xe-4-0-4.ar2.sjc1.us.nlayer.net (69.22.153.94)  91.277 ms  104.404 ms  100.544 ms

11  gw-ao.sjc01.appliedops.net (173.245.68.18)  98.566 ms  92.947 ms  91.660 ms

12  tor-exit-router35-readme.formlessnetworking.net (199.48.147.35)  93.154 ms  92.201 ms  92.769 ms

 

 traceroute 217.79.231.13

traceroute to 217.79.231.13 (217.79.231.13), 64 hops max, 52 byte packets

1  10.2.120.1 (10.2.120.1)  19.522 ms  35.384 ms  9.940 ms

2  wwcksysc01-gex0103000.ri.ri.cox.net (68.9.8.13)  12.016 ms  11.162 ms  9.829 ms

3  ip98-190-33-21.ri.ri.cox.net (98.190.33.21)  13.815 ms  8.970 ms  9.637 ms

4  provdsrj01-ae3.0.rd.ri.cox.net (98.190.33.20)  11.118 ms  11.123 ms  9.964 ms

5  68.1.4.133 (68.1.4.133)  20.776 ms  20.920 ms  61.446 ms

6  ttc.tenge11-1.br02.ldn01.pccwbtn.net (63.218.54.38)  95.216 ms  107.984 ms  94.783 ms

7  217.150.59.202 (217.150.59.202)  149.863 ms  149.865 ms  149.539 ms

8  vl554-gvrn-sr1.msk1.net.lancronix.ru (217.79.224.67)  158.159 ms  165.395 ms  157.553 ms

217.79.231.13 (217.79.231.13)  157.467 ms  157.215 ms  166.376 ms

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: