Hacking with proxys

If a hacker wants to cover his tracks by using a proxy server are there any limitations?.
Ect i heard someone that i know say he used to brute force hotmail passwords using 90 anon proxy servers :confused:.Is this possible,can you port scan and DDos thru 90 proxy servers aswell?.I thaught if you tryed brute forcing hotmail with that many proxy servers would'nt you flood ur own box or sumin?.I need someone to help me understand please..

(Sorry if i brought up hotmail and brute forcing in the same sentance but i am just trying to understand the limitations of proxy servers so ect if i get portscanned i want to know if its coming from the intruders computer or a comprised one or if its possible to hide behind a proxy.)

The limitations of proxy servers, for the most part, are set up mostly with those proxy servers and your own computer. In theory, you can do whatever you want or need to do, but it depends largely on the various settings.

Look into your computer's settings, and make sure you're doing some tunnelling if you intend to try this. A good way to TRULY test this is to use two different computers (both your own) and hide one behind a proxy server. Do the attacks and look at the logs for the appropriate IPs.

A proxy server works by routing all your traffic through it, acting as a relay.

Some simply forward traffic for you and do not change the packets any. These can be used to send your traffic through specific geographic areas, maybe for speed benifits.

Others will change the source address and make the packet appear to be coming from them. So the true source is therefore hidden.

However, a record is kept in most cases and these records can be subpoenaed by authorities. So it will make it harder to find you, but not impossible.

No, it is not possible to use proxy servers for distributed computing projects unless they were designed for it or you can somehow manage to find that many with an appropriate trojan on them.

Many proxies will give the documentation, will provide this kind of information about their settings. That's why its very important to check. If nothing else, you can always do the test I prescribed above.

Ok thanks just wanted to know if it could be done.Second question i have is i know you can add proxy servers to a web browser like internet explorer by navigating to: tools,internet options,connections,settings and selecting use proxy server.My question is in windows is there a different way to add proxy servers like say add them to a file on ur comp without entering them in the browser,or not?

The kind of traffic that can be passed by a proxy, depends on the type of proxy used(HTTP,SOCKS,CGI). Although I don't see how you could use a normal proxy for port scans, I see no reason why someone couldnt use multiple proxies to BruteForce an HTTP authentication. Here is a link for some basic info on different proxies.

http://www.freeproxy.ru/en/free_proxy/faq/

-Maestr0

Go to properties of ur network neighbourhood and play around with it ,u will learn a lot.
But always remember that u can always be traced if wanted

I understand about getting access through proxies to view web pages, but how does one use them when using these programs? Do they somehow change the routing table or something? Could it be a setting in the actual scanner/brute forcer (or whatever other program)?

Spekter1080
Most scanners and Brute force programs do indeed have options/setting to scan/ bruteforce through a proxy.

I also believe (not sure) that their is a program you can run on the background where you can assign a proxy to it, so that every outgoing data is going through that proxy.


Dominatorx
I dont think you can know if a portscan is coming from a proxy or from an intruder.
Unless you can find the contact info of the proxy, so you can ask the admin of the proxy to check out his logfiles.
If the ip is coming straight from the intruder, you can contact his isp.
A way to find his isp is by using nslookup.

-mlite

I am not too sure Dominaterx will answer your posts as the thread was started back on 11-24-2003. Also, this is the last post Dominaterx has posted... I think they have moved on...

-Deeboe