Announcement

Collapse
No announcement yet.

Anonymous IP/ scrambling

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Anonymous IP/ scrambling

    I've been lurking here for a couple days now and I figure that the people who hang out here might be able to help me. I'de like to know if theres someway to truly mask the IP adresses of computers hooked up to a network, I've tried Firewalls, and chained proxys, but both of these still have alot of holes. Is there anyway to make your IP anonymous to servers, or closer then the above ways? IS there some way to scramble it perhaps? ANy help would be great. IN other word any way to protect yur identity online.
    Last edited by Bingo; June 10, 2004, 19:05.
    And bingo was his name-o

  • #2
    Originally posted by Bingo
    I've been lurking here for a couple days now and I figure that the people who hang out here might be able to help me. I'de like to know if theres someway to truly mask the IP adresses of computers hooked up to a network, I've tried Firewalls, and chained proxys, but both of these still have alot of holes. Is there anyway to make your IP anonymous to servers, or closer then the above ways? IS there some way to scramble it perhaps? ANy help would be great
    Some more information would be required. For the most part what your asking to do is and isnt possible. You can do things like NAT to hide your internal address structure behind another IP. But you cant just make your internet traffic appear to come from random addresses, things would never route back to you.

    I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

    Comment


    • #3
      Actually what I'm asking is more basic :) I'm connecting through a router, so alough I can proxy/defend my station, the networks still open, and my DNS is still open. Also I've had problems wih proxy since I can't find any that can't be traced right through. :(
      And bingo was his name-o

      Comment


      • #4
        Originally posted by Bingo
        I've been lurking here for a couple days now and I figure that the people who hang out here might be able to help me. I'de like to know if theres someway to truly mask the IP adresses of computers hooked up to a network, I've tried Firewalls, and chained proxys, but both of these still have alot of holes. Is there anyway to make your IP anonymous to servers, or closer then the above ways? IS there some way to scramble it perhaps? ANy help would be great. IN other word any way to protect yur identity online.
        For hiding a network, a combination of NAT, with stateful rules for network access/firewall/filtering are good combinations. This can help you to hide information about your internal network from outside viewers, but still leave an external presence to others which is known (the NAT/Filter/Firewall box and its collective IP addresses.)

        There was a presentation done at DC a long while back where they were going to setup a network where ISP nodes shared each others badwitdh with some anonization of proxy support. Their attempt was more centralized and was going to be an ISP-like service. I think it was called "zeroknowledge" but they later changed their name to something else (I think)... A google of this name with "defcon" might get you more information.
        Their idea was to create a collection of nodes on the Internet and permit each node to act as a relay and layer3/4 masquerader for packets passing through them. Each session could effectively come from a different chain of hosts and better anonymize information of the original client. There was use of crypto in trying to hide data for connections as well as content for end-to-near-end security and more.... I do not remember everything. Good academics was included and it seemed like a good idea for some people, but large orgs would probably just use VPN or PPTP or SSH/tunnel/proxy.

        It was a good idea, but not so great (by itself) for web browsing, as there are methods for extracting information from users through Java/JavaScript and other unnamed MS-API/tools for web browsing.

        Another route for web content are places like "anonymizer.com" which are a fee based service for trying to help people to anonymize ther web surfing. These kinds of places do what they can to offer their clients support to strip out Java/JavaScript or other apps which might cause information leakage to a site. They have "trial" versions which offer a demo. but they won't demo to certain domains.

        There are other tools that people use in a sort of "grass-roots" proxy setup where end-users share use of each other's badnwidth with per-session information randomly "routed" and masqueraded (NAT 1 to many) through other peers. I don't have names for these services though. These are like the ZeroKnowledge idea, but more decentralized.

        There are independednt operators (individuals) who offer the use of their exposed IP address and a caching proxy server (like squid) to allow others to browse through their exposed point. These require that you trust the person operating the proxy.

        If you are looking for a service-less method for randomizing IP information, such a thing would be a difficult problem. Any attempt to alter the SRC IP address in the IP header of a packet, will likely result in you not being able to see any reply come back to your or your network, and in the cases with some ISP, cause your packet to never even leave their network.

        You can google for keywords "anonymous" "IP Address" "identity" and "privacy" to find other suggestions.

        Comment


        • #5
          Originally posted by Bingo
          Actually what I'm asking is more basic :) I'm connecting through a router, so alough I can proxy/defend my station, the networks still open, and my DNS is still open. Also I've had problems wih proxy since I can't find any that can't be traced right through. :(
          If you do not care about your exposed IP address being known, the problem you describe is a common one which has many solutions-- most of which involve creation of a DMZ network space. A search on google with thw following keywords should help. (Some excellentpapers are online to help you with this and offer more detail that I ever would on these forums):

          DMZ proxy stateful firewall "private network" NAT masquerading

          I have seen several and most include network diagrams too.

          Comment


          • #6
            so long as its not my real IP showing, I don't really care, although to be completly hidden would be cool. There's a truckload of info for me to search through but you've pointed me in the right direction, so thanks. Also the ZeroKnowledge thing doesn't really do any good but it was an interesting idea to read about :)
            Last edited by Bingo; June 10, 2004, 20:30.
            And bingo was his name-o

            Comment


            • #7
              Originally posted by Bingo
              so long as its not my real IP showing, I don't really care, although to be completly hidden would be cool. There's a truckload of info for me to search through but you've pointed me in the right direction, so thanks. Also the zerologic thing doesn't really do any good but it was an interesting idea to read about :)
              My first post is a machine gun response with short simple examples/solutions and enough information for you to search to find more information on those.

