Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after
searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald’s attacker used to cover their tracks?
A.
ISA proxy
B.
IAS proxy
C.
TOR proxy
D.
Cheops proxy
C
This is wrong, because TOR “proxies” aren’t actually proxies, they are regular computers running TOR. There’s no “owners of proxies” that you can “call” in that scenario.
I’m afraid there is no correct answer here.
TOR proxy it’s a wrong answer cause it’s no possible for companies to trace back the traffic in TOR.
Gerald would see the last hop, which is unencrypted, and can trace back the attack to the TOR exit node used. All other hops inside the tor network are encrypted (even source and destination) and TOR nodes can’t discern a specific traffic in this mesh, they only see next hop, but cant figure out if it goes to some destination or continue inside TOR
HACKER -> TOR Entry node -> TOR node ….. -> TOR node -> TOR Exit node -> VICTIM
[ Clear traffic ] [ ———— Encrypted traffic ———–] [ Clear traffic ]
It’s possible indeed to make statistical analysis to have a chance to know where a traffic come from, but it requires to have great control over internet which only NSA and others have.
http://www.torproject.org/about/overview.html.en