October 21, 2009 at 11:55 Ways to Hide IP Addresses on the Internet
Before we take a closer look at the well-known technologies for hiding our real IP address, we need to find out our IP address and find out some things that reveal our computer on the network, for example, the address of the DNS server. To do this, just go to any anonymity checking service, for example www.whoer.net, the main thing is that he has an interactive scan of your computer using Java, ActiveX, Flash and Javascipt. Changing your IP address, for example using Socks or VPN, is not enough, because There are many technologies that allow you to identify it, which you must either turn off on your computer or cheat. It will also not be superfluous to change the transmitted HTTP headers, this will allow to “knock down” the definition of installed software and the geographical location of the computer. You can check your computer in more detail in the advanced version of www.whoer.net/ext .
Externally, a VPN connection is not much different from connecting to a regular local network: applications will not feel the difference at all and therefore, without any configuration, they will use it to access the Internet. When one of them wants to access a remote resource, a special GRE package (Generic Routing Encapsulation, general encapsulation of routes) will be created on the computer , which will be sent in encrypted form to the VPN server. The VPN server, in turn, will decrypt this packet, figure out what its essence is (a request to download an HTTP page, just transferring data, etc.), and execute it on its behalf (that is, it will light up its IP ) appropriate action. Then, after receiving a response from a remote resource, the VPN server will place it in the GRE packet, encrypt it and send it back to the client in this form.
Continuous data encryption is the key to security. PPTP traffic can be encrypted using MPPE (Microsoft Point-to-Point Encryption, supports 40-, 56- and 128-bit keys) . This is the Microsoft protocol. The early versions were monstrously full of holes and hacked, gross errors were fixed in the new ones, but Microsoft's attempts to do something in the field of cryptography do not cause anything but laughter. New versions of their protocols are simply not specifically analyzed for holes.
Openvpn- free implementation of VPN technology, is organized on the basis of the generally accepted TCP / IP protocol stack on the Internet. This ensures that the connection works even with those providers that do not support PPTP (most often these are mobile operators that cut all GRE packets passing through GPRS and EDGE). OpenVPN also works even when you don’t have a real IP address, unlike PPTP, which requires two network sessions to be established simultaneously.
OpenVPN has a number of advantages over VPN technology:
Servers for anonymous VPNs are usually installed in countries where they are most loyal to hacking, spam, etc. (China, Korea and others). In most cases, there is an agreement with the administration, which for a fee pledges to ignore complaints of abuse-service and not to keep logs. Based on my experience, I can recommend the fully automatic OpenVPN service www.vpnlab.ru with a large selection of servers.
Proxy server (from the English proxy - “representative, authorized”) - a service on computer networks that allows clients to perform indirect requests to other network services.
First, the client connects to the proxy server and requests a resource (for example, a file) located on another server. Then the proxy server connects to the specified server, receives a resource from it and transfers it to the client.
Which servers and protocols can be accessed through proxies depends on the type of proxy, i.e., the protocol by which we access it. There are several types of proxies: HTTP proxies, SOCKS4, SOCKS5, and some others.
HTTP proxythe most common, they are easiest to find on the Internet, but they only work with HTTP (there are also https proxies), in addition, they can insert the client’s address in the request headers, that is, not be anonymous.
The SOCKS protocol is most noteworthy in that it encapsulates the protocols not of the application but of the transport layer, i.e. TCP / IP and UDP / IP. Since it is only through these protocols that you can work on the Web, through SOCKS you can work with any servers, including the same SOCKS and, thus, organize chains of SOCKS servers. For the same reason, all SOCKS servers are anonymous - it is impossible to transmit additional information at the TCP / IP and UDP / IP level without violating the operation of the higher protocol.
You can still select anonymizers- they look like a regular search engine, only instead of words / phrases you need to enter the URL of the site that you would like to see. Anonymizers are scripts written, for example, in perl, php, cgi scripts.
A couple of useful programs for working with http proxies and socks:
SocksChain - a program that allows you to work through a chain of SOCKS or HTTP proxies (you need to remember that any proxy server, and even more so free, logs. And the person who has the appropriate rights , will always be able to calculate where you went and what you did, even if you use chains of 10 anonymous proxy servers in different parts of the world).
