Collusion E-zine - Proxy IP Spoofing

- check out the stylin' NEW Collusion haxor gear at Jinx Hackwear!!! -
- sign up on the Collusion Syndicate's infotainment discussion lists!!! -

Volume 9
Mar 2000

HOME

TechKnow
Media Hack
Parallax
Reviews
Fiction
Humor
Events
Offsite

Mission
Responses
Discussion
#Collusion
NEW!

Submit a Story
Collusioneers
© & TM Info
Contact Us

Join the
Collusion
SETI Team!


Proxy IP Spoofing
by sfear
Disguising your IP address with proxies is an easy way to achieve relative anonymity on the Internet. By relative anonymity I mean that the FBI might still find you, but it would take them a little extra time. It works well as a preliminary line of defense for light corporate work and personal grudges. Disguising your IP address with proxies is similar to IP spoofing. But IP spoofing is a little more difficult and much more difficult to track. IP spoofing involves changing outbound packets to make them look like they are coming from an IP other than your own. IP spoofing works by rerouting IPs through a series of routers so that your requests to a server look like they are coming from an IP other than your own. The IP that the responses are actually going to gets rerouted through a number of routers. Each router addresses the packet with a new IP until the last router in the chain addresses it with your real IP address. If any link in that chain is discovered, the typical admin’s response is to immediately disable it. At that point you will stop receiving response traffic and will know that a link in the chain has been compromised. You then know that it is time to start removing the reroutes from the other routers in your chain and destroying log files. Hopefully, before a second link can be discovered, you will have had time to remove the entire chain of router links. If the admin's want to catch you and aren't too dumb, they won’t disable the reroute. Instead they will track you traffic until they reach your real IP by contacting other admins and instructing them to track your reroutes. The best way to avoid this is to periodically rotate your reroute path. Proxies Spoofing work simliarly, except that both your send and response traffic go through the same server. Once you attach to a proxy server all network traffic that you generate goes through the proxy server and the proxy server forwards your requests to their appropriate location. If you are requesting a website, for instance, the webserver believes that the request is coming from the proxy machine. It never sees who originally made the request. Thus only way that the website request can be tracked back to your IP address is by getting access to the Proxy server logs and comparing them to the Webserver logs. Not impossible, but time consuming. The great thing about proxy spoofing is that many proxy servers are open and free to use. Generally speaking, the proxy server of any given organization will be called proxy.organization_name.org. First try to ping that name to see if the machine exists. ISP’s are the biggest proprietors of proxy machines, so try them first. Once you’ve found five or so proxies you can enter their information into your web browser to verify that they are open. In Netscape, click on Options \| Network Preferences, then click on the 'Proxies' tab, and check the radio button 'Manual Proxy config'. I would set it up for HTTP protocols only at first. Once you have verified that the proxy is open, then you can start trying the other protocols. Most proxy machines run on port 8080, but not always. In Internet Explorer, click View \| Options, and click on the 'Connection' tab. From there the set up is the same as on Netscape. Once you have found an open proxy, you real IP address won't show up on Guestbooks, counterlogs, WWW Boards, or Java/html chat rooms. Browser-based FTP becomes truly anonymous. You may also be granted access to 'customer only' FTP servers owned by the same people that are using that proxy server. Also, web applications like Hotmail, etc. will report the IP of the proxy instead of your own. In case you need to send a nasty note to congress (hehe). Project Idea: For any of you bored programmers out there, try this…. Write a util that keeps a record of a chain of compromised routers. It then uses IP spoofing to scan for and identify new routers, preform a brief brute force attack (many router admins use less than four character passwords), and replaces the oldest router in the spoof path with the newly compromised router, thus creating a constantly altering IP spoof path. Props to Hardcore Pawn and TexorcisT for technical contributions.