|
1. Introduction
|
|
2. Just a number?
|
|
3. What is a
proxy server?
|
|
4. Why use
one?
|
|
5. Proxy
Types
|
|
6. Steps for
Finding an Anonymous Proxy
|
|
7. Where to find a
Proxy List
|
|
8. Where To Test
Your Proxy for Anonymity
|
|
9. Where to
Check The Proxy Server's
Country
|
|
10. How to
configure one in your
browser
|
|
11. Obscuring
a Proxy URL
|
|
12. Additional
Security
|
|
13. Resources
|
1. Introduction:-
This is intended as a summary of proxy basics. A reminder as to why its required.
Anonymity is needed because there are people who surf the net looking for other
people's ip address or url name so they can then publicly malign them by finding their
"true" identity and telling the world this person eats spam or likes to watch the grass
grow, or in the case of an Advertising Corporation which will sell your identity to some
retailer like WalMart. So some basic precautions that you need to take to avoid this
are: using a proxy, disabling all cookie options, java, active-x, and all scripting
options in your internet browser, print and file sharing in NetBios, and also installing a
firewall. The following text attempts to be a summary of those basic methods by
which you can anonymously communicate with other like minded persons.
2. Just a number? :-
Before you can understand how best to protect your privacy, it's helpful to know just
what information you're generating when you connect to the net, and how easy this
is to trace.
At the very lowest level, when you connect to a website it will receive a record of
your IP address - the unique number that indicates which computer you're using. If
you use an ISP like Demon, that gives you a fixed address, that's enough to pinpoint
your account. With a dynamic address, it'll pinpoint the modem line you connected
to. Finding out which customer was using that line means matching up a time with
the records from the computers that handle your login. On a busy system, that could
mean finding one from tens of thousands of entries, but it can be done. This is how
the police were able to track the source of the Love Bug virus to a dialup account
used by a group of students in the Philippines. Some systems, such as AOL, might
share an IP address between more than one user. The same is true of some
corporate gateways to the net; but even so, there will usually be a way to work back
to a specific system, even if it involves trawling through pages of log files. One way
of hiding these sites is to go via a proxy, making the address that appears in the web
server's logs that of the proxy server. Of course, all that's really doing is adding
another link to the chain, since the proxy server will have a record of what you're
asking it to do. But with the Proxy Server resident in a foreign country this is time
consuming, probably not practible and faced with proxy chaining most will just give
up. This is also what makes proxy servers a useful tool for those who want to see
what you're up to. Even though you may not think your web requests are going
through one, many internet service providers (ISPs) use so-called 'forced proxying'.
This means that all web requests are routed via a transparent proxy. You don't need
to change any settings in your browser, but the effect is the same. For an
organization or country that wants to control and monitor what people are seeing on
the web, it's ideal.
Thoughts regarding the use of system logs as evidence:
Log files make crap evidence, for a start they're easily forged, and you're reliant upon
computer generated evidence. What jury will believe a computer over a human? At
best log files are supporting evidence, in most cases they only show logins,
connections and other impersonal evidence, no log can say BEYOND REASONABLE
DOUBT that someone did something, they only say this machine number connected at
this time, it don't say anything about the identity of the person. If in doubt deny
everything, after all its the job of the prosecution to prove you are guilty of some
misdemeanor.
3. What is a proxy server:-
A Proxy Server is a firewall and cache server. It can allow an entire network of
computers to access the internet(http or ftp) with a single IP. it can act as a kind of
filter for that network. Let's say you have 3 computers in some small network in japan
going through a proxy server, schematically it looks like this.
- ------->|
- ------->|Proxy Server ----> The Web Site
- ------->|
If you are at home with internet access through your ISP, this is what your
connection looks like :
(PC)------>Your ISP ----> The Web Site |
If the proxy server in the network above allows other users to use it we can do this :
(PC)------->Your ISP ---->Proxy Server ----> The Web Site |
From the above diagram we can go through the proxy server and hide our real ip
address or url name! The Web Site will only see the ip address or url name of the
proxy server and NOT that of your isp, thereby making you anonymous!