Freecap - A program for transparently forwarding connections through the SOCKS server of programs that do not have native support for the SOCKS proxy.
Tor (The Onion Router) is a free (BSD) implementation of the second generation onion router (the so-called “onion (multi-layer) routing”). A system that allows users to connect anonymously, providing encrypted transmission of user data. Considered as an anonymous network, providing anonymous web-surfing and secure data transfer. With Tor, users can remain anonymous when they visit websites, post content, send messages and work with other applications that use the TCP protocol. Traffic safety is ensured through the use of a distributed network of servers, called “multilayer routers” (onion routers).
Users of the Tor network run onion-proxy on their machine, this software connects to the Tor servers, periodically forming a virtual chain through the Tor network, which uses cryptography in a multi-level way (onion analogy).
Each packet that enters the system passes through three different servers (nodes), which are randomly selected. Before sending, the packet is sequentially encrypted with three keys: first for the third node, then for the second, and, finally, for the first.
When the first node receives the packet, it decrypts the “upper” layer of the cipher (an analogy to how to clean the onion) and finds out where to send the packet further. The second and third server do the same. At the same time, onion-proxy software provides a SOCKS interface. Programs running on the SOCKS interface can be configured to work through the Tor network, which, multiplexing traffic, routes it through the virtual Tor chain, which ultimately allows for anonymous surfing on the network.
There are special Tor add-ons for Opera, Firefox web browsers.
SSH (Secure Shell) is a network protocol that allows you to remotely control a computer and transfer files. Uses encryption algorithms for transmitted information.
SSH tunneling can be considered as a cheap VPN replacement. The principle of this implementation is as follows: all network software on the computer is forwarded to the designated port (your localhost), on which the service is connected, connected via SSH to the server (and as we know, the connection via the SSH protocol is encrypted) and tunneling all requests; Further, all your traffic (no longer in encrypted form) can be forwarded from the server to a proxy (supporting tunneling) or Sox, which transfer all traffic to the necessary addresses. The presence of a proxy or socks is optional.
What are the advantages of this system:
In one of the German institutes, a rather clever way of maintaining anonymity was developed. A special JAP proxy program is installed in the user system, which accepts all user requests for connections, crypts (AES with a 128-bit key length) and sends it to a special intermediate server (the so-called mix) in safe mode. The fact is that the mix simultaneously uses a huge number of users, and the system is built so that each of them is indistinguishable to the server. And since all clients are the same, it is not possible to calculate specifically one user.
Mixes are usually installed on a voluntary basis, mainly in universities, which officially confirm that they do not keep any logs. In addition, mix chains are usually used, usually 3 mixes.
Consider the
Peek-A-Booty network as an example: Peek-A-Booty is a distributed peer-to-peer network of computers owned by volunteers from different countries. The network was created so that users can circumvent restrictions imposed by local censorship and gain access to Internet resources prohibited in a particular state.
Each host is masked, so that the user can send requests and receive information from specific IP addresses, bypassing censorship barriers.
The user is connected to a special network where Peek-A-Booty works. Several randomly selected computers access the website, and forward the data to the person who sent the request.
All traffic on this network is encrypted using the e-commerce standard SSL, so that everything looks like an innocent transaction.
Of all the methods we examined, only TOR and P2P are completely free, and at the same time they have high reliability, but, unfortunately, are not convenient in daily use and configuration.
From the point of view of a high level of security and simplicity, OpenVPN is the leader in tincture, but its prices start at $ 15 per month. Widespread is DoubleVPN technology in which packets pass through two VPN servers. This is perhaps the fastest and most convenient solution to the issue of guaranteed anonymity, but the price ...
An intermediate solution could be the so-called analogue of VPN - SSH tunneling, for which it is sufficient to have only shell access, which is very cheap, and the connection itself is configured, for example, through Putty. Unfortunately, the setup is not simple and time-consuming, the usability is also lame, so this is still an option for geeks.
