INTERNET SECURITY
FAQ's: Proxies and Firewalls:
What is proxy ?
A Proxy is simply a server to connect a users to a network. Usually it connects to another network (for example, the Internet) from a local network or a part of it, for example a company. Due to the architecture (the way the things are made) of the Internet, these servers can be very useful, contributing security, speed and privacy to those people who wish to enjoy the Internet without resigning their "privacy". A proxy server is a kind of buffer between your computer and the Internet resources you are accessing (e.g. Web sites or FTP archives). The data you request comes to the proxy first, and only then it transmits the data to you.
It is also like a cache for the information you and all other users have requested. Since it caches the information on the local disk, download time will be reduced because the latency on the oversea link is not there anymore.
In an enterprise that uses the Internet, a proxy server acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server, looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.
To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)
An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.
The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.
How does a proxy work?
When your proxies enabled in your web browser, and object requested is already in the proxy server's cache, then the proxy server returns the page (obviously considerably quicker, because it is closer) otherwise, the proxy server fetches the page, caches it, and gives it to you.
Request
your computer --> proxy server [ --> the Internet --> www.yahoo.com]
Response
[ www.yahoo.com --> the Internet --> ] proxy server --> your computer
The actions in bold will occur every time. The actions in italics will occur if the object is not already in the proxy server's cache.
Do I need one? Will it benefit us as a user ? What is the use of proxy servers?
check junkbuster.com-show-headers (http://internet.junkbuster.com/cgi-bin/show-http-headers)
You'd should be knowing that each computer on the Internet is marked with its own special address. You have probably deduced, that the IP points directly to us. That is, if we are the bad guy on the computer, it is possible to locate us, because a specific IP at a specific time is connected to a single person or machine.
And not only when we are the bad guy can we have problems. Whenever we are connected with another computer (for example a Yahoo page), the other computer registers our IP and what we have done inside, the pages we have watched, the files we have taken, etc. Some sites even deny us access ("you do not have permission...") to certain pages because we are not from the server's country (the single IP number does not say anything, but in conjunction with the DNS or "Domain name system" it indicates the country and the company).
Here is where the proxy comes in. We have said that these computers connect several people or machines to the network; that is, that several machines have the same IP facing the outer world, although for the proxy each computer continues to have its own unique IP. What happens if we connect to a server using one of these proxies? The target server will believe that the downloader was the proxy and not us, with the proxy acting like a shield. For example, say our IP is 195.104.193.192 and we want to get some photos of Pamela Anderson from a site, but we do not want anyone to know that we have seen those pictures. It's very simple. We say to the proxy (if the proxy admits calls from the outside), "Please make a call to the computer X and request the photos from him." If the IP of the proxy is 109.109.100.100, in the computer which contains the photos, the lurker IP will be 109.109.100.100 and not 195.104.193.192. Appears very hard? It is not. All (or almost all) browsers, like Netscape, Opera or Internet Explorer, allow us to indicate a proxy for our connections, correctly configuring our browser. We will surf as always but the navigator gets the pages or files through the proxy.
But the proxy does not serve only for that. Imagine that you want to download a file from Japan, but your connection is very slow and you die waiting for it, but when you try to get one page from America or Europe the speed is superior. Ok, you will try to find a proxy with a good connection between the target and you, and request the files through the proxy. Sometimes this system greatly accelerates the speed of downloading, although at other times it does the opposite. That's all there is to it. Unfortunately, proxies are only available for HTTP, FTP, but there is also a trick way to use SOCK proxies for NTTP.
Usually, proxy servers are used to increase the effective speed of your connection to the Internet, because they save files that are requested most often in a special database called "cache". The cache of a proxy server is generally huge in its capacity, and contains not only the requests made by you, but also the files that have been requested by hundreds, if not thousands, of other Internet users. As a result, the information you need may already be present in cache by the time of your request, making it possible for the proxy to deliver it immediately. The overall increase in performance may be very high.
Besides that, proxy servers can help in cases when, for example, the owners of the Internet resource impose some restrictions on users from certain countries or geographic regions.
What is an anonymous proxy server?
Any web site in the world can track your movements through its pages and monitor your reading interests using your IP address, a unique ID assigned to each computer on the Internet. Depending on the policies of the Internet resource, you might not be able to get access to the information you need. Also, your visit can be registered and used later to gather some personal information about you.
It is widely agreed that governments and organizations publish dummy websites on controversial topics for the purpose of monitoring interested parties. Also, this information, in combination with your e-mail address, can be used to increase the number of targeted advertisements fired at you by the marketers.
Using only your IP address and the information about your operating system, a Web site can automatically exploit security holes in your system using some not-very-complex, ready-made, free hacking programs. Some of such programs may just hang your machine, making you reboot it, but other, more powerful ones, can get access to the content of your hard drive or RAM. The anonymous proxy prevents this by hiding your IP address so that no one can access your computer via the network. In most cases, however, proxies do inform the target server about the address of the computer that made the request, transmitting your IP-address in different forms.
Anonymous (real anonymous!) proxy servers don't transfer the information about the IP-address of the client, and thus effectively hide the information about you and your surfing interests. Besides that, some proxy servers can also hide the very fact that you are surfing through a proxy server! Anonymous proxies can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc
Is the "anonymous proxy" I came across on the Internet really an anonymous one?
Most probably, No. We studied more than 8,000 public proxy servers and found that only a few hundred of them are true anonymous proxy servers. Almost half of them call themselves "anonymous", because the do not transfer in the standard way the client's IP address, but, nevertheless the address is present in their requests in other different forms and therefore they do not provide any anonymity.
Besides some proxies transfer the IP address of the client occasionally, from time to time.
Variable Anonymous
HTTP_VIA: 24%
HTTP_FORWARD: 15%
HTTP_USER_AGENT: (modified) 5,2%
HTTP_CACHE_CONTROL: 19%
Supported connection types
Not supported 58%
Connection: Close 8%
Connection: Keep-Alive 34%
How can I check if the proxy I'm using is really anon?
NOTE* trully anon proxies will NOT show HTTP_FORWARDED or HTTP_X_FORWARDED_FOR variables, HTTP_FROM will show if they can grab your email address from the browser, HTTP_REFERER will show the page you came from,
to see your IP address quick, type WINIPCFG on the START+RUN
Many places to visit and find out what they say about you and your proxy, some will say your proxy is secure, some won't, so it's YOUR judgment:
• http://www.gemal.dk/browserspy/<---(All you really will ever need)
• http://www.leader.ru/secure/who.html
• http://www.all-nettools.com/
• http://www.grc.com/x/ne.dll?bh0bkyd2-will lists your open ports and tell you your computer name on the Net,
What is a public proxy server?
It is a proxy server which is free and open for everybody on the Internet. There is quite a large number of public proxy servers in many countries but most of them are not anonymous.
Where can I find a public proxy?
Try one of the following links, (Haven’t checked them for awhile)
http://proxys4all.cgi.net/
http://allfreeweb.hypermart.net/proxy/index.html
http://www.angelfire.com/md/ROA/proxy.html
http://cavency.virtualave.net/proxy/
http://come.to/proxys/
http://ians.978.org:8801
http://www.cexx.org/
http://www.cyberarmy.com/lists/proxy/
www.geocities.com/SiliconValley/Network/1120/fp-anonim.html
http://tools.rosinstrument.com/proxy/proxies.htm
http://www.lightspeed.de/irc4all/index.htm
http://www.heargon.com/anonymity/proxies.shtml
http://www.novelsoft.com/dark/proxy/1_3.htm
http://proxylist.hypermart.net/list.htm
http://www.ijs.co.nz/proxies2.htm
http://www.deny.de/links/pages/Protection/Proxy/Lists/
http://www.secureroot.com/category/anonymity/proxies/
http://www.angelfire.com/wy/0waynes/
http://www.cl.spb.ru/sparta/list.htm,
How do I use it? How do I configure my browser?
To set up your web browser follow the instructions below. You need to replace 'any-proxy.domain' and #### with the proxy and its port that you want to use.
Netscape Navigator
go to Options+Network Preferences, choose Manual, then fill in for HTTP, the Location (URL) as any-proxy.domain and in the Port column, put #### .
Netscape Communicator 4.X
Go to Edit on the task bar, select Preferences, then click on Advanced (twice!). From there, choose Proxies and select the Manual proxy configuration bullet, then click on View . Inside, fill in the HTTP option and Address of proxy to use as any-proxy.domain. and fill in the Port collumn as ####. Then its OK, OK, all the way out.
Microsoft Internet Explorer 4.0
go to View, Internet Options, choose the Connection folder, and check the Proxy server box, then choose the Advanced option. In there, fill in the name of the proxy as any-proxy.domain and the Port as ####.Use the same proxy server for all protocols.
Microsoft Internet Expolorer 5.0
Go to Tools on the task bar, then Internet Options , and get inside the Connections folder. There, choose the Lan Settings button. In there, mark the Use a proxy server bullet and fill in the name of the proxy as any-proxy.domain and the Port is ####.
I am only interested to read the e-mail and I do not surf at all. Do I need to configure ?
No need to. Proxy is only used for http (Web access), ftp and gopher.
How do I know that I have successfully configured the proxy ?
You have successfully configured it, if you can access and surf the Web without any problems.
What is SSL?
The Secure Sockets Layer (SSL) protocol for Internet security (developed by Netscape Communications to ensure private and authenticated communications) is an open platform put into the public domain for the Internet community.SSL provides data encryption, server authentication, message integrity, and client authentication for a TCP/IP connection.
How does SSL work?
For more detailed information, see the SSL Protocol specification at http:// home.netscape.com/ newsref/std/ sslref.html.
SSL uses a security handshake that is used to initiate the TCP/IP connection. This handshake results in the client and server agreeing on the level of security they will use. After the handshake, SSL encrypts and decrypts the bytestream of the application protocol being used (for example, HTTP, NNTP, or Telnet). This means that all information in both the HTTP request and response is fully encrypted, including:
* The URL the client requests
* All submitted form contents (credit card numbers)
* Any HTTP access authorization information (usernames and passwords)
* All data sent from the server to the client.
What about SSL and the proxy server?
When a client requests an SSL connection to a secure server through a proxy server, the proxy opens a connection to the secure server and then simply copies data in both directions without intervening in the secure transaction. With an SSL connection, the proxy can't view the data it transfers.
To use SSL proxying with HTTPS URLs, the client must support both SSL and HTTPS (such as the Netscape Navigator). HTTPS is implemented using SSL with normal HTTP. Clients without HTTPS support can still access HTTPS documents using Netscape Proxy's HTTPS proxying capability. SSL proxying is a lower-level activity that doesn't affect the application-level (HTTPS). SSL proxying is just as secure as SSL without proxying; the existence of the proxy in between does not in any way compromise security or reduce the functionality of SSL. With SSL, the data stream is encrypted, so the proxy has no access to the actual transaction. Consequently, the access log cannot list the status code or the header length received from the remote server. This also prevents the proxy, or any other third party, from eavesdropping on the transactions.
Because the proxy never sees the data, it can't verify that the protocol spoken between the client and the remote server is SSL. This means the proxy also can't prevent other protocols from being passed through. You should restrict SSL connections to only well-known HTTPS ports, namely port number 443 as assigned by the Internet Assigned Numbers Authority (IANA). If there are sites that run the secure server on some other port, you can make explicit exceptions to allow connections to other ports on certain hosts. You would do this using the connect://.*resource. The SSL proxying capability is actually a general, SOCKS-like capability that is protocol-independent, so you can use this feature for other services, too. The Netscape Proxy Server handles SSL proxying for any application that has SSL support, not only the HTTPS protocol.
How to configuring SSL proxy?
1. In the Server Manager, choose Routing|Enable, Disable.
2. Select the connect://.*:443resource from the list of existing templates. The connect:// method is an internal proxy notation and doesn't exist outside of the proxy. See the following sidebar text for more information on connect. If you want to allow connections to other ports, you can use similar URL patterns in a template.
3. Click Enable proxying of this resource.
4. Click OK, and then restart the proxy.
Warning!
If the proxy is misconfigured, it is possible to abuse the SSL proxy to achieve "telnet-hopping." Someone can use the proxy to make it appear that a telnet connection is coming from the proxy host, rather than the actual connecting host. This is why you have to pay extra attention to allow no more ports than absolutely necessary and to use access control on your proxy (restricting the client hosts).
Few Notes & Tips when using proxies!
1. When using a proxy, ANY proxy remember that it's usually better not to swim against the current as every access is probably monitored in log files of your ISP.
2. I DO NOT RECOMMEND USE Anonymizer.com, Anon.Free.anonymizer.com, they are NOT secure proxies. You are at their mercy concerning your log files. I have no reason to suspect that they are selling or trading this information and as far as a proxy is concerned, they may be a very good company. The problem is that there is another source of potential tracking to be avoided.
