Explanation of Chain Tunneling
By darkblink
@darkblink (43)
Philippines
November 1, 2010 12:52pm CST
First of all, I owe my mentor for teaching me some cool tricks in order to stay anonymous in the internet way back when I was still doing some bad things in the internet.
What is chain tunneling? Chain tunneling is when you tunnel your IP address to many hops or tunneling your legitimate IP address to a series of busyboxes. I'll not be teaching you how to do it but I'll explain you what it is.
Do you know why website defacers are still not caught these days? It's because they resolved their lapses by tunneling to IP addresses three times or more. The more different hops you make your data jump, the more it will be difficult to trace back and you will be giving those tracers a headache(lol). Take this route for example:
you - socks 1 - socks 2 - socks 3 - target
Now, people who want to trace you would try to contact x persons to ask them for logs, chances are if one of them didn't log or if they log; the IP seen by each host or socks is the ip of the previous host or socks in the chain. These is how they do it and this is why there are still big guys out there.
2 responses
@djbtol (5493)
• United States
2 Nov 10
Thanks for explaining that. Sometimes I would like to be anonymous, but this level seems like it might be over the top.
Do you still use Chain Tunneling, and if so, why?
@AgentDas (97)
• India
1 Nov 10
In OpenSSH, I use this setup when I need tunnels. This allows me to directly type sftp server3 without having to worry about manually starting the server2 and server1 tunnels first.
# ~/.ssh/config
# to connect to server2, tunnel through server1
Host server2
ProxyCommand ssh server1 nc %h %p
# to connect to server3, tunnel through server2
Host server3
ProxyCommand ssh server2 nc %h %p
To be more complete, I usually use ssh -oCiphers=arcfour128,arcfour256,arcfour,blowfish-cbc -oControlMaster=no -oForwardX11=no -oForwardAgent=no -oPermitLocalCommand=no -oClearAllForwardings=yes server1 nc %h %p as the ProxyCommand.
The ssh connection being tunneled is already encrypted, so there's no point in using the heavier aes/3des for the outer layer; arcfour and blowfish are faster.
The rest of the -o**** settings are out of paranoia, so that nothing breaks even if a Host server1 stanza with really odd settings is added to ssh_config.
Similarly, you can configure PuTTY to use the proxy command plink -P %proxyport -pw %pass %user@%proxyhost nc %host %port, and set the proxy hostname/port/user/password in the Connection/Proxy configuration pane accordingly. plink and the rest of the PuTTY suite (pscp, psftp, etc.) load anything saved in PuTTY's graphical configuration; hopefully WinSCP does too. (I don't use it, so I'm not too familiar with its features.)
@darkblink (43)
• Philippines
2 Nov 10
In puTTy, I use a different method because I use a busybox IP and in the ssh tab, I configure it with 3 ports.