Proxy

[John W]

I have read a lot lately about using proxy servers for security reasons on my connection. It also can make me anonymous on the net. I have used a few tools and added proxy servers to my internet connections. They do work. I have checked them and I will show as being in Europe. Mexico ect. with apparently no way for me to be tracked (level 1 or 2 ).

I would use it all the time but it really slows down my connection and I really don't know how much info is being kept on the servers. I do have to be careful because most of my activity can be very sensitive as a stock broker. Most if not all of my connections to my home office go through a VPN which my broker dealer controls.

Anyone have ideas or comments about proxies and there real value and security?

 

[damaged]

It really matters from implementation to implementation to what degree of security you have when surfing with a typical proxy, since the packets have to go through (in socks4/5 http proxy scenarios), in the clear, if it uses random 'free(hijacked)' proxies in the mix, some may or may not pass header information, such as useragent, X-Forward, and so on.
A better alternative to these usual proxies is onion routing, more specifically Tor.

Here is a good place to start.. http://tor.eff.org/ they (the eff) also have a proxy software (free, non-central, no ads) called Tor. http://tor.eff.org/overview.html for an overview of how onion routing works. By the way, Tor supports many protocols, such as IM, ssh, irc, etc, not just web, the only thing it blocks for sure is using it for proxying email (sending only, obviously a wise move, else spammers would kill its use.). And have a look at privoxy (mentioned on the second url above) will remove things like cookies, web bugs and browser data..

 

[korsjs]

thanks, this looks like something worth checking out.

 

[John W]

Great info, I will check it out

 

[Scott Greczkowski]

The best proxy to use is actually an AOL account.

Last week we were having an issue so the person we were having a isue with decided to come through a proxy, so we ended up blocking the proxy as well.

On AOL it always shows you coming via an AOL proxy plus no one is goiing to block AOL for connecting to their site (and the speed is a lot better then any proxy I have used on the Internet)

 

[korsjs]

i can't stand aol.

 

[Neutron]

NAT does the same thing a Proxy server does.

 

[Scott Greczkowski]

NAT does not do the same thing as a proxy. with NAT all your connections come from the same Internet IP address (while your internal machines use NAT to get an internal IP address)

When you connect a proxy your real internet IP connects to the proxy server, when you fetch a page the request is sent to the proxy server which goes out and gets it (using its IP address not yours) then sends it to you. If the proxy is setup correctly the remote server only know the proxy has connected to it and can not see you hiding behind the proxy.

 

[Neutron]

I thought about that after I posted that, lol.

I meant that partially, NAT does the same thing as a proxy as privacy goes.

 

[damaged]

Proxy and NAT/PATs are nothing alike in anyway shape or form, one (NAT/PAT) works at a totally different layer, and has no anonymizing features whatsoever, or encryption, comparing NAT or PAT to proxying, is ALMOST comparing apples and oranges, you cannot use a NAT or PAT to anonimize and encryypt your data channels, NAT and PAT only redirect ips/ports from the outside interface (a dsl modem etc) to your inside interface(s) (your ethernet cards ip) and vice versa.

Proxies, used for acceleration and/or caching work on an application layer, i.e they bind to an ip address (or more) and a port or set of ports, as opposed to NAT/PAT where the packets get altered at the network/ip layer. Also NAT/PAT cares not for the packet payload, it is only interested in the packet headers, where the proxy works on a higher level.

Also the proxy mentioned uses onion routing, which is nothing like NAT or PAT OR even accel/caching proxies. It is conceivable for beginners to think they are the same, but they are nothing alike, maybe only in the way the end user perceives the data path.

To summarize, NAT/PAT makes sure hosts within a LAN (with private address ranges like 192.168/16 or 10/8 etc) can communicate to the outside internet interface, to the requested remote service, transparently. PAT/NAT have NO anonymizing featues whatsoever (unless you consider the act of translating RFC 1918 (the ips like 192. and 10., etc) ip address space into non-RFC 1918 address anonimization) (HINT: it isn't anonimizing at all, since RFC 1918 address space isn't normally routable (some bad isps do this to control customer modems, or in the case of a VPN or ip/ip tunnel etc but that's another story)

Proxies, when used in PLACE(which is what I think you are referring to) of NAT/PAT are used to accelerate or cache data for the internal lan, or provide a single point of access for caching/accel reasons, usually in conjunction (as oppsed to instead of) with NAT/PAT, but do NOT work the same, nor are the meant to.