4. Why Use One:-
- To act as a security firewall or ip filter.
- To reduce the network load by caching commonly requested pages.
- To translate the material into another language.
- To improve access speed for users, achieved by caching.
Our interest lies in the first option i.e. becoming anonymous and Surfing Safe It isn't
guaranteed that simply by using a proxy you will be anonymous. Some proxy servers
will forward your real ip at random intervals others do it by default, others do by
request from the web site that you visit. This makes it necessary to test your proxy
for nym status at an Proxy Checking site. These sites will allow you to test the
information or headers that are passed from the proxy server to the web site, careful
inspection of these will allow you to decide just how anonymous you really are. An
example header is:
HTTP_USER_AGENT: IE5 WIN2000 |
which tells the site your browser and operating system type.
So once you enter a website, and click any one of the files on the webserver, the
website owners can find out these items of information about you, and much more:
- Your IP Address.
- Your hostname.
- Your continent.
- Your country.
- Your city.
- Your web browser.
- Your Operating System.
- Your screen resolution.
- Your screen colors.
- The previous URL you visited.
- Your ISP.
5. Proxy Types:-
The two most commonly used proxy types are http and socks each uses the
common ports 8080, 1080 respectively. http proxies are for use with your browser.
Socks which is a valid proxy alternative allows you sockisfy http, ftp, telnet, nntp,
and common chat protocols similar to icq.
6. Steps for Finding an Anonymous Proxy:-
- Step 1.
- Find a List of Proxies
- Step 2.
- Check the Proxies for Anonymity
- Step 3.
- Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis.
Accomplished by comparing Referer, Site Location, and your current proxy, along with
all the other visitors. If you keep your proxy long enough the logs may be hacked or
made available to some interested 3rd party!
7. Where to find a Proxy List:-
Visit the various proxy sites that offer 8080 or 1080 proxies.
Proxy Lists:
Also you can use Proxy Hunter to
search for proxies in given domain ranges.
8. Where To Test Your Proxy for Anonymity:-
Go to one of these sites, even more than one to double check, read the environment
variables, look for the ip address or url name. If you see your ip number then you are
not anonymous!
Anonymity 4 Proxy allows the
importing and testing of lists of proxies
9. Where to Check The Proxy Server's Country
:-
Avoid US/UK/Canada/Australia/NZ and most western European countries!
10. How to configure one in your browser:-
To enable a proxy server in IE |
Go to: Tools... Internet Options... Connections... Settings |
If you use a dialup connection, click the "Settings" button next to the dialup
properties box. If you have a broadband connection, click the "LAN Settings" button
instead. Check the "Use a proxy" option, then enter the proxy's hostname into the
"Address" Editbox and port number into the "Port" Editbox normally 8080.
Tip: In the "General" tab make your Proxy Checking Url your chosen "Home Page" this
allows you to check each time you log on.
To enable a proxy server in Netscape: |
Go To: Preferences... Network... Proxy tab |
Same as Internet Explorer
11. Obscuring a Proxy URL:-
An additional method is to obscure your url using hex codes so it turns out like looking
like this http://3513587746@3466536962/~anyname/homepage.htm For a
complete explanation of how to visit
12. Additional Security:-
Your security can be further advanced by chaining proxies whether they be http
based or socks proxies. And schematically might look like this:
client ---> proxy1 ---> proxy2 ---> Web Site. |
Each proxy server type has its own chaining syntax.
HTTP/FTP
The most common syntax is of the form proxy1.jp:8080//proxy2.kr:8080. This is
added direct to your address editbox. Other proxy servers like the Japanese DeleGate
servers use -_- to prefix the proxy and this can be typed straight into the url address
bar i.e. type http://needmore.cs.utexas.edu:10080/-_-http://www.yahoo.com, note
the "-_-", similar syntax applies to ftp sites since DeleGate Proxy Servers offer a ftp
proxy service. The majority of proxy servers will use the http transport to convey the
ftp information, and in doing so may or may not adhere to the connection
conventions laid out in the ftp protocol. So to avoid revealing your ip address via an
ftp connection its best to use a socks proxy for the purpose of anonymity, probably
combined with some ftp client program. Proxy Hunter can be used to find the
fastest proxies.