3. If you need to use anonymizer, you actually do not need to visit the anonymizer or any other proxy, all you need to do is to precede the *exact and complete* http://...address you want to visit, writing "http://www.anonymizer.com:8080/" before it.
4. To solve the problem of having one proxy keep your logs, you can try a little trick I use. If I want to be fairly secure, I will "cascade" several proxies together - proxy.name.com:8080/proxy2.name.com with the name of the port for the second proxy in the port column. You can put the proxies in either in the address/URL field of your browser- proxy.name.com:8080/www.URL.you.want.to.visit or inside where manual proxy configuration is.
5. For a proxy to be effective, turn OFF ALL Java, Java Script, Active X and Cookies!
Additional Software's and resources:(Haven’t cchecked all these links in awhile)
* #Dubai : Dubai Chat, http://www.much.net/dubaichat/
* Allfreeweb : Free Proxy Index, http://allfreeweb.hypermart.net/proxy/
* Alstone : http://www.ijs.co.nz/code/
* Anonymizer : Privacy Service, http://www.anonymizer.com/
* Arab-Hackz : http://www.egroups.com/group/arab-hackz
* Check Anonymity : checking of the HTTP headers that a proxy will send. http://www.junkbuster.com/cgi-bin/show-http-headers
* Craig Carey : Uncommon port proxies: bypassing censoring firewalls/proxies, http://www.ijs.co.nz/proxies3.htm
* Deny.de : links directory Protection-Proxy-Lists, http://www.deny.de/links/pages/Protection/Proxy/Lists/
* Everything by email : http://www.geocities.com/CapitolHill/1236/
* Free Proxy Public Services List : WWW (HTTP), FTP, GOPHER, WAIS, SOCKS, TELNET PROXY ON PORTS, WINGATE, http://tools.rosinstrument.com/proxy/
* Freeware Proxomitron: will stop all sorts of info your browsers carelessly tell the outside world, and it act as a proxy too. http://members.tripod.com/Proxomitron/
* HTTP Proxy-Spy : HTTP Proxy Server utility that you can use to spy on the HTTP protocol, http://home.comset.net/povarov/proxy.html
* HTTPort : Download, http://www.geocities.com/ResearchTriangle/6651/httport.htm
* Hushmail : Secure Web-based email with end-to-end security. http://www.hushmail.com
* Java Socks Proxy Server : http://lightning.prohosting.com/~kirillka/SOCKS/
* Junkbuster Proxy : blocks unwanted banner ads and protects your privacy from cookies and other threats. http://www.junkbuster.com/
* Louis Home Page: : VOIP, Mail, NNTP, Proxies, Firewalls, etc http://lh.itgo.com/index.htm
* Lyraprox : from Lyracom. http://www.lyracom.com
* MagusNet Public Proxy Server : Network Anonymous proxies, chained proxies and commercial https proxies. http://www.magusnet.com/proxy.html
* Netcat : netcat 1.1 for Win95/NT/Unix http://www.l0pht.com/~weld/netcat/
* Nym.alias.net : This is the official homepage of nym.alias.net, a second generation nymsever. http://www.cs.berkeley.edu/~raph/n.a.n.html
* Open Source Proxy Checker : http://dq.linuxave.net/ospc.php3
* PGP : for secure E-mail http://www.pgpi.org/products/nai/pgp/versions/freeware/
* Privacyx : Anonymous Encrypted Email service. http://www.privacyx.com
* Proxies : http://www.egroups.com/group/proxies
* Proxomitron : Web Filter. http://members.tripod.com/Proxomitron/
* Proxy-Elites : http://www.egroups.com/group/proxy-elites
* Proxy hunter: will find proxies in ANY domain you desire, http://member.netease.com/~windzh/software/proxyht/download.htm
* Proxy-Methods-List : http://www.egroups.com/group/proxy-methods-list
* Proxymate : Protect your privacy. http://www.proxymate.com
* Proxys4all : proxys for HTTP, FTP, TELNET, SOCKS, GOPHER, SECURITY & WAIS. http://proxys4all.cgi.net/
* SecureRoot : Underground Search - Anonymity Proxies. http://www.secureroot.com/category/anonymity/proxies/
* Sendpad : Send an anonymous e-mail message. http://www.sendpad.com/
* Wayne's : Wayne's proxy censorship avoidance site - UAE, KSA and others http://www.angelfire.com/wy/0waynes/
* Ziplip : Private & Secure Email. http://www.ziplip.com
* allbymail : (Arabic) http://www.geocities.com/allbymail/
What is a Firewall?
With a Web presence come security risks. You wouldn't want some 16-year-old hacker compromising your data. But you run that risk if your LAN is connected to the Internet without a firewall.
A firewall is any device used to prevent outsiders from gaining access to your network. This device is usually a combination of software and hardware. Firewalls commonly implement exclusionary schemes or rules that sort out wanted and unwanted addresses.
What type of firewalls are there?
A firewall, which acts as an intermediary between your users and the Internet, comes in three varieties: packet-level (or packet filter), proxy-based (or application-level) and stateful inspection.
Packet-level firewalls examine all data traveling between your local LAN and the Internet. Using a preprogrammed set of rules, packet filtering determines whether a packet is authorized based on its source and destination addresses.
Proxy-based firewalls stand between the Internet and a private network, and communicate with the Internet on the private network's behalf. When you configure a browser to use a proxy, the firewall passes a request from the browser to the Internet, then relays the Internet server's reply back to the browser. Proxy servers were originally designed to allow faster access through caching of Web documents. Instead of forwardin g all requests to the Internet, they would attempt to fulfill them based on cached data first. Proxy servers have become the foundation of a new breed of firewalls that allow or restrict network access. Some applications have built-in proxy capability, including several Web servers.
The newest type of firewall is based on a technology called stateful inspection, developed by Checkpoint Software Technologies. This firewall type remembers information, such as source and destination addresses and port number, in a packet known to be legitimate. It uses this information to compare the "friendly" packet to the packet in question.
Which type of firewall is more secure?
Each firewall type has its advantages and disadvantages; it's debatable which is the most secure. Packet-filtering and stateful-inspection firewalls require each system be assigned a separate IP address; application-level firewalls let a single Internet address speak for all its users. The downside is only the client application that supports proxies can communicate with the Internet. The firewall must have a proxy for every application or service for which clients require Internet access. Fortunately, many proxy servers allow you to create your own proxies.
Do I need a firewall?
Most of us think of firewalls as complex software applications that run on a server. The firewall server acts as a buffer between all of your other servers and PCs on the network, and the outside world. This provides you with protection from crackers and keeps your network safe. This is all well and good if you have someone who is dedicated to administer your network security and keep up with the latest patches and service packs to keep your firewall software up to date. But what if you are a small businessman or a home office user and you don't have the expertise to administer a complex firewall solution, or for that matter, the money to buy firewall software that may cost from five to twenty thousand dollars? One solution is to buy personal firewall software. If you are a SOHO (Small Office/Home Office) user or have a small home network that is on the Internet, what you want is a simple, plug and play device that won't cost you an arm and a leg, that will give you protection against cracker attacks. What you need is a firewall appliance.
What is a firewall appliance?
A firewall appliance is a small hardware device that provides you with firewall services. The beauty of using a firewall appliance over software solution is that setup and configuration is usually plug and play. Some firewall appliances are as small as a hardcover book and most have Web based interfaces for setup and configuration. The beauty of it is that once you have set it up, you may never need to use the interface again. The firewall appliance is installed so that your incoming connection to the Internet is directly connected to it and then your network is connected to the firewall.
=====================================================================================
Information about the socks protocol
1. Introduction
2. Versions
3. SOCKS Support
4. SOCKS Connections
5. Scanning
---------------------------------------------------------------
Introduction:-
SOCKS is the most powerful, flexible proxy standard protocol available. SOCKS is a shortened version of "SOCK-et-S" or "sockets," the term used for the data structures which describe a TCP connection. It was one of those "development names" that stuck. Very clever folks say its really to distingish these from the human variety that are worn on the feet ;-)
SOCKS is a networking proxy mechanism that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring any host pc to reveal their ip address to the remote host, diagramatically shown:
1. Host PC<------>|
2. Host PC<------>|Socks Proxy Server <---> Remote Host Web Site
3. Host PC<------>|
It works by redirecting connection requests from hosts on one side to hosts on the other side via a SOCKS server, which authenticates and authorizes the requests, establishes a proxy connection and passes data back and forth. Its usually described as a circuit level proxy for this reason i.e. it does'nt care about the data its transferring or its protocol.
Its typical use on an individual pc basis is to "sockisfy", which refers to the process of intercepting the networking calls and redirecting them, this enables the host pc behind a SOCKS server to gain full access to the Internet whilst preserving its anonymity, since the remote host will only see the ip address of the socks server in all connection requests. The SOCKS default port No. is 1080.
---------------------------------------------------------------
Versions:-
There are two major versions of SOCKS, Socks4 and Socks5. The main differences between Socks5 and Socks4 are:
* Socks4 doesn't support authentication while Socks5 has a built-in mechanism to support a variety of authentication methods.
* Socks4 doesn't support UDP proxy while Socks5 does.
* Socks4 servers will not support the Socks5 protocol. Socks5 implementation from NEC does support the Socks4 protocol. The server supports both V5 and V4 clients and can communicate with other V5 and V4 servers.
* Socks4 and Socks4.2 and earlier clients are required to be able to resolve IP address's of remote hosts. Socks5 now includes PROXY NAME support to move the name resolution process from the Socks clients to the Socks5 Server, or remote dns-request. Resolving is the process whereby addresses such as http://www.my_isp.combecome 210.123.456.789.
Support for SOCKS:-
SOCKS is almost as widely supported as HTTP proxies. All major Windows NT–based proxy servers, including Microsoft Proxy Server, Netscape Proxy Server, and WinGate, support SOCKS. SOCKS is also supported by proxy servers for alternative operating systems, including all variations of UNIX.
SOCKS clients must be specially coded to work with the proxy protocol. Fortunately, it is common for application developers to allow their application-layer protocols to work with SOCKS. Microsoft Internet Explorer and Netscape Navigator both support SOCKS proxying for HTTP and all other protocols they support. Other applications that may need to pass through a proxy server, such as FTP and RealAudio, support the SOCKS proxy. If you are unsure whether a certain application supports SOCKS, check the documentation for that application.
---------------------------------------------------------------
4. SOCKS Connections:
Example Use:
IRCii / BitchX / etc:
1. irc: /server (SOCKS) 1080
2. irc: /server (irc server) (port [666{6-9} usually])
mIRC:
1. Go to the Setup folder
2. Click on the "Firewall" tab
3. Check the box reading "Use SOCKS Firewall"
4. Go down to "Hostname:" and enter the SOCKS IP / hostname
5. Click on the "IRC servers" tab, and click on "Connect"
Open Proxy/SOCKS:
Many irc nets and isp's will use a security check whenever you connect to their network here they will look for Open Proxy/SOCKS. This means that when you connect it will check port 23 (telnet port, checking for a wingate telnet bounce) and port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or SOCKS5 Proxy (anonymously accessible), you will be k-lined (banned from the network). When using a wingate socks connection, occasionally if the wingate uses its own identd daemon then it will return its info to the requesting host, so your connection request might be accepted.
---------------------------------------------------
5. Scanning:-
Indirect method:
A simple but effective method for finding socks proxies is to employ a search engine. Enter in the search engine something like: "free proxies", "proxy list", "amonymous http proxy", "public proxy servers list" etc. You should find hundreds of references to proxy web pages.
Direct method:
If these seem sparse then you should look for your own. Using a scanner of your choice you should scan a specific IP range looking for the addresses that accept a connection on port 1080. There are plenty scanners available, choose one you like. Normally there are a couple of SOCKS servers (port 1080) or Wingate users (port 23) within 255 dialup addresses of a big ISP.
Many providers can have a large number of active and reserved addresses, these will exceed 255. Therefore you can try to scan neighboring ranges changing the 2nd last digit from the right hand side in the ip-address. More detailed information on addresses belonging to the net or isp you scan can be can be found with the help of a Whois-server or a program like SmartWhois
=====================================================================================
Surfing the web anonymously
Any web site in the world can track your movements through its pages and monitor your reading interests using your IP address, a unique ID assigned to each computer on the Internet. Depending on the policies of the Internet resource, you might not be able to get access to the information you need. Also, your visit can be registered and used later to gather some personal information about you. Using only your IP address and the information about your operating system, a Web site can automatically exploit security holes in your system using some not-very-complex, ready-made, free hacking programs. Some of such programs may just hang your machine, making you reboot it, but other, more powerful ones, can get access to the content of your hard drive or RAM. The anonymous proxy prevents this by hiding your IP address so that no one can access your computer via the network. In most cases, however, proxies do inform the target server about the address of the computer that made the request, transmitting your IP-address in different forms. Anonymous (real anonymous!) proxy servers don't transfer the information about the IP-address of the client, and thus effectively hide the information about you and your surfing interests. Besides that, some proxy servers can also hide the very fact that you are surfing through a proxy server! Anonymous proxies can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc.