And finally the proxies this thread is referring to is neither a caching or accel proxy, but a encrypted tcp tunnel/session.

NAT/PAT in this instance serve no purpose here, they aren't intended to, or designed to be anonymous.

 

[damaged]

The best proxy to use is actually an AOL account.

Last week we were having an issue so the person we were having a isue with decided to come through a proxy, so we ended up blocking the proxy as well.

On AOL it always shows you coming via an AOL proxy plus no one is goiing to block AOL for connecting to their site (and the speed is a lot better then any proxy I have used on the Internet)

That is called an edge proxy, it is only used for acceleration/caching, it has no real anonyminity properies, due to the fact an ISPs proxy will send what's called a X-Forwarded-For header (and others like `Remote host:' and 'HTTP From') which reveals the REAL users ip and or username/emailaddy, legit/responsible/clueful ISPs would never strip this header since it would be abused. If you have ever seen squid logs you would see this header. Sites like http://www.showmyip.com/ and http://www.junkbusters.com/cgi-bin/privacy will also reveal these headers if you are using a non-anonymizing proxy.

The speed you felt was because it was a cacheing/accel proxy and was within the ISPs edge (low latency etc). An anonimizing proxy, almost always has higher latencies (due to the finite amount of time it takes for encryption and forwading through the onion system) and NEVER leak X-Forwarded-For or `HTTP From', `Remote host:' info.

Just to clarify, this is what I do for a living, I have setup and maintain diferent kinds of proxies from reverse apache proxies, to squid proxys with complex redirection systems (to virus scan incoming webpages and enforcing policy) and have dealt VERY heavily in NAT/PAT setups, VPN, IP/IP tunnels as well as ipv4/ipv6 proxies both transparent and common (application specific configuration to use the proxy). AOL use of a proxy has very little to do with the type of proxy that is being spoken about in this thread, the one spoken about is an anonymous proxy, it differs in that, the entry proxy is always different from the exit proxy (you arent going through a single proxy, you are going through many in different orders transparently), and all connectons outside of your LAN are totally encrypted. AOLs proxy servers as well as most if not all isps' proxies have 0 encryption or anonimization. Assuming AOL DOES strip the X-Forward/HTTP From/Remote host: headers, I can guarantee they still possess the originating ip/host/username logs which can easily be cross referenceed with radius logs to find out who you are, where you live, where you went, how long you stayed at each page, and so on.

 

[Foxbat]

damaged,
I've been away for a while, but let me welcome you to SatGuys.US (I'm sure others have welcomed you as well; we're a friendly bunch). It's always good to have someone who knows the nuts and bolts of IP to clear things up. Hopefuly, we'll be able to return the favor and answer your satellite questions!

 

[damaged]

Thanks for the welcome, and no, I got no welcome (but I did not take it personally ), I was actually reading these forms for about a month before actually registering. As for questions, so far any I have had were answered by prior posts. As far as forum-type sites like these, it is VERY rare to find one with such a low S/N ratio as this, it is truley impressive, I have only noted 1 or 2 trolls, and even they wern't bad trolls. To be honest, I can be a bit argumentative in a forum, but the quality of the information and the people I have seen posting _here_, has made me want to make an effort not to 'ruin' my time on here. i.e. I stay away from the political, racial, 'my d**k is bigger than yours' threads. Again thanks. I also am an M.I.S. (dbase manager), linux 'guru'(slackware), php+mysql(or pgsql), perl, my main love is network security and intrusion detection systems, anything to do with computers basically...so I am happy to help with computer/network/email/antispam/security/etc issues, oops, sorry this turned into a resume. I'll shutup now.

 

[Peter Parker]

I installed Tor. It says it is running but every reverse ip lookup site I try shows my real IP. So does an email.


