Identifying the true IP/Network identity of I2P service hosts
- Type
- Paper
- Tags
- privacy
- Authors
- Adrian Crenshaw
- Event
- Black Hat DC 2011
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-dc-11/Crenshaw/BlackHat_DC_2011_Crenshaw_Identifying_the_true_IP-wp.pdf
- File name
- BlackHat_DC_2011_Crenshaw_Identifying_the_true_IP-wp.pdf
- File size
- 749.8 KB
- MD5
- 77cf4a90942dc4981317940560cd98dd
- SHA1
- da76f8c466383331ee9d900824c43c49f2a82218
This paper will present research into services hosted internally on the I2P anonymity network, especially I2P hosted websites known as eepSites, and how the true identity of the Internet host providing the service may be identified via information leaks on the application layer. By knowing the identity of the Internet host providing the service, the anonymity set of the person or group that administrates the service can be greatly reduced. The core aim of this paper will be to test the anonymity provided by I2P for hosting eepSites, focusing primarily on the application layer and mistakes administrators and developers may make that could expose a service provider’s identity or reduce the anonymity set they are part of. We will show attacks based on the intersection of I2P users hosting eepSites on public IPs with virtual hosting, the use of common web application vulnerabilities to reveal the IP of an eepSite, as well as general information that can be collected concerning the nodes participating in the I2P anonymity network.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