Surfing by proxy
For many, the simplest approach to Web browser anonymity is to use a proxy server. A proxy server is a server that retrieves Web pages for you, providing only its own identity to the sites it visits. Many corporate and institutional sites provide these for their users, as do some ISPs. Other way you can use a program's call MP(multiproxy) of A4 proxy(anonymity for proxy). What A4 proxy(multiproxy) allows you to do - is to surf through proxies. This makes tracing yourself a pretty difficult task.
There are other reasons, (speed) etc., for using a proxy. I don't have time to do a paper on proxies and how to configure them at the moment, but use a good search engine and you will find out all about proxies.
SOCKS is a networking proxy protocol that enables hosts on one side of SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP reachability. SOCKS redirects connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and relays data.
How to Use Proxies/SOCKS
Please copy/paste this for future reference.
Using proxies
1. Introduction
2. Just a number?
3. What is a proxy server?
4. Why use one?
5. Proxy Types
6. Steps for Finding an Anonymous Proxy
7. Where to find a Proxy List
8. Where To Test Your Proxy for Anonymity
9. Where to Check The Proxy Server's Country
10. How to configure one in your browser
11. Obscuring a Proxy URL
12. Additional Security
13. Resources
1. Introduction:
This is intended as a summary of proxy basics. A reminder as to why its required. Anonymity is needed because there are people who surf the net looking for other people's ip address or url name so they can then publicly malign them by finding their "true" identity and telling the world this person eats spam or likes to watch the grass grow, or in the case of an Advertising Corporation which will sell your identity to some retailer like WalMart. So some basic precautions that you need to take to avoid this are: using a proxy, disabling all cookie options, java, active-x, and all scripting options in your internet browser, print and file sharing in NetBios, and also installing a firewall. The following text attempts to be a summary of those basic methods by which you can anonymously communicate with other like minded persons.
------------------------------------------------------------------------
2. Just a number? :
Before you can understand how best to protect your privacy, it's helpful to know just what information you're generating when you connect to the net, and how easy this is to trace.
At the very lowest level, when you connect to a website it will receive a record of your IP address - the unique number that indicates which computer you're using. If you use an ISP like Demon, that gives you a fixed address, that's enough to pinpoint your account. With a dynamic address, it'll pinpoint the modem line you connected to. Finding out which customer was using that line means matching up a time with the records from the computers that handle your login. On a busy system, that could mean finding one from tens of thousands of entries, but it can be done. This is how the police were able to track the source of the Love Bug virus to a dialup account used by a group of students in the Philippines. Some systems, such as AOL, might share an IP address between more than one user. The same is true of some corporate gateways to the net; but even so, there will usually be a way to work back to a specific system, even if it involves trawling through pages of log files. One way of hiding these sites is to go via a proxy, making the address that appears in the web server's logs that of the proxy server. Of course, all that's really doing is adding another link to the chain, since the proxy server will have a record of what you're asking it to do. But with the Proxy Server resident in a foreign country this is time consuming, probably not practicable and faced with proxy chaining, most will just give up. This is also what makes proxy servers a useful tool for those who want to see what you're up to. Even though you may not think your web requests are going through one, many internet service providers (ISPs) use so-called 'forced proxying'. This means that all web requests are routed via a transparent proxy. You don't need to change any settings in your browser, but the effect is the same. For an organization or country that wants to control and monitor what people are seeing on the web, it's ideal.
Thoughts regarding the use of system logs as evidence: Log files make crap evidence, for a start they're easily forged, and you're reliant upon computer generated evidence. What jury will believe a computer over a human? At best log files are supporting evidence, in most cases they only show logins, connections and other impersonal evidence, no log can say BEYOND REASONABLE DOUBT that someone did something, they only say this machine number connected at this time, it don't say anything about the identity of the person. If in doubt, deny everything, after all its the job of the prosecution to prove you are guilty of some misdemeanor.
------------------------------------------------------------------------
3. What is a proxy server:-
A Proxy Server is a firewall and cache server. It can allow an entire network of computers to access the internet(http or ftp) with a single IP. it can act as a kind of filter for that network. Let's say you have 3 computers in some small network in japan going through a proxy server, schematically it looks like this.
1. ------->|
2. ------->|Proxy Server ----> The Web Site
3. ------->|
If you are at home with internet access through your ISP, this is what your connection looks like :
(PC)------>Your ISP ----> The Web Site
If the proxy server in the network above allows other users to use it we can do this :
(PC)------->Your ISP ---->Proxy Server ----> The Web Site
From the above diagram we can go through the proxy server and hide our real ip address or url name! The Web Site will only see the ip address or url name of the proxy server and NOT that of your isp, thereby making you anonymous!
------------------------------------------------------------------------
4. Why Use One:-
* To act as a security firewall or ip filter.
* To reduce the network load by caching commonly requested pages.
* To translate the material into another language.
* To improve access speed for users, achieved by caching.
Our interest lies in the first option i.e. becoming anonymous and Surfing Safe It isn't guaranteed that simply by using a proxy you will be anonymous. Some proxy servers will forward your real ip at random intervals others do it by default, others do by request from the web site that you visit. This makes it necessary to test your proxy for anonymous status at a Proxy Checking site. These sites will allow you to test the information or headers that are passed from the proxy server to the web site, careful inspection of these will allow you to decide just how anonymous you really are. An example header is:
HTTP_USER_AGENT: IE5 WIN2000which tells the site your browser and operating system type. So once you enter a website, and click any one of the files on the webserver, the website owners can find out these items of information about you, and much more:
1. Your IP Address.
2. Your hostname.
3. Your continent.
4. Your country.
5. Your city.
6. Your web browser.
7. Your Operating System.
8. Your screen resolution.
9. Your screen colors.
10. The previous URL you visited.
11. Your ISP.
------------------------------------------------------------------------
5. Proxy Types:-
The two most commonly used proxy types are http and socks each uses the common ports 8080, 1080 respectively. http proxies are for use with your browser. Socks which is a valid proxy alternative allows you sockisfy http, ftp, telnet, nntp, and common chat protocols similar to icq, hotline.
------------------------------------------------------------------------
6. Steps for Finding an Anonymous Proxy:-
Step 1. Find a List of Proxies
Step 2. Check the Proxies for Anonymity
Step 3. Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis. Accomplished by comparing Referer, Site Location, and your current proxy, along with all the other visitors. If you keep your proxy long enough the logs may be hacked or made available to some interested 3rd party.
------------------------------------------------------------------------
8. Where To Test Your Proxy for Anonymity:-
Go to one of these sites, even more than one to double check, read the environment variables, look for the ip address or url name. If you see your ip number then you are not anonymous!
http://leader.ru/secure/who.html
http://www.all-nettools.com/tools1.htm
http://www.multiproxy.org/env_check.htm
http://grc.com/default.htm
http://privacy.net/analyze/
https://grc.com/x/ne.dll?bh0bkyd2
*All working links as of 6-20-02
------------------------------------------------------------------------
9. Where to Check The Proxy Server's Country :-
Avoid US/UK/Canada/Australia/NZ and most western European countries!
http://www.arin.net/whois/
http://www.all-nettools.com/tools1.htm
http://www.samspade.org/
------------------------------------------------------------------------
10. How to configure one in your browser:-
To enable a proxy server in IE
Go to: Tools... Internet Options... Connections... Settings
If you use a dialup connection, click the "Settings" button next to the dialup properties box. If you have a broadband connection, click the "LAN Settings" button instead. Check the "Use a proxy" option, then enter the proxy's hostname into the "Address" Editbox and port number into the "Port" Editbox normally 8080.
Tip: In the "General" tab make your Proxy Checking Url your chosen "Home Page" this allows you to check each time you log on.
To enable a proxy server in Netscape:
Go To: Preferences... Network... Proxy tab
Same as Internet Explorer
------------------------------------------------------------------------
11. Obscuring a Proxy URL:-
An additional method is to obscure your url using hex codes so it turns out like looking like this
http://3513587746@3466536962/~anyname/homepage.htm
For a complete explanation of how to visit
------------------------------------------------------------------------
12. Additional Security:-
Your security can be further advanced by chaining proxies whether they be http based or socks proxies. And schematically might look like this:
client ---> proxy1 ---> proxy2 ---> Web Site. Each proxy server type has its own chaining syntax.
HTTP/FTP
The most common syntax is of the form proxy1.jp:8080//proxy2.kr:8080. This is added direct to your address editbox. Other proxy servers like the Japanese DeleGate servers use -_- to prefix the proxy and this can be typed straight into the url address bar i.e. type http://needmore.cs.utexas.edu:10080/-_-http://www.yahoo.com,note the "-_-", similar syntax applies to ftp sites since DeleGate Proxy Servers offer a ftp proxy service. The majority of proxy servers will use the http transport to convey the ftp information, and in doing so may or may not adhere to the connection conventions laid out in the ftp protocol. So to avoid revealing your ip address via an ftp connection its best to use a socks proxy for the purpose of anonymity, probably combined with some ftp client program. Proxy Hunter can be used to find the fastest proxies.
SHTTP/HTTPS
SHTTP aka Secure Hypertext Transport Protocol is a modified version of the Hypertext Transport Protocol (HTTP) that includes security features. implementations include Digital Signitures, MAC aunthentication, Public/Private Key Encryption.
HTTPS aka SSL (S)ecure (S)ocket (L)ayer is similary a secure messaging protocol but it differs from SHHTP in that supports a variety of protocols such as FTP/HTTP etc. SSL is compatible with firewalls and tunneling connections. Other protocols have their own secure versions such as FTPS for ftp and NNTPS for NNTP or Network News where some news servers allow upload via a secure connection.
WARNING: Since both these protocols allow connections on arbitrary or secure ports 443 in the case of SSL. These connection requests, unless blocked by a firewall or handled via a secure proxy specific to the protocol, will reveal your ip address in the connection process!
SOCKS:
Socks Proxies which are the most flexible covering many protocols can be successfully chained using a program called SocksChain which chains 2 or more socks proxies. If you use say 4 socks proxies chained together because you want to post on some Russian news server. Then this will make you anonymous. Similar applies to ftp http mail icq etc. (Mac users are out of luck with regard to the availability of software which performs these various proxy tasks, with some rare and not very reliable exceptions.)
Proxy Chaining:
The basic idea is this: although not all chainable proxies have web interfaces (a web page with a form where you can enter the URL you want to surf to using the proxy), several do have such interfaces. Three that are well known are MagusNet, the Anonymizer, and the Anonymicer.
Before starting, go to http://www.tamos.com/bin/proxy.cgiand write down the set of four decimal digits that make up your current IP address. Now, here's how to figure out how to learn to chain proxies with web form interfaces: Also try ports 8088 and 8090 for some additional interesting results. MagusNet uses a DeleGate proxy server; many other DeleGate proxy servers also have web interfaces and are chainable; to find several, notice the title of the MagusNet page: 'DeleGate for Non-CERN-Proxy clients'. Searching for that phrase on the standard US and Japanese search engines will turn up several other DeleGate proxy servers you can easily find the prefixes for using the exact same technique outlined above.
Many other DeleGates have no web interfaces, but they are chainable, too. Any time you are testing proxies you have found by scanning with ProxyHunter, searching on Search Engines, or filtered out of lists like the ones at Proxys4All or out of guestbooks or Boards at sites dealing with proxies etc., just test them to see if they can be chained. For example, if the _fictional_ proxy my_url.jp:80 is identified as a DeleGate on the Tamos page (or any of the other ENV testers listed on the Proxys4All Tools page), try http://www.my_url.jp:80/-_-http://www.tamos.com/bin/proxy.cgi and see if it works. If it does (and many times it will), you've got another chainable proxy to add to your list.
------------------------------------------------------------------------
13. Resources
Proxy Hunter: This is a good freeware proxy scanner-again, for the PC user.
Anonymity 4 Proxy
. This program can inform if a proxy allows connection for HTTP, SSL and FTP.
HTTPort
Is freeware and it can use a SSL proxy to tunnel requests to a wide variety of net services.
Socks2HTTP
Socks2HTTP is an agent converting SOCKS v.5 requests into HTTP requests and tunneling them through HTTP proxy.
Newsgroups dealing with Anonymity
* alt.anonymous
* alt.anonymous.email
* alt.anonymous.messages
* alt.hackers
* alt.security.keydist
* alt.security.pgp
* comp.security.pgp
* comp.security.pgp.announce
* comp.security.pgp.discuss
* comp.security.pgp.resources
* comp.security.pgp.tech
* misc.security
* sci.crypt
* sci.crypt.research
How to Obscure Any URL
How Spammers And Scammers Hide and Confuse
Since this was first written in 1999, Internet Explorer and Netscape have both begun dealing with URLs differently, particularly in versions 6 and above. Some of the examples here will no longer work with those browser versions.
---------------------------------------------------------------
The URL (Universal Resource Locator) of the page you are now viewing is http://www.pc-help.org/obscure.htm.
