Even with the dynamic IP method such as pppoe dial-up, the binding relationship between the IP and the home port will be recorded. As long as there is enough energy or willingness to spend money, there is no problem in positioning accurately to the door. This is established on the j side or Telecom operator level data.
=========================================================================================
Even if there is no such data, the mobile phone will collect a lot of personal information, including your network status and GPS. If you have ordered takeout or purchased online, it will be more detailed.
Otherwise, how do you think advertisements and recommendations are so detailed? What you read today, what you bought, and where you sent it will all become part of big data.
Many companies have this data, but do not protect it properly, causing it to be broken into by hackers, stolen by employees, and even sold for profit themselves, resulting in the proliferation of illegal products.
Earlier, there was "telecom operator employees selling user information and spawning a black industry chain."
Depending on the situation, call the police in time, or take correct and effective measures to protect yourself.
I see some people smugly saying that they know some tricks, which are nothing more than VPN, proxy, and Tor. Is using a proxy necessarily safe?
For example, a student from a certain school previously cracked the weak password of the teacher's email and stole the test papers, and was caught soon after.
Ip1 student, Ip2 proxy server, Ip3 mail server.
The data traffic is IP1->IP2->IP3, so the mail server can only record the proxy server address IP2.
If IP2 is within the country, the IDC computer room or cloud platform will have logs, call the police, and a letter of assistance to know your real IP.
But in this example, the proxy server is overseas. So the network center retrieved the school logs and found that a few seconds before IP2 connected to IP3, the school IP1 had connected to IP2. There was no need to decrypt what you sent. Now IP1 is the target of suspicion. Directly locate the dormitory network port of IP1. The campus network account who logged in at that time was a wireless router. We called 12 people in the three dormitories within the signal coverage area and asked them one by one. The school affairs office soon found out. As long as you are included in the suspicion, as long as the scope is narrowed, it will be easy to find out.
Some people will ask, what if I have dual agents? What if my proxy entrance and exit are inconsistent? What if my proxy has multiple outlets?
In fact, the method is similar. For you, the cost increases. For the reviewer, as long as you use it frequently, you can still analyze the IP correspondence through the timing relationship between requests.
Others say that if I use an online shopping agent and many people share one, then I can be hidden among many other users and it will not be so easy to check.
That's too naive. What kind of payment did you use to buy an agent? Alipay? WeChat? bank card? As long as you use RMB, the builders of these agents need to have domestic information. Do you believe that the builders of these agents will not keep logs? What about the cloud server operator they use to build their proxy? The operator doesn't keep logs either?
Let’s talk about Tor. First of all, Tor is organized and managed. The intermediate nodes used to forward traffic layer by layer are voluntarily contributed by everyone, and there are only about a few thousand online for a long time. For a powerful censor, I build thousands of nodes myself to enter the Tor network, so that most of your traffic from entrance to exit passes through the nodes I control. Are you afraid that I won't be able to audit you?
The premise of Tor security is that censors cannot have too many nodes in the network, and this assumption is easily broken, which is the so-called witch attack.
Not to mention attacks targeting browser vulnerabilities. The FBI has used this method to successfully locate Tor users and host onion domain name websites.
When you use a technology, it is best to have an in-depth understanding of the technology, its principles, capabilities and limitations, instead of being superstitious about a few sentences in the introduction. If a few sentences can explain all the details, this thing is probably HelloWorld.
`How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.