VPN (Virtual Private Network)
Externally, a VPN connection is not much different from connecting to a regular local network: applications will not feel the difference at all and therefore, without any configuration, they will use it to access the Internet. When one of them wants to access a remote resource, a special GRE package (Generic Routing Encapsulation, general encapsulation of routes) will be created on the computer , which will be sent in encrypted form to the VPN server. The VPN server, in turn, will decrypt this packet, figure out what its essence is (a request to download an HTTP page, just transferring data, etc.), and execute it on its behalf (that is, it will light up its IP ) appropriate action. Then, after receiving a response from a remote resource, the VPN server will place it in the GRE packet, encrypt it and send it back to the client in this form.
Continuous data encryption is the key to security. PPTP traffic can be encrypted using MPPE (Microsoft Point-to-Point Encryption, supports 40-, 56- and 128-bit keys) . This is the Microsoft protocol. The early versions were monstrously full of holes and hacked, gross errors were fixed in the new ones, but Microsoft's attempts to do something in the field of cryptography do not cause anything but laughter. New versions of their protocols are simply not specifically analyzed for holes.
Openvpn- free implementation of VPN technology, is organized on the basis of the generally accepted TCP / IP protocol stack on the Internet. This ensures that the connection works even with those providers that do not support PPTP (most often these are mobile operators that cut all GRE packets passing through GPRS and EDGE). OpenVPN also works even when you don’t have a real IP address, unlike PPTP, which requires two network sessions to be established simultaneously.
OpenVPN has a number of advantages over VPN technology:
- Adaptive data compression in conjunction using the LZO compression algorithm. Data transfer speed through OpenVPN is higher than that of PPTP;
- Supports flexible certificate authentication client authentication methods;
- Using one TCP / UDP port without binding to a specific port (in our case, UDP);
- 2048 bit encryption, provides unprecedented security, implemented through a permanent key.
Servers for anonymous VPNs are usually installed in countries where they are most loyal to hacking, spam, etc. (China, Korea and others). In most cases, there is an agreement with the administration, which for a fee pledges to ignore complaints of abuse-service and not to keep logs. Based on my experience, I can recommend the fully automatic OpenVPN service www.vpnlab.ru with a large selection of servers.
Proxy, SOCKS
Proxy server (from the English proxy - “representative, authorized”) - a service on computer networks that allows clients to perform indirect requests to other network services.
First, the client connects to the proxy server and requests a resource (for example, a file) located on another server. Then the proxy server connects to the specified server, receives a resource from it and transfers it to the client.
Which servers and protocols can be accessed through proxies depends on the type of proxy, i.e., the protocol by which we access it. There are several types of proxies: HTTP proxies, SOCKS4, SOCKS5, and some others.
HTTP proxythe most common, they are easiest to find on the Internet, but they only work with HTTP (there are also https proxies), in addition, they can insert the client’s address in the request headers, that is, not be anonymous.
The SOCKS protocol is most noteworthy in that it encapsulates the protocols not of the application but of the transport layer, i.e. TCP / IP and UDP / IP. Since it is only through these protocols that you can work on the Web, through SOCKS you can work with any servers, including the same SOCKS and, thus, organize chains of SOCKS servers. For the same reason, all SOCKS servers are anonymous - it is impossible to transmit additional information at the TCP / IP and UDP / IP level without violating the operation of the higher protocol.
You can still select anonymizers- they look like a regular search engine, only instead of words / phrases you need to enter the URL of the site that you would like to see. Anonymizers are scripts written, for example, in perl, php, cgi scripts.
A couple of useful programs for working with http proxies and socks:
SocksChain - a program that allows you to work through a chain of SOCKS or HTTP proxies (you need to remember that any proxy server, and even more so free, logs. And the person who has the appropriate rights , will always be able to calculate where you went and what you did, even if you use chains of 10 anonymous proxy servers in different parts of the world).
Freecap - A program for transparently forwarding connections through the SOCKS server of programs that do not have native support for the SOCKS proxy.
