- Joined
- May 15, 2017
- Messages
- 982
- Likes
- 760
- Points
- 1,045
Introduction:
Imagine some Michael from the USA who wants to pay himself an iPhone. He enters the shop, sees the payment through the PP, regains the account and pays. Michael doesn’t track his self-registration, doesn’t hesitate to buy tea and other goods, he enters and pays. Michael does not need to gain the trust of the PP, to read entire threads on the forums before you buy something. So, how do we seem to be Michael, and not Boris in the eyes of the anti-fraud.
1) Ports
Imagine that you are antifraud. Sit see orders and here you want to buy a person who has 80,443,3389,22 ports open. Just looking at these ports it is already clear what this man planned. After all, Michael would not pay with dedikov, tunnels, socks, proxy /
Solution: Dedik on which we are setting up a firewall or raising a firewall on a tunnel
2) Bilateral ping and belonging to a hosting provider
Bilateral ping detects tunnels, VPN, ping and time difference obtained in a loop
Solution: in front of a tunnel, add TOR to the SOC.
Belonging to a hosting provider - well, I think it’s clear here, we don’t use tunnels, socks, VPS hosting providers, consider if the ip belongs to the hoster, then it is in black.
3) Webrtc and DNS
There is a lot of information to prevent these leaks, I won’t duplicate them 1000 times now. Just remember that you need to check and fix them
From yourself: do not use dns from Google, since your actions are logged
4) Flash
Of course we turn it on , because we have nothing to fear and we went to pay for goods from your account. In general, plug in the flash - do not arouse suspicion.
With flash, you need to be extremely careful. Downloading flashplayer to your computer (using anti-detection or anti-virus) is the same as deliberately launching a Trojan into the system. Do not forget about the language of your OS and time zone.
I recommend to check leaks via flash on browserleaks.com
5) Tab history and refer
Used by an antifraud to detect recently visited sites.
Everything is simple - no whoers and other calling pale sites.
Walking on google and facebook, mimicking Michael's behavior.
Refer - determines which site we came from, so we move like all people from Google.
6) Tab name
- In short, using this parameter, the antifraud sees all open tabs in your browser in real time.
7) Audio imprint
https://audiofingerprint.openwpm.com/ - I
checked the test on the main OS and on the virtual machine with anti-detection - the prints are the same. I have not tested on Dedik yet, check on Dedik and write off.
Imprint audio can hurt you very much in 2 cases:
1. Deanonymization.
Imagine that you go to the PP site and take your fingerprint audio. Further, after a successful business, you turn off the virtual and go to youtube or google, even worse if in the social network and all these sites you also have an imprint of audio. Deanonimization will look something like this: “20:00 imprint 2a3b4c5e went to PP under ip 192.168.0.1, 20:30 imprint 2a3b4c5e went to youtube under ip 192.168.1.100 (That ip from which you came out on youtube)”
2. PP or other sites on this fingerprint they can see that you already had them.
Solution: see the last Vector webinar for the substitution of this parameter.
8) Uptime and Os fingerprint
Uptime is the time that your online vpn, socks, tunnel is online.
You must admit it is strange that Michael’s computer has been working without rebooting for half a year already.
Solution: go to the console of the tunnel and write a reboot
OS fingerprint - in simple language, each OS has different packages. That is, when you use the tunnel over Windows, it turns out that you have packages from Linux and the user is a Windows agent
Solution: use Dedik or raise openvpn server and write in the server and client configuration line mssfix 0.
Imagine some Michael from the USA who wants to pay himself an iPhone. He enters the shop, sees the payment through the PP, regains the account and pays. Michael doesn’t track his self-registration, doesn’t hesitate to buy tea and other goods, he enters and pays. Michael does not need to gain the trust of the PP, to read entire threads on the forums before you buy something. So, how do we seem to be Michael, and not Boris in the eyes of the anti-fraud.
1) Ports
Imagine that you are antifraud. Sit see orders and here you want to buy a person who has 80,443,3389,22 ports open. Just looking at these ports it is already clear what this man planned. After all, Michael would not pay with dedikov, tunnels, socks, proxy /
Solution: Dedik on which we are setting up a firewall or raising a firewall on a tunnel
2) Bilateral ping and belonging to a hosting provider
Bilateral ping detects tunnels, VPN, ping and time difference obtained in a loop
Solution: in front of a tunnel, add TOR to the SOC.
Belonging to a hosting provider - well, I think it’s clear here, we don’t use tunnels, socks, VPS hosting providers, consider if the ip belongs to the hoster, then it is in black.
3) Webrtc and DNS
There is a lot of information to prevent these leaks, I won’t duplicate them 1000 times now. Just remember that you need to check and fix them
From yourself: do not use dns from Google, since your actions are logged
4) Flash
Of course we turn it on , because we have nothing to fear and we went to pay for goods from your account. In general, plug in the flash - do not arouse suspicion.
With flash, you need to be extremely careful. Downloading flashplayer to your computer (using anti-detection or anti-virus) is the same as deliberately launching a Trojan into the system. Do not forget about the language of your OS and time zone.
I recommend to check leaks via flash on browserleaks.com
5) Tab history and refer
Used by an antifraud to detect recently visited sites.
Everything is simple - no whoers and other calling pale sites.
Walking on google and facebook, mimicking Michael's behavior.
Refer - determines which site we came from, so we move like all people from Google.
6) Tab name
- In short, using this parameter, the antifraud sees all open tabs in your browser in real time.
7) Audio imprint
https://audiofingerprint.openwpm.com/ - I
checked the test on the main OS and on the virtual machine with anti-detection - the prints are the same. I have not tested on Dedik yet, check on Dedik and write off.
Imprint audio can hurt you very much in 2 cases:
1. Deanonymization.
Imagine that you go to the PP site and take your fingerprint audio. Further, after a successful business, you turn off the virtual and go to youtube or google, even worse if in the social network and all these sites you also have an imprint of audio. Deanonimization will look something like this: “20:00 imprint 2a3b4c5e went to PP under ip 192.168.0.1, 20:30 imprint 2a3b4c5e went to youtube under ip 192.168.1.100 (That ip from which you came out on youtube)”
2. PP or other sites on this fingerprint they can see that you already had them.
Solution: see the last Vector webinar for the substitution of this parameter.
8) Uptime and Os fingerprint
Uptime is the time that your online vpn, socks, tunnel is online.
You must admit it is strange that Michael’s computer has been working without rebooting for half a year already.
Solution: go to the console of the tunnel and write a reboot
OS fingerprint - in simple language, each OS has different packages. That is, when you use the tunnel over Windows, it turns out that you have packages from Linux and the user is a Windows agent
Solution: use Dedik or raise openvpn server and write in the server and client configuration line mssfix 0.