How can I hide my IP?

[Collapse]

Using a public proxy to login to services that require passwords is a big No No . A simple packet sniffer which is decoding all information passing through it would easily compromise the security of the account on which you are logging into.

Just provide the adequate security for your system and don't do anything stupid which people would hunt you for. I don't use a proxy, but there is a project called JAP, a program written in JAVA, which provides a free proxy server. This can be found here. There is an english version and a German one. But something I would promote more would be Proxomitron.

This is a program that protects your privacy, by not letting sites view the pages you've been on before etc.. It also helps you pass the Browser Privacy section at Symantec security check. It does not act as a proxy, so people still see your actual IP. But it is a safe way to minimalize the amount people can know about you through certain scripts. You can get this fantastic piece of freeware from Proxomitron.org .


Hope That Helps!
Matt

[cantdoright]

I agree instronics & phishphreek80, But Dosen't Linux have an IP masking trick where It randomly generates fake IP's to be brodcast?

[Dwien]

lol thers no way u can hide your IP now..specialy if yur computer has trojan ..most experience hackers thet use CGI or LAN WAP NOtipacation they use dat so everytime you go online yur own computer send a massege to hackers with u IP...and there no way u can trace of wat port there using most trojan can use deffrent port everyday...

peace

[ii-monk]

That makes you zombie.

[amazingzarkon]

I can understand why you might find it desirable to use a proxy. Though I don't think it gives you a great level of security, it does give you a little bit. There are occasionally sites that I will check out that I would prefer not to leave an easy trail on. Also it's really a requirement to get around a URL filter at times.

Anyway that being said, I still recommend a couple levels of protection on top of that. Specifically a decent dedicated firewall. I prefer the PIX for this, but I know that's going to be a little pricy. Particularly for a SOHO user. You can do a really decent job with a Linux box as has been outlined a number of times here already. Take the time to understand what you're doing and do it correctly. If you're concerned about being scanned, see about setting up a mechanism to log denied inbound traffic and review the logs.

The second level can be a "personal firewall" This is software that runs on your machine. Look at ZoneAlarm or BlackIce or Norton's Firewall. They all do basically the same kind of thing. Again, take the time to understand what the software does and how it works. Depending on your firewall solution, you may be partially exposed when you establish a connection out.

The third level is a solid and up-to-date anti-virus software package. This should greatly reduce or eliminate the threat posed by a trojan.

The fourth level is to disable all unnecessary services running on your system. Have a web-server installed? Disable it unless you're using it. Same goes for DNS, SNMP, SMTP, etc. etc.

Finally you can check your own system. Grab nmap and scan it yourself from another system. This will let you see what someone on the outside would see. It will also let you see what your logs look like when someone tries an nmap scan on you.

You can also identify internally what ports are open. Grab Fport from Foundstone.com. Quick little executable. If you find something open and you don't know what it is, track it down. If it shouldn't be there kill it. Find out why it's being opened, consider removing or disabling the service responsible.

Good Luck!

[tatui]

Answer to Ma_purol: Well, after all these answers, I don't think I have a lot to say. What I would suggest is that you check your computer for running services you don't need (how to do it will depend on your operating system and tools available ). You may want to setup a firewall as well. About the scanning, a firewall discarding every packet sent to your machine would make your machine fairly invisible . Ok, not bullet-proof. You have the proxy option, personally, I don't need it, but you may want to give it a try.. how to do it has already been explained. If you are in a lan, you can hide ips inside the lan using a NAT ( http://www.webopedia.com/TERM/N/NAT.html ). The nat server translates packets within the network, with source address like 192.168.0.x into packets that bear the server's IP instead (this Ip is connected to the Internet). The server tracks connections made, to be sure it will send the answers from servers to the right computers. I think these three would be enough. The other sollutions I can think of are illegal, so I am quite satisfied now. Good luck!
Cantdoright: You're talking about the NAT stuff check the link above. Iptables shows you one way to do it..

[Networker]

PuReExcTacy wrote:
If you want to hide your ip address so that you don't get scanned, you not thinking in the proper security stance. Your best posture would be simply to secure your machine, and leave the kiddies scan all they want. Really what you want to do is disable services that are not required, implement some type of packet filtering/ firewall. Make sure remote logon's are disabled, disable trust relationships that are not on your private network, disable/remove any accounts that shouldn't be there, chose strong alpha-numeric passwords with special and non-printable characters. This should keep the home user surfing reasonable safe, especially if your using a dial up connection.

Well, the remaining question here is: What is the point for using anonimity ?
PuReExcTacy you'd rather open your eyes a bit further. Anonimity, may help you in many ways:
1- It can help you not to be flamed by a DoS in a discussion forum or in a Chat (IRC).
2- It can prevent you from leaving traces that are potentially usable by a mailicious hacker. When you open a web page you never know what script is hidden into.
3- If your are a hacker (I hope your not, unless you're a white hat), it will protect you from getting trouble with the feds.

Techniques for anonymity varies for anonymity depending of your goal.
Case 1& 2: Proxies or public host (In Cybercafe)
Case 3: the IP spoofing blind attack will prevent you to be directly compromised. Nmap Decoy mode will allow you to perform a scan by flooding the target with many source @, & so on...

ma_purol: Whatever the technique you're using, hiding your IP for malicious purposes is at at your own risk. Your anonymity is never 100% sure, but can surely protect you from script kiddy!

