undefined | Better HN

0 pointsthrowmeaway22322y ago0 comments

or liquid nitrogen. https://en.wikipedia.org/wiki/Cold_boot_attack

0 comments

They're going to freeze the whole data center? It's rack after rack of machines that the traffic could have passed through, right? And if they're not logging IPs to RAM then they only have a fraction of a second to get the right one before the register is overwritten with the next user's info.

mlyle2y ago

You do need to know where to send the user's return traffic, so you'll need a table ultimately comprising mappings of network flows to end-user addresses. Of course, once the flows close you don't need to retain this information. In practice, you'll also need information about all currently-open VPN sessions.

bgm19752y ago

If the feds have physical access and considering the high likelihood that these are VMs and not physical, it would be a whole lot easier to get the hypervisor to just snapshot the VM w/ its memory and perform forensics against that file(s).

j / k navigate · click thread line to collapse

0 comments

nerdbert2y ago

mlyle2y ago

bgm19752y ago

j / k navigate · click thread line to collapse