              My second post was an attempt to address the simple problem you posted in your second response.

              "My Real IP" is ambiguous. If that is the IP address of any "user's" host on your LAN, then yes, but if that is the IP address of your exposed NAT/Masq/Firewall/Filter, then no.

              And the original topic was not "ZeroLogic" (I did not write this in my post) but I did write *ZeroKnowledge* (I am not writing this with any emotion of anger, but I am stressing the correct name.)

              I found it. It was from wayyyyyy back in time in DefCon 6:
              http://defcon.org/html/defcon-6/defcon-6.html

              "Austin Hill-President of Zero-Knowledge Systems Inc., and Ian Goldberg - ISAAC Research Group, UC Berkeley. Zero-Knowledge Systems will release the first complete Internet privacy utility for consumers in September 1998. Using full strength, fully exportable encryption technology developed by some of the worlds leading cryptographers this product allows Internet users to become completely anonymous on the Internet, using digital pseudonyms and public key cryptography to establish and authenticate digital identities. The Zero-Knowledge Systems development team includes Ian Goldberg who achieved international recognition for his part in breaking the Netscape encryption scheme as well as the development team of the Archie Internet protocol. Forrester Research has estimated that 9 million people will have purchased an Internet privacy solution by the year 2000. There are currently very few Internet privacy tools on the market making this one of the highest growth areas of Internet business. "

              Pretty much describes what I wrote in my summary. Though the presentation room during this session was not very full, the people who actually were in the audience seemed bright enough to me. :-)

              I even went up to ask questions at the end of this one. The concept seemed like a good idea to me, just not something I would buy as it does not fit my own needs.

              [Edit: Verified that I did not write "zerologic" and put confirmation as an update above]
              Last edited by TheCotMan; June 10, 2004, 20:30.

              Comment


              • #8
                [Not Edit] Ya wrong name, maybe I should sleep some so I can think straight. Thanks again fer the help
                And bingo was his name-o

                Comment


                • #9
                  Originally posted by Bingo
                  [Not Edit] Ya wrong name, maybe I should sleep some so I can think straight.
                  It is fine. Everyone makes mistakes, and IMO I make more than many of the other people who post here, and edit is very common for me-- more common than post. ;-)

                  I sometimes don't even remember at which DC an event occured... it all just seems to bleed together in my memory.... funny thing is that I never got drunk or stoned at any of these and *still* cant' remember which one was which and when something happened.

                  Thanks again fer the help
                  You're welcome.
                  Last edited by TheCotMan; June 10, 2004, 20:52. Reason: fixed typo that vs than

                  Comment


                  • #10
                    DC12 presentation

                    Follow-up on this same topic...

                    Looks like we will have a related presentation at this years DC:

                    DC12 Schedule

                    Tor: An Anonymizing Overlay Network for TCP

                    Comment


                    • #11
                      The only way to totally anonymize yourself is to use a public "free" wifi network or something. Any other attempt would be tracable.

                      Comment


                      • #12
                        Originally posted by ExtremeEsprit
                        The only way to totally anonymize yourself is to use a public "free" wifi network or something. Any other attempt would be tracable.
                        This may help to anonymize your aparrent IP address, but for use of cookies, bookmarks with session ID (most browsers will do these), and leakage made possible through the miracle wonders of MSIE, it can be possible for information leakage through your machine.... but who uses MSIE anyway? ;-)

                        Total anonmization for all layers is quite tricky. There is even work using some pretty advanced math to make predictions about identity based on traffic patterns, and content as well as other clues. (More advanced than what most businesses might do with user tracking.)

                        One thing to note here though:
                        I'd like to stress "free public networks" as to meaning, "purposefully left open by their owners so they may legally share their access to the public" (I'm pretty sure that is what ExtremeEspirit meant in the above statement.)
                        Last edited by TheCotMan; June 14, 2004, 18:00. Reason: fix typo

                        Comment


                        • #13
                          you could always go through a proxy, or even connect through a public terminal at a cyber cafe or something. just don't be like my friend and portsniff at the u of c information commnons where the IT office [manned and monitoring traffic 24/hrs a day] was 50 metres down the hall.

                          Comment


                          • #14
                            Originally posted by TheCotMan
                            There was a presentation done at DC a long while back where they were going to setup a network where ISP nodes shared each others badwitdh with some anonization of proxy support. Their attempt was more centralized and was going to be an ISP-like service. I think it was called "zeroknowledge" but they later changed their name to something else (I think)... A google of this name with "defcon" might get you more information.
                            Their idea was to create a collection of nodes on the Internet and permit each node to act as a relay and layer3/4 masquerader for packets passing through them. Each session could effectively come from a different chain of hosts and better anonymize information of the original client. There was use of crypto in trying to hide data for connections as well as content for end-to-near-end security and more.... I do not remember everything.
                            Zer0knowledge is't too mutch into anonymity buisness anymore... They somewhat failed economicly with their Freedom network and found it cheaper to refound all their customer than keeping the network up... But they did OpenSouce their sourecode http://frelay.shmoo.com/
                            ZeroKnowledge website is: http://www.zeroknowledge.com/en/. There are more into ISP firewall/antivirus/anti-spyware pay by month services now...
                            /* NO COMMENT */

                            Comment


                            • #15
                              Yeah, then change you MAC address by hard coding your Nic directly (MAC spoofing software only works from inside the network). Also use a "disposable" browser. A good one is Mozilla firebird (not firefox), since you can run it directly without installing it.


                              -------------------------

                              Comment

                              Working...
                              X