SHTTP/HTTPS
SHTTP aka Secure Hypertext Transport Protocol is a modified version of the
Hypertext Transport Protocol (HTTP) that includes security features. implementations
include Digital Signitures, MAC aunthentication, Public/Private Key Encryption.
HTTPS aka SSL (S)ecure (S)ocket (L)ayer is similary a secure messaging protocol but
it differs from SHHTP in that supports a variety of protocols such as FTP/HTTP etc.
SSL is compatible with firewalls and tunneling connections. Other protocols have their
own secure versions such as FTPS for ftp and NNTPS for NNTP or Network News
where some news servers allow upload via a secure connection.
WARNING: Since both these protocols allow connections on arbitrary or secure ports
443 in the case of SSL. These connection requests, unless blocked by a firewall or
handled via a secure proxy specific to the protocol, will reveal your ip address in the
connection process!
SOCKS:
Socks Proxies which are the most flexible covering many protocols can be
successfully chained using a program called SocksChain which chains 2 or more socks
proxies. If you use say 4 socks proxies chained together because you want to post
on some Russian news server. Then this will make you anonymous. Similar applies to
ftp http mail icq etc.
Proxy Chaining:
The basic idea is this: although not all chainable proxies have web interfaces (a web
page with a form where you can enter the URL you want to surf to using the proxy),
several do have such interfaces. Three that are well known are MagusNet, the
Anonymizer, and the Anonymicer.
Before starting, go to http://www.tamos.com/bin/proxy.cgi and write down the
set of four decimal digits that make up your current IP address. Now, here's how to
figure out how to learn to chain proxies with web form interfaces: Also try ports 8088
and 8090 for some additional interesting results. MagusNet uses a DeleGate proxy
server; many other DeleGate proxy servers also have web interfaces and are
chainable; to find several, notice the title of the MagusNet page: 'DeleGate for
Non-CERN-Proxy clients'. Searching for that phrase on the standard US and
Japanese search engines will turn up several other DeleGate proxy servers you can
easily find the prefixes for using the exact same technique outlined above.
Many other DeleGates have no web interfaces, but they are chainable, too. Any
time you are testing proxies you have found by scanning with ProxyHunter, searching
on Search Engines, or filtered out of lists like the ones at Proxys4All or out of
guestbooks or Boards at sites dealing with proxies etc., just test them to see if they
can be chained. For example, if the _fictional_ proxy my_url.jp:80 is identified as a
DeleGate on the Tamos page (or any of the other ENV testers listed on the Proxys4All
Tools page), try http://www.my_url.jp:80 /-_-http://www.tamos.com/bin/proxy.cgi
and see if it works. If it does (and many times it will), you've got another chainable
proxy to add to your list.
13. Resources
Proxy
Hunter: This is a good freeware proxy scanner
Anonymity 4 Proxy . This
program can inform if a proxy allows connection for HTTP, SSL and FTP.
HTTPort Is freeware and it can
use a SSL proxy to tunnel requests to a
wide variety of net services.
Socks2HTTP Socks2HTTP is an
agent converting SOCKS v.5 requests into HTTP requests and tunneling them
through HTTP proxy.
Newsgroups dealing with Anonymity
- alt.anonymous
- alt.anonymous.email
- alt.anonymous.messages
- alt.hackers
- alt.security.keydist
- alt.security.pgp
- comp.security.pgp
- comp.security.pgp.announce
- comp.security.pgp.discuss
- comp.security.pgp.resources
- comp.security.pgp.tech
- misc.security
- sci.crypt
- sci.crypt.research
|