Thanks a lot for the info on that. I was on vacation when my provider sent the abuse complaint and could not immediately react to it. There are finally some answers... Would appreciate an update if there's more knowledge about the actual attacker. Great vid as always.
I used to work for a a large IaaS/hosting provider. There's so much garbage usually automated sent to the abuse desk that thats why providers don't really do much on it. Don't use automated tools to flood abuse contacts over the smallest things. It's usually copyright complaints, network stuff (pings/scans/connects) and spam with law enforcement/data retention requests sent in. Hey FYI that $4 VPS you're paying for, we're handing over any and all info to anybody with a law enforcement letterhead they're faxing/emailing to the record request contact. That's widespread in the industry. That's why VPN ads on TH-cam make me laugh so hard
Thanks for the info big homie!!! Appreciate the video once again. Also, looking yoked bro! NO DIDDY Been working out or is it the winter 15 where thanksgiving just keeps on giving cuz im suffering from the latter myself 😂😂
Here's how I'm thinking the guy got caught: The traffic that would eventually tell the tale to investigators would be the TCP SYN packets that timed out, of which, in such a high volume there would be many. If there were enough of them, they could sort of "work backwards" to find his basic location, assuming he didn't fiddle with the TTLs. They could see where a packet was when it timed out and since some ASs are only reachable from a single path, they could get one piece of the puzzle at a time. Again, there would have to be a ton of traffic to do this but thankfully there obviously was. If the guy would have randomized the TTLs, he probably wouldn't have been caught. Another thing that could contribute to him revealling his whereabouts would be if there was something unique or non-standard in any of the TCP f(or even lower layers) fields. Some TCP stacks are by default slightly different - TCP window, TCP options etc.. Either way, I'm sure it involved a sh!t-ton of work. Hats off to the folks that did it!
Your diagram is wrong. You connect Exit to onion service. That's never how a tor connection to a onion service works. I run a node, there were some issues triggering my DDoS protection. Other than that, I didn't really experience much trouble. My node remained operative, But I had to temporarily separate the node from the rest of my network (just a simple virtual lan) to stop the flooding from the node to my other devices. - I don't know the intricacies of the whole thing, just that my firewall had blocked all my wired connected devices from being reachable. (meaning, no inbound connections were accepted)
Why do we need centralized control nodes? It could be done more on event decoupled basis where nothing knows about all the relays. Instead the relays respond to and put information about state on an event bus. If done right the IP addresses of relays may not be known with any dependably so difficult to spoof traffic from them.
ya be surprised in 2024 =) maybe not a script kiddy, but as young as a teen could to boot in his mothers basement =) =) if ya know ya know lol and ssh every hacker knows =) from what i know when the kids connect their terminals to tor thast when they get cray cray lol hahahahha look at nightmare market lol yeah it was just a kid lol SMRK lol look at vendors pretty faces one that coems to mind over here is NSWgrate
Ever read what not to send via classic mail network? Don't send cash, jewellery or other high value goods...will be stolen. This being one side of the coin.
Personal opinion -- the original use case for tor is no longer necessary because the ships can use starlink ( dod paid for low earth orbit gps replacement satellites and elon took advantage with starlink ). So, tor is a problem now and there are other opsec friendly covert networks for government communication. Get ready for tor as you know it to be relentlessly assaulted and perhaps eventually gone. This is all a personal opinion and i am a no one from nowhere.
If you want to maintain any sort of integrity you need to put out a correction video regarding the silk road. You're entire video was false. Dread Pirate Roberts was never even charged for running silk road, he got two life sentences for conspiracy to murder 8 people. It's sad that you won't like all other youtubers that get shit wrong, Then u wonder why nobody can agree on anything anymore.... it's mostly to do with youtube/redddit, etc.. how do u expect people to believe any of your videos now? whatevs. unsub.
