VPN (Virtual Private Network)
A VPN connection doesn’t look much different from a normal local network connection: applications won’t feel any difference at all and therefore will use it to access the Internet without any configuration. When one of them wants to get to a remote resource, a special GRE (Generic Routing Encapsulation) packet is created on the computer and is sent in encrypted form to a VPN-server. In its turn, the VPN-server will decrypt the packet, analyze its content (request for downloading some HTTP-page, simple data transfer, etc.) and perform the required action on its behalf (i.e. light up its IP). After receiving the response from the remote resource, VPN server will put it into GRE packet, encrypt it and send it back to the client in this form.
Continuous encryption of transmitted data is the key to security. PPTP traffic can be encrypted using MPPE(Microsoft Point-to-Point Encryption, supports 40-, 56- and 128-bit keys). This is a Microsoft protocol. Earlier versions were terribly buggy and easy to break, newer versions fixed the fundamental mistakes, but attempts of Microsoft to do something in the field of cryptography create nothing but laughter. New versions of their protocols simply don’t get much analysis for holes.
OpenVPN is a free implementation of the VPN technology, organized on the basis of the TCP/IP protocol stack commonly used on the Internet. This ensures operation of the connection even with those providers who do not support PPTP (mostly cellular operators cutting off all GRE-packages via GPRS and EDGE). Also openvpn works even when you have no real ip, unlike PPTP which requires two network sessions to be established simultaneously.
OpenVPN has a number of advantages over VPN technology:
1) Adaptive data compression in the connection, using the LZO compression algorithm. The data transfer speed through OpenVPN is faster than PPTP;
2) Supports flexible certificate-based client authentication methods;
3) Using a single TCP/UDP port without binding to a specific port ( UDP in our case);
4) 2048 bit encryption, provides unprecedented security, implemented via a permanent key;
Servers for anonymous VPNs are usually installed in the countries that are most loyal to hacking, spam, etc. (China, Korea, etc.). In most cases there is an agreement with the administration, which for a fee agrees to ignore complaints to the abuse service and not keep logs.
A proxy server is a service in computer networks that allows clients to make indirect requests to other network services.[/DATAENCODE
First, the client connects to the proxy server and requests some resource (such as a file) located on another server. The proxy then connects to the specified server, receives the resource from it, and passes it to the client.
The servers that you can access through a proxy depends on the type of proxy, i.e. the protocol through which you are accessing it. There are several types of proxies: HTTP-proxies, SOCKS4, SOCKS5, and some others. HTTP-proxies are the most common and most easily found on the Internet but they only work with HTTP (there are also https proxies) and may also include the client address in the request header, which means they are not anonymous.
The SOCKS protocol is most notable because it encapsulates the protocols not of the application layer, but of the transport layer, i.e. TCP/IP and UDP/IP. Since these are the only protocols that can be used on the web, you can use SOCKS to work with any servers, including SOCKS, and thus organize chains of SOCKS servers. For the same reason all SOCKS servers are anonymous it is impossible at the TCP/IP and UDP/IP level to pass additional information without breaking the superior protocol.
It is also possible to allocate anonymizers look as usual search engine, only instead of words/phrases here it is necessary to enter URL of that site which you would like to look. They are scripts written for example in perl, php, cgi-scripts.
A couple of useful http-proxy and sox programs :
SocksChain is a program that allows you to work through a chain of SOCKS or HTTP-proxies (you must remember that any proxy server, especially a free one, keeps a log. And a person with appropriate rights will always be able to find out where you were and what you were doing, even if you will use chain of 10 anonymous proxy servers in different parts of the world)
FreeCap is a program for transparently redirecting connections through a SOCKS server for programs that do not have native SOCKS proxy support.
Separately, there are technologies that encrypt traffic between the client and the proxy server.
Consider the xsox.name
service as an example.
After paying for the service you get login and password, install the client program. Once you connect to the server, you get a sorted list of soxes (country, state, IP, etc) The whole system is soxified with the click of a button (the TCP stack driver is installed on the fly). XSOX encrypts all traffic and forwards it to the server that in turn selects a designated egress endpoint and forwards the encrypted traffic to it. SSL keys are generated on the bot and client computers, eliminating the possibility of sniffing the traffic in transit. The client receives the list of available exit points (bots) when first connecting to the server and then synchronizes this list with the server in real time. A modified TCP protocol with a single port is used to connect the client and the endpoints to the server. So even with full control of the server it is hard to tell connected clients from (e.g. netstat just gives one big list of connections on one port. The XSOX client collapses all local traffic into a single connection to the server, which saves traffic as there is no need for TCP packet headers (SYN,ACK, etc.)
Tor (The Onion Router) is a free (BSD) implementation of a second generation onion router (so-called “onion (multi-layer) routing”). A system that allows users to connect anonymously, allowing user data to be transmitted in encrypted form. Considered as an anonymous network, providing anonymous web surfing and secure data transmission. With Tor, users will be able to remain anonymous when visiting web sites, publishing content, sending messages and working with other applications that use the TCP protocol. The security of traffic is ensured through the use of a distributed network of servers called “multilayer routers” (onion routers).