[VictorKaum]

Originally posted here by XDrack
Going far away, if you as me, are on a enterprice network and doen't wanth the network admin now the pages you are visiting and how many MB of band width are you using, I prefer to use an Spoofer. A too that hides youre real ip address over local an external networks.

The thing is that is not too easy to find a good one.

You prefer to use a spoofer over local and external networks?

Ok spoofing is possible due to a weakness in the TCP/IP protocol suite, however some comments on your post:

Let's start with the idea to spoof on local networks. This assumes you are on the same subnet as the victim. In other words you are steeling someone else's session, the so called session hijacking. This is the non blind spoofing technique. You can predict sequence numbers and ack numbers more accuratly cause you can sniff the connections (more difficult on switched networks but not impossible, e.g. using dsniff) (if you were not on the same subnet you should guess, e.g. calculate and predict the numbers.) This allows you to re-establish a connection you interupt, using the ack numbers and sequence from the victim, allowing to bypass security cause you seem to be the trusted box.

The concept of non-blind spoofing (NBS further in this doc) is pretty
simple. Because packets travel within your reach, you can get the current
sequence and acknowledge (SEQ/ACK further in this doc) numbers on the
connection.
NBS is thus a very easy and accurate method of attack, but limited to
connections going over your subnet.
In spoofing documentation these attacks are sometimes ommited, because
they are mostly 'denial-of-service' attacks, or because people don't
realise the advantage a spoof (in particulary a hijack) can have above
simple password sniffing.
Spoofing in generally is refered to as a verry high level of attack. This
refers to blind spoofing (BlS further in this doc), because NBS is
kidstuff for a competent coder.

source: http://staff.washington.edu/dittrich...IP-spoof-1.txt

So that's the kidstuff... using machine A to act as B using host S on the same subnet as A.
Well, ok now you can act to be someone else, your collegue for instance, but you are still not using another IP on the big ugly net. This would need a blind spoofing technique, while this was very possible in the old days, it becomes more and more difficult today, unless you are still runing Win95, unconfiged routers, firewalls not patched for years and your admin is retarded. Spoofing your adress to the outside, this means on the upstream interface can easily be blocked by the admin. He/she only has to restrict source addresses outside of the valid range on the network, preventing someone on their network from sending spoofed traffic to the Internet. And blind spoofing means that you cannot see the responses unless you route packets to you instead of the real box you spoof the IP from. This can be done with source routed packets, but most routers, hosts and gateways will drop those. Therfor this is probably not going to work. Rerouting and ICMP redirections can help to see what you are doing with your spoofed connection, but those can also be filtered out. So this means that you will need truely blind spoofing methods. That means sequence number prediction, many years back it was easier to predict number sequence. Today they are random generated. More over the old random generated numbers still could be calculated using time techniques, but the new linux kernels for instance do you use such a complex random generation that it almost becomes imossible to guess the sequence numbers and hijack a session using blind spoofing techniques.

Now you say, spoofing on external networks just with a spoofer? w00t that would be a hell of a proggie!!!

perhaps you are refering to 'hunt' and 'Juggernaut'?
those are far from newbie tools, like "click and be spoofed"

Besides, a good admin sets the firewall and router rule sets so that spoofing is not allowed, very simple to do with a ACL. If you set an Access Control List on your routers, you can implement filtering that allows you to block all private IP adresses on the downstream (specially those used on your internal network). Many spoofing based attacks are comitted using a trusted internal adress so the router thinks it comes from the inside. Well the filtering and the ACL blocks all that spoofing traffic. This attack is so widely known that many firewall products have a premade rule set to stop them. For instance the one I use just has a checkbox saying "block spoofing on WAN interface".
Next, ACK logging will show up all Sequence number guesses. So the admin knows there's something going on. Also a lot of traffic will complicate the guessing.

[Networker]

Just some comments about the excellent post of VictorKaum

VictorKaum wrote:
you can sniff the connections (more difficult on switched networks but not impossible, e.g. using dsniff)

See details about sniffing techniques in switched environnement
Layer 2 switching attack and mitigation

VictorKaum wrote:
He/she only has to restrict source addresses outside of the valid range on the network, preventing someone on their network from sending spoofed traffic to the Internet.

That's true for corporate environment, but what about universities, cybercafe , home computers ... ISPs do not implement anti-spoofing as far as I know!

Many ppl using permanent ADSL connections are not even aware about being hacked. The real danger come from those security uneducated (That's why such site as AO are so useful to the IP community!).
I guess that many of these guys have some "predictable" IP stack and may be under IP spoofing blind attack and after being infected with a bot/zombie. Script kiddies may easily use IRC bots and be finaly completely anonymous.
But I guess that there is easier ways to spread bots on victim hosts!

For the guys that are looking for more info on the IP spoofing subject have a look in the excellent thread of zxtech at http://www.antionline.com/showthread...hreadid=112813


There some tut about anonimity on AO:
Anonymity

The Proxomitron - Negative
Tracing - mutt

[ma_purol]

Thanks for all your posts! some of them help me conceptualize thing i needed to consider for protecting my pc which leads me to another question.

What services in Win 2000 should i turn off?
Expecially those services that I really dont need.
Can you give me your recomendations of effective, user friendly and FREE Firewalls?

Thanks you all!