It is also http://3468664375@3468664375/o%62s%63ur%65%2E%68t%6D.Go ahead and click on that link. It'll take you right back to this very page.
The weird-looking address above takes advantage of several things many people don't know about the structure of a valid URL.
There's a little more to Internet addressing than commonly meets the eye; there are conventions which allow for some interesting variations in how an Internet address is expressed.
These tricks are known to the spammers and scammers, and they're used freely in unsolicited mails. You'll also see them in ad-related URLs and occasionally on web pages where the writer hopes to avoid recognition of a linked address for whatever reason. Now, I'm making these tricks known to you. Read on, and you'll soon be very hard to fool.
(Note: Depending on your browser type and its version, some of the oddly-formatted URLs on this page may not work. Also if you're on a LAN and using a proxy [gateway] for Internet access, many of them are unlikely to work. Also, fear not; this page does not exploit the "Dotless IP Address" vulnerability of some IE versions.)
How It's Done
Here it is again: http://3468664375@3468664375/o%62s%63ur%65%2E%68t%6D
First take note of the "@" symbol that appears amid all those numbers. In actual fact, everything between "http://" and "@" is completely irrelevant! Just about anything can go in there and it makes no difference whatsoever to the final result. Here are two examples:
http://doesn'tmatter@www.pc-help.org/obscure.htm
http://!$^&*()_+`-={}|[]:;@www.pc-help.org/obscure.htm
Go ahead and use the links. If they work at all with your browser, you'll be back to this page again.
This feature is actually used for authentication. If a login name and/or password is required to access a web page, it can be included here and login will be automatic.
Example: http://username:password@www.whatever.com/secret/eyesonly.htm
But if the page requires no authentication, the authentication text is in effect ignored by both browserand server.
This presents interesting possibilities for confusing the unsuspecting user. How about this one:
http://www.playboy.com@3468664375/obscure.htm
If you didn't know better, you might think this page were at playboy.com!
By the way, the @ symbol can be represented by its hex code %40 to further confuse things; this works for the IE browser, but not for Netscape. (Thanks to The Webskulker for this.)
All right, so what about that long number after the "@"? How does 3468664375 get you to www.pc-help.org?
In actual fact, the two are equivalent to one another. This takes a little explaining so follow me carefully here.
The first thing you need to know (most Net users know this), is that Internet names translate to numbers called IP addresses. An IP address is normally seen in "dotted decimal" format. www.pc-help.orgtranslates to 206.191.158.55. So of course, this page's address can be expressed as: http://206.191.158.55/obscure.htm.
Numeric IP addresses are generally unrecognizable to people, and not easily rememberd. That's why we use names for network locations in the first place.
Merely using an IP address, in its usual dotted-decimal format, in place of the name is commonly done and can be quite effective at leaving the human reader in the dark about which website he's visiting.
But there are other ways to express that same number. The alternate formats are:
* "dword" - meaning double word because it consists essentially of two binary "words" of 16 bits; but it is expressed in decimal (base 10);
* "octal", meaning it's expressed in base 8; and
* "hexadecimal" hexa=6 + deci=10 (base 16).
The dword equivalent of 206.191.158.55 is 3468664375. Its octal and hexadecimal equivalents are also illustrated below.
Why obscure names in the first place? Most often it's because by publicly-available registration records, the owners of domain names can often be identified. Even if the owner isn't traceable by that record, his service provider is. The last thing any scammer or spammer wants is to be found by his victims, or to have his service provider alerted to his abuses. Although the use of obscured URLs is far from their only means of avoiding retribution, it's been a favorite.
Below, I explain how you can get an IP address for any name, how to convert a dotted-decimal IP address to the dword format, and how the octal and hex formats work. If you know how it's done, you will also know how it's undone.
Okay, so what about the rest of the URL? Let's look yet again at that weird address I first showed you:
http://3468664375@3468664375/o%62s%63ur%65%2E%68t%6D
It's beginning to make some sense, isn't it? But what's all that gibberish on the right? Here's how that works:
Individual characters of a URL's path and filename can be represented by their numbers in hexadecimal form. Each hex number is preceded by a "%" symbol to identify the following two numbers/letters as a hexadecimal representation of the character. The practical use for this is to make it possible to include spaces and unusual characters in a URL. But it works for all characters and can render perfectly readable text into a complete hash.
In my example, I have interspersed hex representations with the real letters of the URL. It simply spells out "/obscure.htm" in the final analysis:
/ o %62 s %63 ur %65 %2E %68 t %6D
/ o b s c ur e . h t m
The letters used in the hex numbers can be either upper or lower case. The "slashes" in the address cannot be represented in hex; nor can the IP address be rendered this particular way. But everything else can be.
Hexadecimal Character Codes
Hex character codes are simply the hexadecimal (base 16) numbers for the ASCII character set; that is, the number-to-letter representations which comprise virtually all computer text.
To find the numeric value for an ASCII character, I often use a little batchfile I wrote for the purpose years ago; and then if I want the hex equivalent I usually do the math in my head. It just requires familiarity with the multiples of 16 up to 256.
For most people, the conversion is probably best done with a chart. The best ASCII-to-hex chart I have ever seen is on the website of Jim Price: http://www.jimprice.com/jim-asc.htm.Jim explains the ASCII character set wonderfully well, and provides a wealth of handy charts.
I can't improve on Jim's excellent work! Print out Jim's ASCII-to-hex chart and you're in business. If Jim's site ever disappears, let me know and I'll do a chart of my own.
IP Addresses
IP addresses are most commonly written in the dotted-decimal format. A dotted-decimal IP number normally has 4 numeric segments, each separated by a period. The numbers must range from 0 to 255.
Translation of a network name to its IP address is usually done in the background by your network software, invisible to the user. Given a name, your browser queries a name server, a machine somewhere on the Net which performs this basic network addressing function; it thereby obtains the numeric IP address and then uses that address to direct its requests to the right computer, somewhere out there on the Net.
There is a standard utility which allows the user to perform these name server lookups directly and see the results. It's called NSLOOKUP.
A wide variety of nslookup utilites is available on the Net, often for free download. Some provide a graphical interface under Windows, but the original and most basic nslookup is run from a textual command line. One such command-line utility is included in my free Network Tracer. Please download it if you're interested.
Place NSLOOKUP.EXE in your Windows directory and you can use it from a DOS window. A simple nslookup query is structured as follows:
nslookup [name or IP address] [name server]
A name server has to be specified if you're using Windows 9x/ME, either by name or IP address. Find out the address of your ISP's Primary DNS Server -- it can usually be found in your Dial-Up Networking setup or in the documents provided for setup of your Internet connection.
If you're using XP or NT, the name server need not be specified.
A valid query for my ISP's web server address would be:
nslookup www.nwi.net [name server]
Here's what that command puts out in response, with my comments:
nslookup www.nwi.net198.41.0.196 <-- Here's the command you typed in
Server: ns.netsol.com <-- The name server you utilized
Address: 198.41.0.196 <-- The responding name server's IP address
Non-authoritative answer: <-- Some other name server is the source of the data
Name: sundance.nwinternet.com <-- The "real" name of www.nwi.net
Address: 206.159.40.2 <-- What you came here for: the IP address of www.nwi.net
Aliases: www.nwi.net <-- www.nwi.netis an alias -- not the
primary name given to that address, but a valid one.
It's a powerful utility; it can find names for known addresses, addresses for known names, and a variety of other information relevant to an Internet address. But doing some of the fancier things with NSLOOKUP is difficult if you're not already technically savvy. For the technically inclined, there is a manual; and several examples of its use can be found in TRACE.BAT, the primary component of my Network Tracer.
If you're determined to avoid the DOS command line, and want a tool that will do most of the thinking for you, I recommend NetScanTools, a reasonably-priced network utility toolbox. It's available as a 30-day shareware demo and a bargain at just $25. NetScanTools is not merely an address-lookup utility; it can do a great many things. For a Windows user trying to comprehend the nuts and bolts of the Net, it's a whole world of discovery.
You can also do your name server lookups with a web browser. There are nslookup "gateways" scattered around on the Web. One such gateway is at: http://www.lasaltech.com/cgi-bin/nslookupAnother is: http://www.interlog.com/~patrick/cgi/nslookup.cgi
A Variation on Dotted-Decimal IPs
If you're using Internet Explorer, this address should work (It doesn't work with at least some versions of Netscape): http://462.447.414.311/obscure.htm
Normally, the four IP numbers in a standard dotted-decimal address will all be between 0 and 255. In fact they must translate to an 8-bit binary number (ones and zeroes), which can represent a quantity no higher than 255.
But the way this number is handled by some software often allows for a value higher than 255. The program uses only the 8 right-hand digits of the binary number, and will drop the rest if the number is too large.
This means you can add multiples of 256 to any or all of the 4 segments of an IP address, and it will often still work. In my tests, it was limited to 3 digits per number; values over 999 didn't work.
Converting An IP Address to Dword Format
I could create a math lesson about this, and tell you all about bits and bytes and base 16. But it's not really necessary. Anyone with a Windows system has a handy calculator that makes it simple to convert decimal numbers to hex, and to find the dword equivalent of any dotted-decimal IP number. You should find it by selecting Start ... Programs ... Accessories ... Calculator. It will look like this:
or, in Scientific mode, it looks like this:
I suggest Scientific mode for this purpose.
Start with an IP address. In this example we'll use 206.191.158.55. Enter the following keystrokes into the calculator exactly as shown:
206 * 256 + 191 = * 256 + 158 = * 256 + 55 =
The dword equivalent of the IP address will be the result. In this case, 3468664375.
Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564) -- and it will still work. This is because when the sum is converted to its basic digital form, the last 8 hexadecimal digits will remain the same. Everything to the left of those 8 hex digits is discarded by the IP software and therefore irrelevant.
Thus, the following URLs will also lead to this page:
http://7763631671/obscure.htm
http://16353566263/obscure.htm
http://235396898359/obscure.htm
There now exist a handful of utilities that will do dword (and other) conversions of IP addresses and URLs. When time permits, I'll be sure to list them on this page. Meanwhile, there's a handy script on Matthias Fichtner's website which will quickly convert any IP address to its dword value and vice-versa: http://www.fichtner.net/tools/ip2dword/.
PING
The PING utility that's in every Windows system can decipher dword IPs. In fact, it deals with every method of expressing an IP address that's described on this page. (My thanks to Steven, who pointed this out on the NTBugTraq list.)
Just open a DOS window and type:
ping [IPAddress]
PING will then do its usual job, in which it contacts the remote system (if any) at that address and gauges its response times. In the process, it displays the ordinary dotted-decimal equivalent of the IP address you entered.
Octal IP Addresses
As if all this weren't enough, an IP address can also be represented in octal form -- base 8.
The URL for this page with its IP address in octal form looks like this: http://0316.0277.0236.067/obscure.htm
Go ahead, try it. You'll be right back here once again..
Note the leading zeroes. They're necessary to convey to your browser the fact that this is an octal number.
Any number of leading zeroes can be added to any or all of the numbers in the address. For example: http://00000000316.000277.00000236.00000000067/obscure.htm
Naturally, arbitrary authentication text can also be added to an octal address. Example: http://www.sleazy-ad.com@00000000316.000277.00000236.00000000067/obscure.htm
Octal numbers are easily derived with the Windows calculator in Scientific mode. Enter a decimal number, then select the "Oct" button at upper left. The octal number will appear. The reverse operation translates octal to decimal.
(Those who find all this unwieldy can always use the handy URLomatic at www.samspade.org.It will reveal the dotted-decimal IP address of a dword- or octal-formatted URL, as well as to decode hex character codes. This link to the URLomatic will completely decipher my original example address. Many thanks to Dan Renner of R&B Computerhelp).
Hexadecimal IP Addresses
You thought that was all? Well, so did I, until one Daniel Do?ekal informed me otherwise. There is yet another obscure way to express an IP address.
Starting with the method outlined above, you can readily calculate the hexadecimal number for 206.191.158. 55. In Scientific mode, calculate the dword value. Then select the Hex button. The resulting hexadecimal number (CEBF9E37) can be expressed as an IP address in this manner: 0xCE.0xBF.0x9E.0x37
The "0x" designates each number as a hex quantity.
The dots can be omitted, and the entire hex number preceded by 0x: 0xCEBF9E37
And, additional arbitrary hex digits can be added to the left of the "real" number: 0x9A3F0800CEBF9E37
Some browsers (Netscape 3.x and 4.x for instance) won't work with hex IPs; but for IE users (prior to version 6), this page's URL can be:
http://0xCE.0xBF.0x9E.0x37/obscure.htm
or:
http://0xCeBF9e37/obscure.htm
or:
http://0x9A3F0800CEBF9E37/obscure.htm
It's Not Over Yet
Ah, you thought you had it all nailed down? Well, it's mix-and-match time!