reason.com/2018/07/25/ross-ulbrichts-murder-for-hire-charges-d/ Amplified through inaccurate and sensationalized reporting, these false murder-for-hire allegations were used to deny Ross Ulbricht’s bail, smear him in the media, and justify the life sentence he ultimately received. Ross was never tried for these allegations, which means the allegations were never ruled on by a jury and Ross was never found guilty of paying to have anyone killed. These unproven and unprosecuted accusations were eventually dismissed “with prejudice” in 2018, and therefore can never be re-filed or used against Ross again. The allegations were never proven in court and relied on anonymous chats and text files never proven to have been authored by Ross. Hard evidence and testimony-including from the lead Silk Road investigator-show that, over time, multiple people were behind the site admin’s handle (who was called Dread Pirate Roberts or “DPR” for short). Two corrupt federal investigators (sent to prison) also had unfettered access to Silk Road and were admittedly involved in numerous plots. Ross has always denied being involved with these allegations. And even Curtis Green, the only alleged victim ever identified in these allegations, has spoken out against these allegations and is a longtime, fervent supporter of Ross’s release. freeross.org/false-allegations/
One Weird trick article: delroth.net/posts/spoofed-mass-scan-abuse/ [thanks john for reminding me]
OONI Probe/test for Relay Ops: ooni.org/install/
Template for abuse complaints: gitlab.torproject.org/tpo/network-health/analysis/-/issues/85#note_3126618Dir Autorities getting abuse complaints: gitlab.torproject.org/tpo/network-health/analysis/-/issues/85
Tor Project sysadmin team: gitlab.torproject.org/tpo/tpa/team/-/issues/41840 (technical details)
Tor Relay Ops: community.torproject.org/relay/
Tor Dir. Authorities: community.torproject.org/relay/governance/policies-and-proposals/directory-authority/
GreyNoise: www.greynoise.io/
InterSecLab: www.opentech.fund/projects-we-support/supported-projects/interseclab/
Ignore abuse reports from "watchdogcyberdefense.com": seclists.org/nanog/2024/Nov/24
Thanks a lot for the info on that. I was on vacation when my provider sent the abuse complaint and could not immediately react to it. There are finally some answers... Would appreciate an update if there's more knowledge about the actual attacker.
Great vid as always.
Great setup. I love your background and lighting❤
I used to work for a a large IaaS/hosting provider. There's so much garbage usually automated sent to the abuse desk that thats why providers don't really do much on it. Don't use automated tools to flood abuse contacts over the smallest things.
It's usually copyright complaints, network stuff (pings/scans/connects) and spam with law enforcement/data retention requests sent in.
Hey FYI that $4 VPS you're paying for, we're handing over any and all info to anybody with a law enforcement letterhead they're faxing/emailing to the record request contact. That's widespread in the industry. That's why VPN ads on TH-cam make me laugh so hard
@@BangBangBang. so the only good VPN is mullvad?
Thanks for the info big homie!!!
Appreciate the video once again. Also,
looking yoked bro! NO DIDDY
Been working out or is it the winter 15 where thanksgiving just keeps on giving cuz im suffering from the latter myself 😂😂
I appreciate your angle
Oh so that's why my ISP is mad, damn
Here's how I'm thinking the guy got caught:
The traffic that would eventually tell the tale to investigators would be the TCP SYN packets that timed out, of which, in such a high volume there would be many.
If there were enough of them, they could sort of "work backwards" to find his basic location, assuming he didn't fiddle with the TTLs. They could see where a packet was when it timed out and since some ASs are only reachable from a single path, they could get one piece of the puzzle at a time. Again, there would have to be a ton of traffic to do this but thankfully there obviously was.
If the guy would have randomized the TTLs, he probably wouldn't have been caught.
Another thing that could contribute to him revealling his whereabouts would be if there was something unique or non-standard in any of the TCP f(or even lower layers) fields. Some TCP stacks are by default slightly different - TCP window, TCP options etc..
Either way, I'm sure it involved a sh!t-ton of work. Hats off to the folks that did it!
Your diagram is wrong. You connect Exit to onion service. That's never how a tor connection to a onion service works.
I run a node, there were some issues triggering my DDoS protection. Other than that, I didn't really experience much trouble.
My node remained operative, But I had to temporarily separate the node from the rest of my network (just a simple virtual lan) to stop the flooding from the node to my other devices. - I don't know the intricacies of the whole thing, just that my firewall had blocked all my wired connected devices from being reachable. (meaning, no inbound connections were accepted)
Thanks for the update, keep doing your thing
sound more like some was mapping the network or trying to i bet it was first round
Unit 8200
@@MikeJones-mf2rt 🙊🐵🙈
Interesting can u go more in-depth
@@MikeJones-mf2rtwhat is unit 8200?
Hey sam ! Can you make a step by step guide on how to be safe? From buying a laptop to being safe in the net? That would be crazy content!