BTW I asked this once before but got no answer. A friend runs a board and claims to be able to track visitors and posters by their MAC addresses---therby defeating proxies. Is that possible?

 

[Mark_AR]

I would like to have 1% of the knowledge that 'damaged' just iterated on....

I've wanted to get network savvy or maybe even try for my MCSE Cert. someday.

Welcome 'damaged'

- Not worthy...

But to get back on topic... I've used the following as a starting point:

http://www.anonymitychecker.com/index.html

Lots of good info for newb's if you can navigate around the ads/downloads for proxy subscriptions.

 

[damaged]

I installed Tor. It says it is running but every reverse ip lookup site I try shows my real IP. So does an email.


BTW I asked this once before but got no answer. A friend runs a board and claims to be able to track visitors and posters by their MAC addresses---therby defeating proxies. Is that possible?

For one, did you install and setup privoxy? What youll end up with is: your browser (or client) will connect to privoxy, then privoxy will connect to tor, then tor will do its thing. See: http://tor.eff.org/cvs/tor/doc/tor-doc-win32.html for detailed information. Feel free to ask me for any help, either here or in PM, if you IRC, (i co-found an irc network), we can do it in real time (sorry I dont yahoo, aim or msn). Hope that helps. Don;t give up, the results are worth it and once configured yo wont have to touch it, with the exeption of updating it (which is as easy as just runing the updated tor install). BTW, the reason you must use privoxy is because tor is made to allow any tcp protocol to use the tor system, to maximize performance and minimize code (and hence exploitable holes), the socks5/http proxy functionality is left to privoxy, which also makes sure you don't send other information which might act to single you out even through a tor onion (i.e. lets say you forge your web browser useragent from the usual:
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" (for example), to something like:
"Hozilla/4.0 (compatible; MSIE 666.0; Windows NT 5.1; SV1)"
then while your ip is hidden via tor, your useragent would stick out like a sore thumb, privoxy helps eliminate this, yes tor could have included privoxy functionality, but for technicle reasons, it wouldn;t be as good of an app as it is now.

The privoxy suggestion was based on the assumption you did not install it(privoxy), if you did, make sure you configured your client AND privoxy AND tor in the manner the link above states.

 

[Peter Parker]

I configured it as recommended. But my IP still shows up.

 

[damaged]

How are you connecting to the internet? Are you using a router that has a real ip and uses dhcp to give you a lan ip(192.168. or 10.) addy? If you don;t know for sure, open a dos command line and type: ipconfig
and paste it to me in a PM. Also if you can, include all the lines in privoxys config file (accessed as pictured here: http://tor.eff.org/img/screenshot-win32-privoxy-config.png will look like: http://tor.eff.org/img/screenshot-win32-privoxy-edit.png )
include all lines in that config.txt that do NOT have a # in front of it.

 

[damaged]

I installed Tor. It says it is running but every reverse ip lookup site I try shows my real IP. So does an email.


BTW I asked this once before but got no answer. A friend runs a board and claims to be able to track visitors and posters by their MAC addresses---therby defeating proxies. Is that possible?

Sorry I missed your question, if the person is on the same LAN as you are, then yes(if they have the proper sniffing tools), but MAC addies do not show themselves on the internet, so no. Your internet ip is in no way related to your MAC address, so even if one could observe your mac address, they cannot extract your internet ip address, but being MAC addies aren't shown, that point is moot. Also MAC addresses can be forged trivially, but, again, that point too is also moot. To be frank your 'friend' is full of it(no offense). If you need proof:
http://www.google.com/search?num=100&hl=en&lr=&safe=off&oi=defmore&q=define:MAC+Address

 

[Peter Parker]

I realize that MAC addresses are not related to IPs. That is why I am skeptical of the calim and have asked about it. It may be that they are bluffing although they have hinted that it is somehow tied to the board software they use.

But I think that you misunderstand slightly. I never said that they could ectract thhe Ip form the MAC. Only that they would see the MAC address as constant even if you used proxies.


I will send the other info this weekend. I am not on that PC now. But yes it is connected via a router.