Believe it or not, the following URL, which uses hex, decimal and octal numbers in the IP address, actually works: http://0xCE.191.0236.0x37/obscure.htm
This mixed-format address also works with bogus authentication text: http://spam-world.net@0xCE.191.0236.0x37/obscure.htm
For Netscape users, omitting the hex is necessary; but decimal and octal can be mixed: http://spam-world.net@0316.191.0236.067/obscure.htm
Thankfully, the wonderful URLomatic at samspade.org deals with these mixed-up IPs just fine.
Also, don't forget PING. It will also decode these mixed-format addresses.
Not Dotless, But Less Dots
A variation on the dword IP address is one where a portion of the IP address is similarly converted. This only works with the rightmost two or three numbers, not the leftmost.
Let's start again with 206.191.158.55. Leaving the "206" as it is, we do the same calculation with the last three numbers:
191 * 256 + 158 = * 256 + 55 = 12557879
Now we have: http://206.12557879/obscure.htm
158 * 256 + 55 = 40503
Which results in: http://206.191.40503/obscure.htm
Now extend this same concept to hex and octal numbers:
http://0xCE.0xBF9E37/obscure.htm
http://0xCE.0xBF.0x9E37/obscure.htm
http://0316.057717067/obscure.htm
http://0316.0277.0117067/obscure.htm
Why not mix and match?
http://0316.0xBF9E37/obscure.htm
http://206.0277.0x9E37/obscure.htm
Furthermore...
Internet Explorer (versions prior to 6) will allow the characters of the IP address itself, in any format, to be expressed as hex-coded characters.
Example: http://%334%368%366%34%33%375/obscure.htm
The same can be done with the domain name: http://%70%43%2D%68%45%6C%50%2E%6F%52%67/obscure.htm
In Sum
URLs can be obscured at least three ways:
1. Meaningless or deceptive text can be added after "http://" and before an "@" symbol.
2. The domain name can be expressed as an IP address, in dotted-decimal, dword, octal or hexadecimal format; and all of these formats have variants.
3. Characters in the URL can expressed as hexadecimal (base 16) numbers.
An Increasingly Common Exception
As IP address space becomes more valuable, web hosting services increasingly use systems that place many websites at one IP address. The server differentiates between sites by means of the domain name portion of the URL. Sites on such a server cannot be addressed using the IP address alone.
Some Notes on Compatibility
I've been getting a lot of feedback about this page from people who are running various browsers and proxies. So far, reports and my own rather limited tests seem to indicate that:
* hex-coded IPs and values over 255 in dotted-decimal IPs don't work with Netscape;
* most, perhaps all of the dword-coded IPs don't work with some versions of IE; this could be an effect of the MS patch for the "dotless IP" exploit.
* Later IE versions seem to reject any hex-coded IP that's not broken up by dots as in my first example above;
* Opera 3.60 doesn't allow non-dotted hexadecimal IPs.
* Netscape won't allow the following characters in the authentication text: /?
* IE won't allow the following characters in the authentication text: /\#
and it exhibits problems or inconsistencies with: %'"<>
* MS-Proxy reportedly rejects almost any IP address that's not in dotted-decimal IP format, as may some other proxies. Reports indicate that most proxies handle them all just fine.
SOURCE: PCHelp
http://www.pc-help.org/www.nwinternet.com/pchelp/index.html
*INCREDIBLE SITE-INCREDIBLE AUTHOR AND FRIEND TO ALL INTERNET USERS! (Stop by and say thanks. I've learned so much from this dedicated man, I don't know where to begin)
=====================================================================================
Copy/paste and save this info for furture use and to assist others who have a need to know:
================================
SOCKS Version 4
Source:http://www.socks.nec.com/socksv4.html
The SOCKSv4 protocol defines the message format and conventions to allow TCP-based application users transparent access across a firewall. During proxy connection setup, the SOCKS server grants access based on TCP header information including IP addresses, and source and destination host port numbers. The SOCKS server also authorizes users using ident (rfc1413) information.
The SOCKS user community proposed and implemented a protocol extension to SOCKSv4 that eliminates the requirement for SOCKSv4 clients to resolve internal and external domain names. By appending the unresolved domain names to the SOCKSv4 client requests, SOCKSv4 servers can attempt to resolve domain names.
Because of its simplicity, SOCKSv4 is widely used as a network firewall. There are two major weaknesses in SOCKSv4 protocol: lack of strong authentication and the requirement to recompile applications with SOCKSv4 client library. An IETF (Internet Engineering Task Force) working group drafted and approved a new version of SOCKS, SOCKSv5. The working group completed three SOCKSv5-related standards: rfc1928, rfc1929, and rfc1961.
Refer to the About SOCKS for more details about SOCKS.
SOCKSv4 implementations
Networking Systems Laboratory (NWSL), formerly C&C Software Technology Center (CSTC) of NEC USA Inc., developed the most popular publicly available implementation. It includes the SOCKSv4 server and socksified versions of finger, whois, ftp, and telnet. Click on the links below to download SOCKSv4 from this Web server.
--------------------------------------------------------
Sock5: SOCKS Version 5
The SOCKS Version 5 Protocol, also known as authenticated firewall traversal (AFT), is an open Internet standard (rfc1928) for performing network proxies at the transport layer. It resolves several issues that SOCKS version 4 protocol did not fully address or omitted:
* Strong authentication
* Authentication method negotiation
* Address resolution proxy
* Proxy for UDP-based applications
There are two additional SOCKSv5-related standards to support authentication methods:
* Username/Password authentication for SOCKSv5 (rfc1929)
* GSS-API (Generic Security Service Application Programming Interface) authentication for SOCKSv5 (rfc1961).
Refer to About SOCKS for additional information.
Authentication method negotiation
1. The application client declares to the SOCKSv5 server the authentication methods it can support
2. The SOCKSv5 server sends a message to the client announcing the method the client should use
3. The SOCKSv5 server determines the authentication method based on the security policy defined in the SOCKSv5 server's configuration. If the client's declared methods fail to meet the security requirement, the SOCKSv5 server drops communication.
Address resolution proxy
SOCKSv5's built-in address resolution proxy simplifies DNS administration and facilitates IP address hiding and translation. SOCKSv5 clients can pass the name, instead of the resolved address, to the SOCKSv5 server and the server resolves the address for the client.
Proxy for UDP-based applications
SOCKSv5 supports UDP association. UDP association creates a virtual proxy circuit for traversing UDP-based application data. There are two differences in TCP and UDP-based proxy circuits:
* The proxy circuit for UDP is a pair of addresses for the communication endpoints that send and receive datagrams.
* UDP proxy headers encapsulate application data, including the destination address of a datagram.
SOCKSv5 implementations
For Permeo's reference implementation of the SOCKSv5 protocol, see SOCKSv5 Reference Implementation.
Source:http://www.socks.nec.com/socksv5.html
------------------------
SOCKSv5 Reference Implementation
SOCKS reference software is available free of charge for NON-COMMERCIAL USE ONLY (academic, research, and personal use). All other usage requires licensing.
See Permeo's e-Border product information for a fully licensable, advanced SOCKS-based client and server solution.
View License and Terms for SOCKSv5 Reference Implementation.
Permeo publishes the SOCKSv5 Reference Implementation to validate the SOCKS version 5 protocol, and to serve as a framework for inter-operability testing for products based on the SOCKSv5 protocol. Permeo continues to maintain the SOCKSv5 Reference Implementation software to fix protocol-related problems only. Permeo will not support other problems, including platform, performance, reliability, or configuration issues.
Constraints
Both the SOCKSv5 protocol and the Reference Implementation have limited UDP support. The software supports only those UDP applications that perform simple query and reply functions.
By incorporating other SOCKS-based security technologies into a SOCKSv5 environment, you can easily add features that SOCKSv5 does not provide, such as: strong authentication, data encryption, application protocol inspection, proxy server chaining, load-balancing, and advanced UDP handling.
Permeo's commercial SOCKS-compliant product - e-Border™ includes protocol extensions to deliver all of the above-mentioned features, and supports streaming, multimedia, interactive, and complex H.323-based applications.
SOCKSv5 Reference Implementation Resources
* Download SOCKSv5 Reference Implementation - complete set of SOCKSv5 Reference Implementation-related packages
* Patches for SOCKSv5 Reference Implementation - patches for the current release
* Install and Build SOCKSv5 Reference Implementation - step-by-step instructions for basic build and installation
* Use SOCKSv5 Reference Implementation - detailed description on how to use SOCKSv5 Reference Implementation.
* Configure SOCKSv5 Reference Implementation - sample SOCKSv5 Reference Implementation configurations for different network environments
* Enable Username/Password Authentication
* SOCKSv5 Reference Implementation FAQ
Mail Aliases
Only Permeo reads mail sent to these addresses. Please use the appropriate mailing list for questions about configuration, implementation and usage. Permeo will not respond to inappropriate messages.
* socks5-comments@socks5.com - For those messages only Permeo should see -- feedback, software quality and requests for new features
* socks5-bugs@socks5.com - For bug reports and patches -- help us help SOCKSv5 users
* webmaster@socks5.com - Report dead links, Web content corrections and content, and other Web related problems.
Source: http://www.socks.nec.com/reference/socks5.html
--------------------------------------------
Additional links:
Socks 4: http://www.socks.nec.com/protocol/socks4.protocol
Socks5: http://www.socks.nec.com/draft/draft-ietf-aft-socks-pro-v5-04.txt
Best overall source: http://www.socks.nec.com/socksprot.html
Go to: http://www.socks.nec.com/aboutsocks.html
=====================================================================================
How To Navigate The Internet Safely
1. Introduction
2. Browser Security
3. Browser Check
4. Steps for Finding an Anonymous Proxy
5. NetBios
6. Cookies
7. WebBugs
8. Good Housekeeping
9. Firewalls
10. Anonymity Providers
11. Resources
--------------------------------------------------------------
1. Introduction
Safe Surfing consists in minimizing your profile and identity trail as you surf on the Internet. Every site you visit will record your machines unique Internet protocol number or ip address. Cookies can act as remote identifiers, and the values can be returned from within html web pages using e-mail or post commands. Any of the web pages that you download may contain either Active-x or Java applets both of which can be programmed to access the Windows System or your registry. Embedded Gifs or Web-Bugs can record your presence and 'phone home' style components can talk to some database.
As well as providing servers with another way to get Referer and other information. Disabling Java also stops many pop-up ads and interstitials. All the scripting languages like Javascript, Visual Basic Script (VBS) etc can execute system calls from inside the web page, query your registry and post back to the server sensitive data. In the case of a hacker, invisible frames can be loaded containing scripting to execute DOS commands such as "del C:\*.*"; "del Windows\*.*" i.e. wipe your hard disk away!
Other means of gaining referer information are for the server to ask you to connect either on shttp or https which is SSL, both are secure protocols that can override ordinary proxies and nullify them. Thus allowing the server to read your true ip address and in some cases this is their purpose not secure messaging!
Coming up in the rear is SOAP (Simple Object Access Protocol). This is a lightweight, XML-based protocol for exchanging information in a decentralized, and distributed environment. This is a messaging protocol, unlike Active-x, which uses remote procedure calls (RPC). It does not require synchronous execution or request/response interaction, and SOAP messages can have multiple parts addressed to different parties. Furthermore SOAP is programmatically extensible. In lay mans speak this protocol allows web page to speak to web page, remotely and on a queued basis i.e. allowing for time lapses. SOAP boasts A Proxy and Wire Transfer Service. This protocol has been submitted to W3C for consideration, and is along with XML the basis for Microsofts latest web gambit .NET. SOAP is extremely unsafe since it has access to the dns and the underlying windows system. It can totally bypass any firewall since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP.
Last but not least is NetBios and File and Print Sharing which is auto enabled on installation on some old operating systems, leaving your hard disk open for the world. So disabling all these options within your browser and in conjunction with using a proxy, preferably one from country out with your own, you can leverage some form of control over information leakage whilst you surf. Being aware of how and where ip leakage can occur allows you to Surf Safe!
---------------------------------------------------------------
2. Browser Security:-
To cover your tracks and prevent others from finding out your ip address you have to use a proxy and disable certain browser functions, proxies are covered in more detail in Proxy Basics. These functions are as follows:
To change the security settings in Internet Explorer: Tools Menu ... Select Internet Options... Security tab... Custom Level
Recommended Settings:Active-X controls and plug-ins
Download signed Active-X controls Disable
Download unsigned Active-X controls Disable
Initialized script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Disable
Script Active-X controls marked safe for scripting Disable
Cookies
Allow cookies that are stored on your computer Disable
Allow per-session cookies (not-stored) Disable
Downloads
Downloads Enable
Font Download Enable
Java
Java Permissions Disable Java
Miscellaneous
Access data sources across domains Disable
Drag and drop or copy and paste files Disable
Installation of desktop items Disable
Launching programs and files in an IFrame Disable
Navigate sub-frames across different domains Disable
Software channel permissions High Safety
Submit non encrypted form data Disable
Userdata persistance Disable
Scripting
Active scripting Disable
Allow paste operations via script Disable
Scripting of java applets Disable
After checking these settings, click on 'ok', then the 'advanced' tab.
