The SIPSA protocol — real anonymity

From 33C3_Public_Wiki
Jump to: navigation, search
Description I have devised a technology that allows to hide both source and destination addresses in IP packets on the network level and I'd like to share it with you. This lightning talk gives a brief intro to the technology.

Source IP spoofing for anonymization over UDP (SIPSA) is a proposal for a protocol that in many network environments would allow two hosts on the network to hide both their source and destination addresses, while still being able to communicate information. A proof of concept tool that allows testing SIPSA is freely and publicly available on github.

Tags anonymity, ip, sipsa
Person organizing Kirils
Language en - English
en - English
Duration 5
Desired session Day 2
Desired timeframe begin


Here's a concise introduction on the operating principles of SIPSA.

BCP38 while more than 16 years old, is (thankfully) not uniformly implemented. There have been lots of talk over the years on why ingress filtering is good and how lack of it can be used for evil. The author however proposes that lack of ingress filtering is used for good.

UDP is a Layer4 connectionless best-effort protocol that most commonly goes on top of IP. You do not need a real source IP address to be able to talk UDP one-way. This field is completely arbitrary already.

It is different with the destination address. Routers need it to be able to deliver your message. The solution here is provided by a steady increase of internet speeds over time: just send ten, twenty or a hundred copies of the packet with a random destination addresses. Make sure that the real receiver reacts as if the port is closed and you've got yourself (90%, 95%, or 99% respectively) anonymity and full deniability too! Other protocols (e.g. TCP or Tor) can be of course tunnelled on top of UDP.

Just don't forget to handle some sort of identity management in the top layers and that's the recipe for SIPSA.