Tor users run onion-proxy on their machine, this software connects to the Tor servers, periodically forming a virtual chain through the Tor network, which uses multi-level cryptography (analogous to onion) Each packet that enters the system passes through three different servers (nodes) that are chosen at random. Before sending, the packet is sequentially encrypted with three keys: first for the third node, then for the second, and finally for the first.
When the first node receives a packet, it decrypts the “top” layer of the cipher (analogous to peeling an onion) and learns where to send the packet next. The second and third servers do the same. At the same time, onion-proxy software provides a SOCKS interface. Programs running on the SOCKS interface can be configured to work through the Tor network, which, by multiplexing the traffic, routes it through the Tor virtual chain. Which ultimately allows for anonymous surfing on the network.
There are special add-on-tor for Opera, Firefox web browsers.
SSH (Secure Shell) is a network protocol that allows for remote computer control and file transfer.uses encryption algorithms for transmitted information. SSH tunneling can be considered as a cheap substitute for VPN. The principle of this implementation is as follows. All network software on your computer is forwarded to the assigned port (your localhost), where the service connected to the server via SSH (and as we know connection via SSH is encrypted) and tunneling all requests; further, all your traffic (not in encrypted form anymore) can be forwarded from our server to proxy (that supports tunneling) or to socket, which delivers all traffic to the required addresses. The presence of a proxy or socket is optional.
What are the pros of this system:
1) There is no need to install server software to organize this scheme (as SSH-account and socket can be easily obtained on the Internet);
2) Since the SSH connection encrypts and compresses traffic, we get a small speed boost on the Internet (this is true when the socket daemon is on the same server);
3) In case the socket server is on another host, then we get an additional chain of servers which increases our security and anonymity;
A German institute developed a rather tricky way to preserve anonymity. A special proxy program JAP is installed in user’s system. It receives all user’s connection requests, encrypts them (AES with 128-bit key length) and sends them securely to a special intermediate server (so called “mix”). The thing is that the mix is simultaneously used by a huge number of users, and the system is designed so that each of them is indistinguishable for the server. And since all the clients are the same, it is impossible to figure out exactly one user.
Mixes are usually set up voluntarily, mostly at universities that officially confirm that they do not keep any logs. In addition, chains of mixes are usually used, usually 3 mixes.
Let’s take the Peek-A-Booty network as an example.
[Peek-A-Booty is a distributed peer-to-peer network of volunteer computers from different countries, designed to enable users to bypass local censorship restrictions and access Internet resources that are illegal in a particular country. Each node in the network is masked so that users can send requests and receive information from specific IP addresses to bypass censorship barriers.
The user, connects to a special network where Peek-A-Booty is running. Several randomly selected computers access the website, and forward the data to the one who sent the request. All traffic on this network is encrypted using the e-commerce standard SSL, so everything looks like an innocent transaction.
Non-standard ways to determine IP address.
Generally speaking, the IP address cannot be determined using cookies. However, the first time you access the website, the client’s IP address (defined by the server, i.e. IP proxy) the server may store in cookies. And the next time you access the website, the server detects your IP again and compares it with the one saved in cookies. And if IP addresses old and new are different, server can make conclusions. And if you don’t disallow cookies, no proxy will help you.
Java is a complete programming language and a program written in this language can detect your real IP without any difficulty.
There is only one solution for protection: disable Java completely, as it has so many different network functions and it is problematic to disable them all.
These are full-fledged programs that run on the user’s computer. They offer even better capabilities than the 2 previous ones. They can detect easily any browser settings and calculate your real IP address and even change proxy settings.
]ActiveX is completely disabled.
P.S. Why traffic encryption is important.
SORM (System of Technical Means for Ensuring Operational and Investigative Activities to Monitor Documented Information Turnover)
Initially, SORM was planned in one of the USSR KGB research institutes, where the development of its tactical and technical substantiation and relevant specifications was completed. As the technical means of communication were improving, the system was being improved as well. SORM and SORM-2 are now in operation in many cities. They are available wherever the Internet, telephone, i.e. modern means of communication are available. In 1998 the technical specifications for SORM-2 were elaborated. It was already being created for documentary telecommunication networks as well. According to the documents, the Internet provider was obliged to install equipment, software and a dedicated line for the local FSB branch, as well as to train employees at its own expense.
All this allows the latter to monitor, intercept and interrupt communications of any client of this provider. It is possible to know about any web user: whether he is addicted to political news, or pornographic sites, trace his electronic purchases, bank payments. At the moment, almost all Russian providers have carried out work to connect to the SORM 2 system.
The rights to this article belong to the author. Reprinting, using parts of it, etc. for personal purposes on other resources is only permitted with the author’s verbal agreement.
Copyright (C) 2008 foxie specially for https://ver.sc
best dumps shop