Scroll down until you find the heading 'Java VM'.
Java VM
Java console enabled Disable
Java logging enabled Disable
JIT compiler for virtual machine Disable
For netscape users, to turn off java and also ... Edit... Preferences... Advanced... uncheck "enable java" and "enable javascript" and check "disable cookies"
To enable a proxy server in IE:
Go to Tools... Internet Options... Connections. If you use a dialup connection, click the "Settings" button next to the dialup properties box. If you have a broadband connection, click the "LAN Settings" button instead. Check the "Use a proxy" option, then enter the proxy's hostname and port number in the fields.
To enable a proxy server in Netscape
Go to Edit... Preferences... Advanced... Proxies. Choose "Manual Proxy Configuration," then click the View button and enter the proxy's hostname and port number in the WWW field.
To confirm that the proxy is functioning correctly, go to the IP-address page. You should see the proxy's IP address instead of your own. Alternatively select one of the url's from the Proxy Checking Sites list in the Resources section below and check that the ip-address you see on the page is the same as your proxy!
Some browsers have an auto e-mail facility find and disable this.
What does a browser record? There are three things a browser records when you visit a web page. Each one is stored in a different manner, in different places. It depends on which browser and which version you use, and even on what Operating System platform you are running it.
The three things a browser records are:
I The page itself in your cache
II The URL of the page in your history
III The URL's you typed in at the URL box (drop down list)
So the following tasks have to be undertaken.
Clearing the Cache:
Clearing the History:
Clearing the URL history:
Its optional on all the main browsers i.e. Netscape, Internet Explorer, Opera etc whether you choose to do this by hand and the precise syntax and commands vary by Browser version and Operating System version, but the principal is constant i.e. find where they are logged and delete the references! Under Windows this is normally inside the Registry. So in Netscape under windows 95: The URL history is stored in the windows registry.
Example: Clearing the URL history - Close Netscape if it is still running. Start the registry editor by running REGEDIT.EXE. Go to HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\ (doing a search for "URL History" will get you there immediately.) Delete the entries URL_1 through URL_10, but NOT the Default entry. Close the registry editor.
This is repeated for the other tasks. A simpler method is to use a program such as Window Washer or Evidence Eliminator both will automatically clean the required areas.
Now these items i.e. cache, url, and url history have been deleted but Microsoft in their wisdom chose to record the url and occasionally the url history elsewhere in areas such as the swap file, user.dat and system.dat and if you use Microsoft office or similar softwares the document history list may record your url history as well. Windows Washer should be able to deal with this. To deal with the swap file read the Swap File Basics. Remember under some versions of Windows such as Windows NT and Windows 2000 each user has a unique profile and history so if you use different accounts. Check them all.
---------------------------------------------------------------
2. Browser Check:
Every time you DialUp or connect to surf you should firstly connect with a proxy checking site that will tell you what your current browser ip is and other relevant environment variables, such as javascript etc. It is a good idea to paste the url of the proxy checker into the "Address" edit box situated under the General tab of the Internet Options Properties box. This will alert you to surfing on an unsafe ip.
---------------------------------------------------------------
4. Steps for Finding an Anonymous Proxy:-
Step 1.
Find a List of Proxies
Step 2.
Check the Proxies for Anonymity
Step 3.
Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis. Accomplished by comparing Referer, Site Location, and your current proxy, along with all the other visitors. If you keep your proxy long enough the logs may be hacked or made available to some interested 3rd party!
---------------------------------------------------------------
5. NetBios:
NetBIOS (or Network Basic Input Output System) is a program, that is used by Microsoft Networking. One use of NetBIOS is to allow the sharing of files and printers between computers on a Local Area Network (LAN). However, if you are connected to the Internet and using file and print sharing through NetBIOS, you may be exposed to unnecessary security risks. Most systems do not need NetBIOS to connect to the Internet. However, some older cable modem systems might need some components of NetBIOS. Out of the box NetBios is configured to enable about 9 separate components of your PC. These are:
1. Client for Microsoft Networks, the networking application
2. File and Printer Sharing for Microsoft Networks
3. Microsoft Family Logon
4. TCP/IP
5. NetBEUI (NetBIOS Enhanced User Interface)
6. IPX/SPX
7. Dial-up adapter
8. Cable modem/DSL interface
9. Local area network (LAN) interface (if applicable)
The insecure components in the pre-configured NetBIOS are: Microsoft Networks application and file and printer sharing. Since all nine NetBIOS components--including TCP/IP--are interconnected, your data is vulnerable when you're online. Each time you're connected to the Internet with the pre-configured NetBIOS, hackers can easily access your passwords, upload malicious code to your computer and more. Your computer is exposed to any, and all, kinds of security threats.
The solution is to re-configure your NetBIOS. TCP/IP will only be connected to the dial-up adapter. The NetBEUI transport will also be connected to the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides safe local file and network sharing, your files will not be exposed in this configuration. The Microsoft Network application, file and print sharing and Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX protocol should be removed from the networking component list!
Disabling File And Printer Sharing for Your Dial-Up Adapter (Win 95/98)
1. Click Start, point to Settings, click Control Panel, and then double-click Network.
2. Click TCP/IP->Dial-up Adapter, click Properties, and then click the Bindings tab.
3. Click to clear the File and Printer Sharing check box, click OK, and then click OK.
4. Restart your computer.
NOTE:
This disables the File And Printer Sharing component only for the Dial-Up Networking adapter. Local network file sharing or printer sharing is not affected. Windows NT users should disable TCP/IP Binding from NetBIOS.
Turning Off File and Print Sharing Completely
1. Click on Start then to Control Panels. Double click on the icon Network.
2. Click on the button File and Print Sharing.
3. To disable File and Print Sharing, uncheck both boxes. To enable File and Print Sharing, check both boxes.
4. Click OK and then OK again. File and Print Sharing is now disabled.
6. Cookies:
Recording which IP address accessed a site is a start, but it's not enough for many places on the net. They want to know more - such as whether you've visited before. This is done using what are called cookies. There are many myths about cookies, which are best dispelled by looking at a site such as www.cookiecentral.com.A cookie is simply a piece of information that a website asks your browser to store on your PC. The same site can then request the cookie next time you visit. This allows it, for instance, to automatically fill in your login name on the AvantGo pages, or supply the weather reports you asked for on the msn.com home page. What a cookie can't do is trawl your hard drive for your credit card number, neither can it tell a website anything it didn't already know about you. If you tell a site your name is Tipper instead of Albert, then that's what will be in the cookie that's stored on your computer. So why do so many people get worked up about cookies? Because a few companies, most notably DoubleClick, have found a way round the fact that a server can only request cookies for its own site. DoubleClick is an agency that supplies the ads that appear on many of the net's most popular sites. Using cookies, DoubleClick can uniquely identify you, allowing a profile of the type of sites you visit to be built up, and even supplying relevant adverts for you. So how can it do this when cookies are unique to a site? It's simple -the DoubleClick adverts aren't on the site you visit. They're stored on DoubleClick's own servers, and your web browser dutifully fetches them from there. This means it has requested information from the DoubleClick server, and can therefore have a cookie sent, or passed back to, that server. Solution: In your browser disable all cookie access and clean regularly!
---------------------------------------------------------------
7. WebBugs:
WebBugs: There are about five different types of Web bugs, The simplest bug is a small, clear GIF with no content and its set to be transparent so the web page background shines through. Its included on the web page you surf to but is downloaded from another site. Usually some Advert based site the download call along with the referrer information is enough to identify your machine as visiting some site. It normally works with cookies to send information to third parties about a your online travels. Other more malicious forms of Web bugs are "executable bugs," which can install a file onto people's hard drives to collect information whenever they are online. For example, one such bug can scan a person's machine to send information on every document that contains the word "sex" . The sneakiest bugs are "script-based executable bugs that can go out and take any document from your computer" without notice, there are programs that can track live, private recordings through Webcams or voice recorders hooked up to computers. Other script-based bugs also execute files, but they're not installed on a person's PC. They can simply try to control the person's computer from its server, as well as track the consumer's travels on the Web from behind the scenes. An example of this can be found on a popular entertainment site, PassThisOn.com, which launches multiple browser windows when a person tries to exit the site. These methods can bypass your firewall since your browser will have permission to fetch stuff from web-sites. This principle can be employed in Word documents or em ails such that when you open them, some site somewhere is notified that some PC is opening and reading this document. Nice thought?
---------------------------------------------------------------
8. Good Housekeeping:
One consequence of surfing on the Internet is not only do other people want to know your surfing habits and real ip. So does your own PC! Each installed program will invariably come with some form of a history list. This list will be stored in the registry or less commonly in a text file with a .ini extension, usually found in the installation folder. In the registry search for LastVisitedMRU. These are used to enumerate your last five actions or so. i.e. Windows MediaPlayer has a hidden history list that contains a description of items last activated by it, be it some mp3 or visually enticing mpg movie. Likewise RealPlayer has a similar facility furthermore if you use it to search online music databases like DDB it will phone home to the RealPlayer web site sending your list of preferences along with a unique number that was written into the registry when the program was first installed, and its usually a mixture of your real ip and some pc generated number, i.e. a GUID. Thereby identifying you regardless of whether you employ a proxy or not!
Do Url's Go To Heaven?
Url's that you have surfed through may be stored covertly within the Swap File, on a just in case they are needed again basis, furthermore any of the microsoft products might, depending on your preference settings, choose to add one of these url's to its history list or Most Recently Used document list in MS Word's case. These are then stored in proprietary files and within and any of index.dat, system.dat, user.dat and on windows2000, Windows Millenium in pagefile.sys. or the Swap file. Each time you switch on your computer unknown to you these are then loaded into the respective program registry mappings or hidden files. Latest versions of windows use individual profiles called "UserData" stored within the registry. This is how Windows maintains its appearance of being static, looking the same, or attempting to achieve "persistence" across multiple boot ups. So some Url's do go to heaven and kinda live for ever ;-)
Spyware:
Some "free" software will, as it is being installed, copy a 2nd parties programs, usually to the System folder. These type of programs are what is known as AdWare since once online your surfing habits are monitored by the 2rd party and advert streams are sent to the application based on your preferences. The application author gets paid for allowing his program to target you with adverts and this is the price you pay for free software. Other nonspyware software can periodically attempt to update itself; for example, the Windows 98 Update feature checks an address at Microsoft every five minutes once you enable it (and you can't turn it off without uninstalling it). Naturally you don't want any of these things on your pc.
COM/SOAP
These are ostensibly microsoft protocols. SOAP leaves you insecure since it has access to the dns (domain name calls) and the underlying windows system. So it can request o/s serial numbers, bad if you paid for Windows by credit card. It can totally bypass any firewall and router filtering, since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP. COM is the basis for .NET and the new Windows coming you way soon. Windows has been re-written to use COM everywhere including the windows controls such as edit, list and treeview controls etc. This makes Windows a highly insecure communications environment. Coupled with the fact that Microsoft shares some of its source codes with Govt Agencies and favored Corporations under strict terms of secrecy, this should alert the wise!
Cleaning Up:
Since each application that you have installed can store a History List of associated files, i.e. Internet Explorer will have a list of Url's your browser last surfed, for its use in its "IntelliSense" or Smart matching on partial Url's that you type into the browser AddressBar. You need an application to sweep these out and clean up each time that you either boot up or shut down. One such application is Window Washer it is safe and simple to use and it allows customized items both in the registry and any folder to be set for deletion. It comes with a default set of Windows locations to delete i.e. Documents under the Start menu is wiped clean. So for each application you will have to work out what it stores, where it stores it and set WindowsWasher to delete it on a regular basis. For the more trickier case of the Swap File, User.dat and Sytem.dat see The Swap File and Registry Basics faqs.
There are programs available to search for and remove phone home components, where web-bugs are concerned the use of a Firewall, either Norton Personal Firewall or Zonealarm are good 1st choices here, and proxy and cookie cleaning on a regular basis will minimize any problem here. A security site is working on a Web-Bug filter at present.
---------------------------------------------------------------
9. Firewalls:
A Firewall is a program that filters all ingoing and outgoing connections to the internet. Anyone who is running ADSL or Cable and other fixed ip services are more vulnerable to security breaches. A Firewall will allow you to set filters on which packets can enter or leave your computer. Most Firewalls come with standard settings enabled such as Application privileges, Internet traffic blocking, local network access to the systems services and shared accounts, and the blocking of known advertising companies. Along with the disabling of javascript this will stop all those annoying pop up windows appearing.
A firewall will also allow you to decide what appears in the packets that leave your computer i.e. your type of computer , operating system , timezone etc all which helps to enforce your privacy. If your computer is personal and for home use then find yourself a copy of AtGuard which is an excellent configurable Firewall, and if you cannot find a version, then Norton Personal Firewall is a good substitute since it purchased a license to the AtGuard kernel.