Tor
Tor (The Onion Router) is a free (BSD) implementation of the second generation onion router (the so-called “onion (multi-layer) routing”). A system that allows users to connect anonymously, providing encrypted transmission of user data. Considered as an anonymous network, providing anonymous web-surfing and secure data transfer. With Tor, users can remain anonymous when they visit websites, post content, send messages and work with other applications that use the TCP protocol. Traffic safety is ensured through the use of a distributed network of servers, called “multilayer routers” (onion routers).
Users of the Tor network run onion-proxy on their machine, this software connects to the Tor servers, periodically forming a virtual chain through the Tor network, which uses cryptography in a multi-level way (onion analogy).
Each packet that enters the system passes through three different servers (nodes), which are randomly selected. Before sending, the packet is sequentially encrypted with three keys: first for the third node, then for the second, and, finally, for the first.
When the first node receives the packet, it decrypts the “upper” layer of the cipher (an analogy to how to clean the onion) and finds out where to send the packet further. The second and third server do the same. At the same time, onion-proxy software provides a SOCKS interface. Programs running on the SOCKS interface can be configured to work through the Tor network, which, multiplexing traffic, routes it through the virtual Tor chain, which ultimately allows for anonymous surfing on the network.
There are special Tor add-ons for Opera, Firefox web browsers.
SSH tunneling
SSH (Secure Shell) is a network protocol that allows you to remotely control a computer and transfer files. Uses encryption algorithms for transmitted information.
SSH tunneling can be considered as a cheap VPN replacement. The principle of this implementation is as follows: all network software on the computer is forwarded to the designated port (your localhost), on which the service is connected, connected via SSH to the server (and as we know, the connection via the SSH protocol is encrypted) and tunneling all requests; Further, all your traffic (no longer in encrypted form) can be forwarded from the server to a proxy (supporting tunneling) or Sox, which transfer all traffic to the necessary addresses. The presence of a proxy or socks is optional.
What are the advantages of this system:
- To organize this scheme, you do not need to install server software (since the SSH account and Sox can be easily accessed on the Internet);
- Because when the SSH connection is encrypted and compressed, we get a small increase in the speed of work on the Internet (this is true when the socks daemon is on the same server);
- In the case when the socks server is located on a different host, then we get an additional chain of servers that increase our security and anonymity.
Jap
In one of the German institutes, a rather clever way of maintaining anonymity was developed. A special JAP proxy program is installed in the user system, which accepts all user requests for connections, crypts (AES with a 128-bit key length) and sends it to a special intermediate server (the so-called mix) in safe mode. The fact is that the mix simultaneously uses a huge number of users, and the system is built so that each of them is indistinguishable to the server. And since all clients are the same, it is not possible to calculate specifically one user.
Mixes are usually installed on a voluntary basis, mainly in universities, which officially confirm that they do not keep any logs. In addition, mix chains are usually used, usually 3 mixes.
P2P anonymizers
Consider the
Peek-A-Booty network as an example: Peek-A-Booty is a distributed peer-to-peer network of computers owned by volunteers from different countries. The network was created so that users can circumvent restrictions imposed by local censorship and gain access to Internet resources prohibited in a particular state.
Each host is masked, so that the user can send requests and receive information from specific IP addresses, bypassing censorship barriers.
The user is connected to a special network where Peek-A-Booty works. Several randomly selected computers access the website, and forward the data to the person who sent the request.
All traffic on this network is encrypted using the e-commerce standard SSL, so that everything looks like an innocent transaction.
Conclusion
Of all the methods we examined, only TOR and P2P are completely free, and at the same time they have high reliability, but, unfortunately, are not convenient in daily use and configuration.
From the point of view of a high level of security and simplicity, OpenVPN is the leader in tincture, but its prices start at $ 15 per month. Widespread is DoubleVPN technology in which packets pass through two VPN servers. This is perhaps the fastest and most convenient solution to the issue of guaranteed anonymity, but the price ...
An intermediate solution could be the so-called analogue of VPN - SSH tunneling, for which it is sufficient to have only shell access, which is very cheap, and the connection itself is configured, for example, through Putty. Unfortunately, the setup is not simple and time-consuming, the usability is also lame, so this is still an option for geeks.