I think the opsec bible has something similar to it
@ okay I’ll check that, I thought it would be really interesting to see how he set up his computer
See his Defcon talks :)
This isn’t direct advice but hypothetically in theory, make sure you run tails with Ethernet only and to have 16GB of ram to be most optimal
@@TevynSmith as well as flashing the BIOS/UEFI to CoreBoot/LibreBoot and other open source boot loaders
would it be better to just use i2p?
It has no exit to clearnet
@@stevez5134 and is significantly smaller network and older tech.
@elguero933 tbh good, dummy proof :P
Why do we need centralized control nodes? It could be done more on event decoupled basis where nothing knows about all the relays. Instead the relays respond to and put information about state on an event bus. If done right the IP addresses of relays may not be known with any dependably so difficult to spoof traffic from them.
Can you do a video explaining how to pgp encrypt a message?
I'm 46 and if I had never shaved my beard in my life, it wouldn't be half that long.
Ooofff dat leet runtime!
Your humour is the best! 😅
If you don't need to see the response you can spoof TCP messages.
Bro you should cover whatever is up with abacus market
Thanks Sam
Omfg. Your beard is Sun Microsystems "Im so valuable im alloud to live in the mountans and just think things up" worthy.
grate VHS video /me bows down ^_^ dank -bg lol
You seem like your personality is never up or down always stable, what do you attribute that to?
Lack of emotion. I'm an INTP-A and a Sigma. If I had to guess.
@@Sam_Bent you remind me of a Patrick Bateman type , but with no smiling
Great video and iam thinking that the level of complexity involved give us a clear picture who is doing that and this a not a skidz job ...
ya be surprised in 2024 =) maybe not a script kiddy, but as young as a teen could to boot in his mothers basement =) =)
if ya know ya know lol and ssh every hacker knows =)
from what i know when the kids connect their terminals to tor thast when they get cray cray lol
hahahahha look at nightmare market lol
yeah it was just a kid lol SMRK lol
look at vendors pretty faces one that coems to mind over here is NSWgrate
Ever read what not to send via classic mail network?
Don't send cash, jewellery or other high value goods...will be stolen. This being one side of the coin.
Personal opinion -- the original use case for tor is no longer necessary because the ships can use starlink ( dod paid for low earth orbit gps replacement satellites and elon took advantage with starlink ). So, tor is a problem now and there are other opsec friendly covert networks for government communication. Get ready for tor as you know it to be relentlessly assaulted and perhaps eventually gone. This is all a personal opinion and i am a no one from nowhere.
Starlink has replaced Tor? lul ok
@etziowingeler3173 no? Go read how tor came to be. The US Navy invented it.
What's crazy is it's not hard 😂
Skid
If you want to maintain any sort of integrity you need to put out a correction video regarding the silk road. You're entire video was false. Dread Pirate Roberts was never even charged for running silk road, he got two life sentences for conspiracy to murder 8 people. It's sad that you won't like all other youtubers that get shit wrong, Then u wonder why nobody can agree on anything anymore.... it's mostly to do with youtube/redddit, etc.. how do u expect people to believe any of your videos now? whatevs. unsub.
reason.com/2018/07/25/ross-ulbrichts-murder-for-hire-charges-d/
Amplified through inaccurate and sensationalized reporting, these false murder-for-hire allegations were used to deny Ross Ulbricht’s bail, smear him in the media, and justify the life sentence he ultimately received.
Ross was never tried for these allegations, which means the allegations were never ruled on by a jury and Ross was never found guilty of paying to have anyone killed. These unproven and unprosecuted accusations were eventually dismissed “with prejudice” in 2018, and therefore can never be re-filed or used against Ross again.
The allegations were never proven in court and relied on anonymous chats and text files never proven to have been authored by Ross. Hard evidence and testimony-including from the lead Silk Road investigator-show that, over time, multiple people were behind the site admin’s handle (who was called Dread Pirate Roberts or “DPR” for short). Two corrupt federal investigators (sent to prison) also had unfettered access to Silk Road and were admittedly involved in numerous plots.
Ross has always denied being involved with these allegations. And even Curtis Green, the only alleged victim ever identified in these allegations, has spoken out against these allegations and is a longtime, fervent supporter of Ross’s release.
freeross.org/false-allegations/