---------------------------------------------------------------
10. Anonymity Providers:
HushMail:
HushMail Is the world's first 1024 bit encrypted free mail service! http://www.hushmail.com/
Anonymous.To:
Anonymous.To Offer Free Anonymous Email Accounts. http://www.anonymous.to/
Freedom.net:
Freedom.net Offer anonymous mail, telnet, IRC, SSH and web-surfing. http://www.zks.net/
SecureNym:
SecureNym Offers secure and anonymous web based E-mail by subscription. http://www.securenym.net/
Pop3Now:
Pop3Now Lets you access your mail from the web with SSL encryption. http://www.pop3now.com/
Cyberpass:
Cyberpass Run by Lance Cottrell, a well known cryptographer & cypherpunk. http://www.cyberpass.net/
LOD Communications:
LOD Communications Offers for $10 a month a shell account with WWW page. http://www.lod.com/
AnonMailNet:
AnonMailNet Offers Web2Mail & Web2News interfaces with standard Internet services. http://www.anonmail.net/
Data Haven Project:
Data Haven Project For $10 a month shell account with full access. http://www.dhp.com/
Offshore Information Services:
Offshore Information Services Offer anonymous services from Anguilla B.W.I. http://www.offshore.ai/
Nymserver:
Nymserver Offers anonymous e-mail and newsgroup posting, PGP, & finger info. http://www.nymserver.com/
Somebody.net:
Somebody.net Offers anonymous surfing and anonymous e-mail services http://somebody.net/
Resentment.org:
Resentment.org Now offers free SSL web mail accounts http://www.resentment.org/
Altopia Privacy:
Altopia Privacy accounts now, Anonymous accounts later... http://www.altopia.com/
---------------------------------------------------------------
11. Resources:
* Window Washer
* Evidence Eliminator
* GUID Cleaner
* Cache Cleaner
* Spyware Faqs
* Spyware Cleaner
* Spyware Cleaner
* Web Bugs:
* Web Bugs:
* Scramdisk:
* WinZip
* MIT's pgp distribution
* PGP Inc
* PGP International
Forensics
* infoworld's computer forensics
* computer forensics ltd or electronic discovery
* computer forensics online and icsc
* training and tools
* consultant and berryhill and network international
* wipe wiping magnetic
* Gutmann's Secure Deletion of Data from Magnetic and Solid-State Memory
Cookies:-
* MSN Cookie Info :
* Introdu c tion to Cookies :
* Web Cookie Basics :
* Cookies! :
* Internet Cookies :
* About Cookies :
* What is a Cookie? :
* Cookie Central :
* Netscape Cookies :
WebTV Proxy Info's
Proxy Checking Sites:
http://leader.ru/secure/who.html
http://www.all-nettools.com/tools1.htm
http://www.multiproxy.org/env_check.htm
http://grc.com/default.htm
http://privacy.net/analyze/
https://grc.com/x/ne.dll?bh0bkyd2
*All working links as of 6-20-02
Country Check
* http://www.all-nettools.com/tool s1.htm
* http://www.arin.net/whois/
* http://www.samspade.org/
Firewall Sites:
* Firewall check:
* Firewallls:
* Home PC Firewall Guide:
* Firewall Resource Centre:
* Firewall Guide:
* Firewall Q&A:
* The TIS Firewall Toolkit FAQ:
* Zeuros Network Solutions Firewall Resource:
* Firewalls FAQ:
* Linux firewalls:
Personal Firewalls:
* ZoneAlarm:
* BlackICE:
* AtGuard:
* Norton:
* McAfee
* SafeGuard
* Sphinx
=====================================================================================
Since this site is based on safe surfing, I will add a few facts or suggestions, for those that are less informed.
For the record: I use the word LEA only because I learned what I do know from a hacker site forum I visited many moons ago (Has long since gone underground) and the terms they used stuck to my vocabulary, that's all. I am not a hacker!
(Nor do I pretend to be) I'm still a newcommer myself compared to some people ive talked to. I just wanted to learn how to surf safe and these guys taught me how to do just that. So, don't ask me about hacking or what site it was. That is neither here nor there. Thank you and I hope the following information helps the newbies and or anyone else for that matter:)
1.- When asking a question, learn to be specific.
2.- If you ask a question, make sure you get back to see if your question was answered. If not ask again.
Thanking the person for their time would be ok, too.
3.- Use some sort of proxy:
HTTP/Secure/FTP
Socks or
Web based Proxy.
(Not to mention turning off:
Java Permisions and those that are in the custom level which so many miss and may cause the proxy reading to give you a error # default 127.000 <----(not sure if this is the right # but that sure aint my proxy #) This error shows up when checking your Java with a java checker)which is a bug in IE 5.5 and older. Turn Off (Disable)
all settings for
/Active X controls and plug ins/ And Cookies.
4.- Make sure the Proxy you are using is anonymous, (Don't trust the site you got it from only because they say it is anonymous. CHECK IT yourself) also make sure these proxys are not in LEA friendly zones <---(This is going to start huge questions, it always does) This goes without saying--> If you live in, for example: Canada. You dont want to use a proxy from Canada(They are LEA bed buddies). This would defeat the whole purpose of trying to remain more anonymous, therefore find a proxy or should I say proxys from Countries that don't shake hands with the Devil (LEA) ...Oh boy, this will surely kick off heated debate now.
NOTE: Proxys are rated or graded in 2 categories:
1 thru 5 which is the Proxy Anony Level.
The lower the # the better the proxy when and if you can find a proxy that is non Via. #1 usualy are the best if it is fast because these arent even detected as you using a proxy server, but hard to find but not imposible (They are out there like needles in a haystack) You have to look hard but well worth it :) Another thing # 1 Proxys dont have an A thru G score.
And:
A thru G. Which is the proxy score.
A is better than B and so on.
Therefore you want an anonymous Proxy. Not a Via Proxy..This Minor detail is very important: Example.
HTTP Env. Value
Result
Via a Proxy <------No Good
HTTP Env. Value
Result
Anonomized Or Anonymous <---That's what you are after. Make sense?
5.- Never use your real information on the computer when ever possible (Some cant avoid this thanks to credit cards and such)
for the most part, like when you are signing up for a E-Mail or registering a free software tool/progy..etc. Lie!
6.- Find an anonymous E-Mail.
7.- Never use the computer @ work for anything other than work (not even your E-Mail). They are watching you! Bank on it!
8.-Make sure you are using a Firewall and an antivrus program that is updated as much as possible.
9.-When downloading stuff from the Internet allways scan for: Trojans/Virus'/Spyware & Adware. Do this before opening the program and installing it to your system. (If you don't have the AdWare Progy, get it. I love this tool)
10.- Use some kind of history cleaner/window washer and a complete HD cleaning utility program.
11.- Make sure you dont have that stupid remember my pass word or autocomplete on niether. I hate that one!
12.- Find a good pop-up stopper for when you need to surf with java on and a cookie watcher utility for when you need to activate cookies permissions, unfortunately some sites do requier java and or cookies to be enabled in order to view or visit their site. Fuckers!...lol..That's French for Wonderful....teehee..NOT!
13.- Never do anything illegal that you will regret later on in the future.
These tips are only for you to remain anonymous.
I personaly enjoy my privacy and that is also why there are locks on my doors and windows, not to mention the drapes... and a door for my shitter.
I'm sure I could go on and on, but these are just basic tips. If I left something out feel free to reply. One more thing. I wont get into any heated battles or debates over any information I posted here today. So don't even try me. Surf Safe:))
Sincerely: Lori Mullen
==============================
Sound advice Lori and if I can add my 5 cents worth, installing the following, and in my view essential programs, will go a long way to ensuring your privacy and security, Proxomitron, Zone Alarm and Ad-aware (all free). Safe surfing.
==============================
Hi at All , thank for your info gremlockus , but i have question for you :
- proxy level anonymity from 1 to 5 is for Test with proxyjudge.cgi ?
1)yes
- what are best anonymous web-mail?
2)Try stealthmailmaster http://www.mailinglistmaster.com/
- it's better to use Anonymous proxy or Socks proxy, and what are the best proxy country for Anonymity?
3)If you want be more secure try Sockschain.SocksChain can function as a usual SOCKS-server that transmits queries through a chain of proxies: proxy-socks-proxy-socks-proxy-internet
- What do you think about JAP(java Anonymity proxy) ?
4)JAP is very good
Test your anonymity here:
http://linkworld.to/proxyblind
You have there java ip test,proxyjudge test,ENV test and much more...
=====================================================================================
Privacy and Security on your PC
Layer One: Good Privacy Protection Habits
Part I of this article covered the people who want your data, the technologies available to them, and the
Constitutional underpinnings of your right to privacy. Here in Part II we cover the six layers of privacy protection, with dozens of links to products and services that will maximize your privacy.
The most effective thing you can do to protect the private information on your computer is to establish a layered approach to security. You need to build first-line, second-line, third-line (etc.) defenses, and consider the consequences at each level if those defenses should fail.
Not to indulge in an overused, and rather pass?© phrase, but when it comes to computer security, you are the weakest link. The most sophisticated security system in the world cannot protect the privacy of information if you don't develop and adhere to good privacy protection habits.
First and foremost, develop the habit of non-disclosure. Simply because forms or applications request private information does not mean that you should automatically divulge the information. Generous use of "Not Applicable" or "N/A" is a prudent habit to develop. You can be more proactive, if you like, handling excessive demands for personal information with a campaign of disinformation. Simply altering a few characters of a name, zip code, or social security number when inputting data on Internet forms causes information to be associated with the fictitious identity, thus defeating data mining and profiling techniques. Of course, you should be especially stingy with information that uniquely identifies you, such as your driver's license number or social security number. Such entries should be limited to online banking, passport renewal, or other dealings with trusted firms and agencies.
Another important privacy protection habit is educating yourself to the specific weaknesses of your hardware, operating system, and applications.
One example of a hardware weakness would be the TEMPEST emanations discussed in Part I, but you would, first and foremost, have to be a pretty bad dude to be the subject of TEMPEST monitoring. Researchers and security experts differ on how effective TEMPEST monitoring is, how directional the antennas are, and how well one machine's emanations can be differentiated from another's. Researchers Markus Kuhn and Ross Anderson say that TEMPEST monitoring can be prevented with techniques such as using gray scales to mask characters on the screen. Alternatively, you can supposedly jam the emanations by placing a second computer within the same room and having its monitor generate an electrical smokescreen of characters by using a screensaver similar to the one used in the movie "The Matrix." We would theorize that an older monitor with higher emissions than a new one, running at the same resolution and refresh rate, would be most effective, but you're not that paranoid, are you?
Most browsers have an autocomplete feature that remembers what you've typed when you fill in online forms. After you've typed a few characters, the autocomplete feature creates a drop-down box that contains the remainder of a zip code or other data. How did your computer know what information was needed to fill in the desired blank? You might be shocked to find that your Social Security number, bank account number, passwords, birthday, address, mother's maiden name, and credit card numbers are all stored on your computer if you've entered them into forms. You can clear out this information and disable this feature with only nine clicks of the mouse:
From the Internet Explorer Tools menu, click: Internet Options|Content tab|autocomplete button, then uncheck all three boxes and click the two buttons to "clear forms" and "clear passwords", then click "OK" to close the two open dialog boxes.
Do you play games at work? Use unauthorized software? Windows can give you away. It maintains Applog files in the System folder and keeps a record of which programs are used most frequently. Windows uses this information if you select the defragmentation option to rearrange your program files so that your programs start faster. Deleting the Applog folder's contents prevents that record from being examined to determine your usage habits.
Temporary Files and Hidden Text
Windows temporary files can create a privacy concern if they contain personal information and are not securely deleted. If, for example, you create or edit a document in Microsoft Word and then save it, Windows immediately creates a temporary file containing information from the old (pre-saved) version of the text document. Windows may store this temporary file in any available space on the computer's hard drive. When you turn off the computer, the temporary file is "deleted," meaning that its storage space is marked as available for future data to be recorded. However, the file's contents are not actually erased from the hard drive. The information from the old document can be recovered using simple file recovery or disk inspection software if no new data has been written to the old document's storage location on the hard drive.
A simple, but tedious, protection measure that avoids the problem of old document contents being invisibly stored, is to use the "save as" command on Microsoft Word's File Menu instead of the "save" icon. The "save as" command allows a user to change the file name each time the file is saved, thus preserving the old (pre-saved) versions of the document in a visible form and making them easier to securely delete.
Many applications create temporary files to facilitate automatic recovery of your work in the event (or is that a certainty?) of an operating system crash. After a few months' use, these files, typically beginning with the tilde (~) character, litter your system. Using the Windows Disk Cleanup utility restores the space taken by the temporary files, but doesn't erase the data. An additional step, secure deletion of free space, is necessary, as we'll see in Layer Five, below.
