This article is not another step-by-step instruction for beginners. While I am not arguing against the usefulness of such instructions, I think that serious security goes beyond that and requires a different approach. This article is a report on a near perfect (imho) security system. The first part is a description of the ideas behind the system. The second part is dedicated to some technical aspects which may seem non-trivial. I want to tell you right away that all the ideas that will be described here have already been mentioned (mostly not in circum-carding literature). That’s why I don’t pretend to be a pioneer, I’ve just tried to combine known solutions, discarding unnecessary things to get the system maximum suitable for people who are seriously engaged in karding. How much I succeeded in it, you’re the judge.
I. Idea. A reasonable question is what properties should a security system have? I formulate them as follows:
1. Masking system should look like a typical American (European) 2. Total anonymity practical impossibility _any_ action inside or outside the system set our ip (this property also implies running in the system programs such as casino-clients or wm keeper, which can find ip referring, for example, to ipconfig) So, in fact, the system _ itself should not know your real ip_ 3. Compatible with most programs. 4. Mobility The system must be writable and not leave any traces on the machine. 5. Ability to remove all unnecessary data (history, cookies, icq logs, etc). 6. Ability to encrypt and store needed data on removable media.
So here’s the gist: A clean operating system is being installed on the machine. I used FreeBSD, though I suppose it’s possible to use any *nix or even windows 2k/nt/xp.
vmware is installed on it. (For those who don’t know: software for creating and using virtual machines. Details: www.vmware.com) The role of operating system on the virtual machine for obvious reasons, it is advisable to use win98 Eng (with further Russification of course). In this case win98 should (for the reasons given below) be trimmed to the minimum size.
The disk and the configuration file of the virtual machine are written to removable media (I used cd-rw 8mm). At each startup a ram disk virtual disk is organized all the data on which is actually stored in RAM. To this disk I copy disk and configuration file for vmware and start virtual machine from there. This avoids writing any compromised information to the disk. In order not to load the RAM and the mentioned windows trimming is needed. For me to run a virtual machine I need only 150 mb of disk space. So with 256 mb ram or more (I think most can afford it) you won’t have any problems with starting.
Internet access is organized by organizing a VLAN between a real machine and a virtual machine. The real machine is used as a Gateway and does NAT Network Address Translation. This allows the virtual machine to know our real ip address.
II. Some technical points.
Hash = 07388498-76ef1144-25514544-a5a93d5e-5053cb2d ============END============
02. Installing a stripped down win98 eng. This is where the excellent program 98lite(www.98lite.net) comes in. From my point of view 150mb is optimal vmware virtual disk space. There is one little problem: 98lite needs to copy all the win98 files, that won’t fit on the 150mb drive. The solution is also quite trivial: you create 2 disks: working (150mb) and temporary (600mb just for fun). On the second disk 98lite is installed, distributive files are copied. After installing win98 it can be removed. Also a word of caution: When choosing a shell option I would choose CHUBBY since sockschain will not work in MICRO.
03. Russification win98 In order not to wear out the people around you with transliteration, it is necessary to be russified. To do this: Start-Settings-Control Panel-Keyboad-Language-Add-Russian-OK Next you need to download and install fonts. You can download them, for example from ftp.robertsonblums.ru/pub/win/rus/fonts.zip Further they are unpacked and in msdos mode are placed in c:windowsfonts Then in file C:windowswin.ini section [FontSubstitutes] add following lines: ===========START=========== System,0=System,204 Fixedsys,0=Fixedsys,204 MS Sans Serif,0=MS Sans Serif,204 MS Serif,0=MS Serif,204 Arial,0=Arial,204 Courier,0=Courier New,204 Courier New,0=Courier New,204 Times New Roman,0=Times New Roman,204 Arial Cyr,0=Arial,204 Arial Cyr,204=Arial,204 Courier New Cyr,0=Courier New,204 Courier New Cyr,204=Courier New,204 Times New Roman Cyr,0=Times New Roman,204 Times New Roman Cyr,204=Times New Roman,204 ============END============
04. Configuring NAT I will describe how to configure address translation using the natd daemon. The settings need to be changed on both the virtual machine and the real machine. Let’s start with the virtual one: Start-Settings-Control Panel-Network-TCP/IP-Properties-IP Address: set the ip address from the same subnet as the ip address of the vmnet1 interface of the real machine (192.168.254.* by default). We will start with 192.168.254.100. In the Gateway tab enter the address of the interface (192.168.254.1 by default). In DNS Configuration we specify the DNS address of our ISP. All done with virtual machine. On the real machine we need support for ipfw. To do so you need to rebuild kernel with options: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT You need to add following parameters to /etc/rc.conf file: gateway_enable=YES firewall_enable=YES After rebooting your machine you can run following command /sbin/ipfw add divert natd all from any to any via name_external_interface Before each vmware startup, start the natd daemon: natd -n name_external_interface Now the real machine will act as gateway, redirecting packets from the VLAN (192.168.254.*) to the external network. This avoids setting your real ip address on the virtual machine by limiting it to the dummy 192.168.254.100.
05. Creating a ram dysk. The configuration file and virtual disk of the configured system are overwritten onto removable media. The following steps are taken at each startup: a. Mounts Memory File System: mount_mfs -s xxxx /dev/ad1s1b /mnt where /dev/ad1s1b is your swap device, /mnt mount point, xxxx ramdiska size in sectors (corresponds to 2048*yyyy, where yyyyy is ramdiska size in mb) b. The configuration file and the virtual disk of the virtual machine are copied from the removable device to Ramdisk. c. The vmware itself is launched. d. After work unmount ramdisk: umount /mnt (/mnt is still the mount point)
This is what my attempt to present some ideas on how to build a serious security system looks like. If I made any inaccuracies, I will be glad to receive constructive criticism. I would also be very grateful for any additions.
Copyright (C) 2004 dworkin
buy company fullz