Microsoft Word itself has a significant weakness in the way it handles revisions to a document and "deleted" text. You're probably aware of Word's undelete/undo features, but have you considered how this task is accomplished? Text that has been "deleted" in a Microsoft Word document is actually not erased at all. It is merely coded to not appear when viewed or printed; similar to the way other non-printing characters like paragraph indentations or page breaks do not appear. The "deleted" text can be viewed by using the Notepad program in Windows or Edit program in MS DOS. If you email a Word document or give it on a disk to someone, all your edits and revisions go with it. So that letter that you jokingly started, "Dear Meathead..." and then erased still bears your original sentiment. Older versions of Word even include passwords to supposedly-protected documents.
Preventing this type of leak is as simple as cutting and pasting the Word document's text into a new Word document before sending it to anyone. All of the revisions are left behind; the new document is built with only the visible text. Similar cautions apply to any application with an undo/redo feature.
Strengthen and Mask Passwords
If you're serious about maintaining your privacy, password discipline should also be habitual. If you're unfamiliar with password cracking methods, you're likely to make many common mistakes. A 1999 survey by Network Computing magazine revealed that two thirds of people use the same password for multiple accounts. So if you visit a fraudulent Web site and enter a password as part of creating an account or an identity, then the odds are great that the site owner will have access your email or other accounts with the password given.
Another common mistake is selecting insecure passwords. Passwords should be a minimum of 8 to 10 characters long and be composed of a combination of numerals, punctuation marks, and upper and lower case letters. Passwords should never be the name of a person, a birth date, sequential numbers, or any word from a dictionary of any language. Password cracking programs using a dictionary attack can easily guess a password by trying every word in an entire dictionary. This process takes only seconds to complete on computers using Pentium (or faster) processors.
One method of password selection would be to incorporate a strategy of obfuscation. For example, you could record a CD with dozens of full-length, classic e-book texts such as War and Peace, Les Miserable, the complete works of Shakespeare, etc., and chooses a few letters from a word at the end of one sentence and a few letters from the beginning of the next sentence as a password. This would result in a strong password with upper case, lower case, and punctuation characters. If you were to insert this CD and use a mouse to navigate to the correct e-book location, highlight the characters, and then copy and paste them wherever a password was required, you would prevent a key logger from detecting anything because the keyboard would never be used. The CD itself would be of little use to any one looking for your password, and if the CD were ever inadvertently lost or damaged, you could easily recreate it from the public-domain texts. Note that although the cut-and-pasted characters may not be visible to a keyboard logger, some spy programs also take periodic snapshots of the screen, and you might be unlucky enough to have your password snapped between the time you paste and hit the Enter key.
Layers Two and Three: Physical Barriers and Firewalls
Physical Barriers
Of all the various privacy protection methods, barriers are the easiest to implement. Barrier security is founded upon the simple premise that the fewer people who have access to a computer system, the less the likelihood that the system will be subjected to unauthorized access. The physical location of a computer storing personal information should be in a lockable room, just as you would lock a desk drawer or file cabinet. If you have more than one computer you should consider isolating one computer from the Internet and storing financial records or other private information on the isolated system. The most proficient hacker/ cracker in the world cannot access a system with which they have absolutely no contact.
Firewalls, Web Filters, and Tracking Detection Firewalls
Any computer system that accesses the Internet should be equipped with a firewall to enable the user to detect and prevent unauthorized access to the computer through the Internet connection. This writer uses the Norton Internet Security Suite from www.symantec.comas his primary firewall. This application provides an integrated system for intrusion attempt detection, blocking advertisements on the Internet, anti- virus scanning, and privacy filtering to prevent private information like credit card numbers from being sent out to the Internet. An alternative free firewall application called "Zone Alarm" can be obtained from www.zonelabs.com.
Web Filters
Your browser keeps a record of which site was just visited, which empowers the "back" button. The Web sites that you visit can obtain and record this information. Therefore, if you visit site where anarchy, AIDS, or atheism are discussed and then proceed to online shopping sites where you complete order forms, or otherwise divulge your identity, this tracking could lead to an undesired disclosure of information about your interests. An online demonstration of this disclosure can be viewed at privacy.net.
You can block referrers several different ways, including with filtering software such as The Proxomitron, which is available from www.extremetech.com/proxomitron.Proxomitron is a proxy server that runs locally on your machine, filtering inbound and outbound traffic. If you'd prefer not to have web filtering software installed on you computer, you can use online web filtering tools such as Anonymizer at www.anonymizer.comor Rewebber at www.rewebber.de.These sites redirect your Web traffic through their machines, filtering the outbound traffic and removing all identifiers, including your IP address, from your packets.
Tracking Detection
Because website tracking occurs invisibly, and mostly on the server side, it is difficult to detect which websites may be keeping an ongoing record of a user's activities. One free product that makes this information available to a user is the Privacy Companion from www.idcide.com.Activity tracking programs, such as the previously mentioned Spector, can be detected and deactivated by performing a scan using a product called Who's Watching Me, available from www.trapware.com.Battles between the activity loggers and the logger detectors occasionally erupt, as was the case recently between Who's Watching Me and WinWhatWhere Investigator.
Layer Four: Trojan, Key Logger, and Spyware Detection
If the first three layers of defense fail and unauthorized access to the computer does occur, it is important to be aware of the intrusion so that it can be dealt with as quickly as possible. Specialized detection software is needed for this purpose because Trojan, key logging, and spyware programs are designed to run invisibly and will appear neither in the Windows system tray, nor in the task manager window that appears when CTRL-ALT-DEL is pressed once. Two free programs that assist in the detection of intruders are Regmon which provides a real-time display of all changes to the Windows registry, and FileMonitor which displays all file opening and closing activity as it is occurring. These two programs are available from: www.sysinternals.com.
Trojan Detection
One extremely useful program for Trojan detection is called Trojan Monitor and is a component of a program called "The Cleaner" from: www.moosoft.com.Trojan Monitor constantly watches all of the critical system files and registry settings and will immediately sound an audible alarm and generate a flashing warning signal if any program attempts to modify these settings. Trojan monitor will then identify the specific setting that is causing the alarm and give a user the option of whether or not to allow the change to proceed. A high-quality freeware alternative for Trojan scanning and removal is a product called Trojan First Aid Kit (TFAK), available from www.wilders.org.
Spyware Detection
The leader in spyware detection is a program called Ad -Aware. It is freely available from www.lavasoftUSA.com, and the program offers a live update feature to keep its list of spyware programs current. In a matter of minutes, Ad-Aware can scan the contents of an entire computer, identify any spyware programs, and offer to delete them. As a secondary means of confirming a suspected file's status, an online spyware database is available for searching at: www.spychecker.com.
Key Logger Detection
An old, but free, program called Hook Protect from www.softsecurity.comscans a computer for any signs of monitoring software. A similar, but more recent, key logging detection program is called Anti -Key Logger from www.anti-keyloggers.com.
Layer Five: Minimizing Exposed Information
Fifth Layer: Minimize Exposed Information
In the event that all of the foregoing methods fail and someone does break into your machine, you should take steps to limit the information to which the intruder can have access. This fallback position includes techniques to securely delete unneeded sensitive information and encrypt sensitive information that must be retained on the system.
Secure Deletion
The Windows operating system does not delete files. Even the action of "emptying" the recycle bin does not cause the files to be destroyed. Emptying the recycle bin merely marks the disk space storing a document as available for recording future data. And even if the data is overwritten, it can still be recovered. Remnants of the old magnetic patterns remain at the edges of each track, and the disk controller can often be commanded to mis-track sufficiently to read it. (The appropriate equipment to do this is generally in the hands of law enforcement and intelligence agencies. Some of the equipment requires disassembly of the drive.) The data does not become unrecoverable until it is overwritten many times. Several programs exist to allow users to accomplish actual deletion of files containing sensitive information. A few of these are listed below:
BC Wipe is a multifunction secure deletion tool available from: www.jetico.com.It clears and overwrites the Windows swap file (WIN386.SWP), file slack space, and the unused space on a hard drive. All of these areas can potentially contain private information. The BC-Wipe program offers various options for data deletion ranging from a fast single overwrite up to capabilities that meet U.S. Department of Defense data destruction requirements for classified information.
Clean System Directory from www.theabsolute.netis a free application that allows users to remove dynamic linked library files (.dll) that were left behind when their corresponding applications were uninstalled. From a privacy standpoint, the removal of these files prevents someone from examining the Windows system folder and determining what programs were previously installed.
Clean Up! is a free program from The Strangely Green Chicken Company at: free.prohosting.com/ ~sgould/cleanup/README.html#Download. With only a single mouse click, it searches for and deletes files containing private information about Internet activity. This program's deleted files include the Index.dat files that contain a cumulative list of every website visited. A user attempting to simply delete the Index.dat files without such a program will discover that Windows blocks user access to these files.
Empty Temp Folders from: danish-shareware.dk is a free multifunction application which allows users to selectively delete cookies, Internet history items, and temporary files, in addition to clearing the Windows clipboard, and finding broken links to files that have been deleted. Finding and deleting broken links to deleted files, is one of the loose ends that can disclose a user's activities on a computer.
Properties Plus from www.ne.jp is a free program that allows a user to alter the time/date stamp that Windows places on every file. This time/date information can be used not only to see when a user created, modified, or last accessed a particular file, but by analyzing the time/date stamps of files in conjunction, a detailed usage pattern can be deduced. A manual method to achieve time/date stamp modifications is to copy a file from one hard drive to another, and then copy the file back again. However, the manual method only resets the dates and times to when the file was re-copied.
RegCleaner (not to be confused with Microsoft's unsupported product RegClean) is a free program available from www.jv16.org.Many programs leave behind telltale registry entries when they are uninstalled. Although not specifically designed as a privacy tool per se, this product enables a user to search out and eliminate all references to previously installed programs, thus, denying this information to anyone later examining the computer. An unintended consequence of this cleaning is that it allows many shareware programs to be repeatedly reinstalled after their expiration dates, since these programs use these hidden registry leftovers to identify which computers have previously installed the shareware.
Encryption and Steganography
The leading encryption product for home use is Pretty Good Privacy (PGP) from www.pgpi.org.However, use of this product is somewhat complicated and can cause it to go unused, resulting in no privacy protection whatsoever. After examining various encryption products, I believe that Silver Key from www.bestcrypto.comis vastly easier to use and is sufficiently secure. It costs only $19.95 and allows drag and drop encryption of complete folders using the state-of-the-art AES encryption algorithm. A freeware version called Iron Key is also available. It is similarly quick and easy to use, but can only encrypt one file at a time and uses the DES encryption algorithm that was cracked in 22 hours.
=====================================================================================
Hi!
When I connect to a web site using a proxy, what does my ISP can see (and eventually log)? I guess he can see I connect to a proxy and determinate the proxy's IP, but can he also see the adress of the site I'm consulting?
Thanks!
When u 're surfing behind a proxy your ISP can't see where u're going.The only problem is if you destroy any web site or do any damage.In this case the attacked site , with your proxy'IP , will ask the proxiy's server for his log files.Your real adress will appear and your ISP will be contacted.After : guillotine...;-)
If you want to be more anonymous , use a socks chain ; it'll be more difficult to find you...
Hi first of all
a newb question.. can the proxy make the sites visited anon to your isp? or just the site?
-----------------------------------------
admin
Administrator
isp can see your netadventures:
1. By detecting IP sites wich you knocking (in this case it will be proxy IP)
2. By turning on cache function
=> do not think about bad things when your are in the WWW
------------------------------------------
rangi
Moderator
Do a Google search for a web based proxy which supports HTTPS then all your ISP will see is your connection to the proxy and will have no idea where you are surfing. Safe surfing.
------------------------------------------
Silent Bob
10-5-2002 16:06 OK,maybe this is a completely stupid question,but I'm gonna ask anyway. Is it eh... legal to use those proxies cause in theory you have to get permission from their owners to use it?
-----------------------------------------
rangi
Moderator
Not a stupid question, here is what Shaun at Winfosec has to say on the subject:-
Is it legal to surf through open proxies ?.
As far as we can tell, the answer is yes. The primary argument against open proxies is that their owners may not have intended for them to be used by the public. However, by running a service on a machine accessible to the public, without restricting access to that service, the machine's administrator is implicitly consenting for that service to be used by the public. A proxy server is just like a web server, an FTP server, or any other net service: if it's running and accepting connections, it's fair game. The internet is a public network.
With regard to US law in particular, 18 USC 1030 (which covers computer-related fraud and theft) applies only when the user has knowingly accessed a computer without authorization or has knowingly exceeded his authorized access on that computer. Because an open HTTP proxy, by default, allows connections and use of the service by anyone in the world, the proxy's administrator has essentially "authorized" everyone to use the service. There's no intentional bypassing of security taking place. Just as you don't need Google's express written permission to connect to google.com, you don't need a proxy admin's express written permission to use his open proxy server.
Naturally it's not legal to use a proxy for illegal purposes, but if that's your cup of tea, the proxy is probably the least of your worries!
Safe surfing.