Anonymous Services - Can We Get A List Going And Feedback?

[hierophant]

Quote:

Originally Posted by DasFox

I know all this already, hehe...

But nice explanation for those that don't

Thank you

Quote:

Originally Posted by DasFox

Ok so let me say over what it was you missed that I was asking.

1. You said:

In Linux, you can configure the kernel firewall via iptables to permit outbound traffic and responses via the VPN, and to block all other traffic. The link to XeroBank's instructions for doing that has been posted numerous times on Wilders.

I said:

What other outbound traffic and responses are there that need blocking? Block all other traffic?

That's just a paraphrase of the statements in /etc/shorewall/policy and /etc/shorewall/rules. I gather that one specifies what's permitted, and also what's blocked. If you believe that's overkill, please provide an authoritative cite. Anyway, in /etc/shorewall/policy ...

Block this machine from accessing NET ZONE, except for exceptions in /etc/shorewall/rules
Allow this machine to access the VPN ZONE for everything
Block anything from the NET ZONE to all other zones
Block everything else

... and, in /etc/shorewall/rules ...

Allow this machine to connect to any openvpn server using udp port 1194

Quote:

Originally Posted by DasFox

2. You said:

In Windows XP, the standard firewall only affects inbound connections. You can use netsh to configure TCP/IP for all interfaces except the VPN as static (non-DHCP) routes with no DNS servers. However, I don't believe that would prevent connections to numeric IPs. Better would be to use a good third-party firewall, IMHO, that permits NIN-specific rules.


My response now:

Your talking mainly about making a static ip that has no DNS? Now what's this connection to numeric IPs you are talking about, I don't follow?

Yes, XeroBank's instructions for hardening the VPN in Windows assign a valid static IP to the physical NIC, but specify no DNS server for it. Once the VPN has been established, there's no need for DNS lookups, so everything's fine. If the VPN goes down, connections to URLs will fail, because there's no DNS server available (except for anything local, of course). However, connections to numeric IP addresses will succeed, because no DNS server is needed.

Quote:

Originally Posted by DasFox

Third party firewall, permits NIN-specific rules, what's this?

Sorry, typo. Make that "NIC-specific rules". The Windows 7 firewall can do that ...

Quote:

Starting with Windows 7 and Windows Server 2008 R2, Windows supports a separate profile for each network connection. If a connection to a public network is detected, then that connection is protected by the rules associated with the public profile. A connection to a domain network on the same computer is protected by the domain profile. All of the profiles can be active at the same, each protecting the connections according to its network location type.

http://technet.microsoft.com/en-us/l...8WS.10%29.aspx

Quote:

Originally Posted by DasFox

And last what is the actual point/accomplishment you are trying to describe here, what is the goal, to not allow DNS and block outbound connections?

The goal is preventing all traffic through physical NICs/interfaces/connections except for the encrypted traffic with the OpenVPN server that implements the VPN. I rather thought that was obvious by now.

Quote:

Originally Posted by DasFox

Ok hope it's a bit clearer now.

THANKS

So do I

[DasFox]

When I said, what other outbound traffic and responses are there that need blocking, I meant what other types of traffic might happen over a VPN connection that we need to take some sort of action against?

Most people like myself assumed that when you run OpenVPN, that there is no other traffic that this is the purpose of VPN, to make and allow only this one connection from client to server and nothing else. Now we're making it seem like it's not and we need to block other traffic that can happen over this VPN connection.

Can you please show a link to the XeroBank's instructions for hardening the VPN?

What if you're on XP and use one of the many software firewalls out there, are any of them able to make nic specific rules? And is there any info out there online you can show us about this and making these types of rules?

I also wasn't talking about the obvious, I'm well aware of what it is we are trying to do here, but many people seem to be under the assumption that by installing and using OpenVPN as an example security is already in place and there isn't much an end-user needs to do.

Even myself I look at it like this, why make a client like OpenVPN if you can't even add in certain security measures like some of these we are discussing.


THANKS

[hierophant]

Quote:

Originally Posted by DasFox

When I said, what other outbound traffic and responses are there that need blocking, I meant what other types of traffic might happen over a VPN connection that we need to take some sort of action against?

A "VPN connection" is just a connection to some other network. For "anonymous VPNs", that's a connection to some network with access to the internet. You don't control what's on it. So, at a minimum, you want to block all inbound traffic that's not responses to your outbound traffic. Most all modern operating systems come with such firewalls, and you may want to ensure that they're enabled. You can also set rules for outbound traffic through the VPN. And, of course, the VPN will also be firewalled, to regulate what you can do through it.

Quote:

Originally Posted by DasFox

Most people like myself assumed that when you run OpenVPN, that there is no other traffic that this is the purpose of VPN, to make and allow only this one connection from client to server and nothing else. Now we're making it seem like it's not and we need to block other traffic that can happen over this VPN connection.

Most VPN providers are probably not going to hack you. And you never know. It's better to be safe than sorry, right?

Quote:

Originally Posted by DasFox

Can you please show a link to the XeroBank's instructions for hardening the VPN?

https://xerobank.com/support/article...vpn-dns-leaks/
https://xerobank.com/support/article...12-easy-steps/

Quote:

Originally Posted by DasFox

What if you're on XP and use one of the many software firewalls out there, are any of them able to make nic specific rules? And is there any info out there online you can show us about this and making these types of rules?

Windows 7 -- I posted the URL yesterday.
Symantec Endpoint Protection does.
For others, Google is your friend.

Quote:

Originally Posted by DasFox

I also wasn't talking about the obvious, I'm well aware of what it is we are trying to do here, but many people seem to be under the assumption that by installing and using OpenVPN as an example security is already in place and there isn't much an end-user needs to do.

OpenVPN does some of that, and various VPN providers go further to some extent, and ultimately, you're responsible for your own security. That's especially so if it really matters.

Quote:

Originally Posted by DasFox

Even myself I look at it like this, why make a client like OpenVPN if you can't even add in certain security measures like some of these we are discussing.

Why not ask them?

Quote:

Originally Posted by DasFox

THANKS

De nada.

[DasFox]

Ok, I'm aware of the VPN, so we are more concerned with just blocking incoming requests on the VPN connection correct? Best to be safe and block all incoming requests other then legitimate VPN requests, but if you don't even know what those are, just block everything inbound correct?

Ok for the sake of ease here for everyone I think it's best if we can simply post links for OpenVPN client security for people to follow and since you already posted two links, would there be any others you know of, or that pretty much covers it? But the firewall part at Xerobanks is just for Linux, so might be nice if someone knows of anything for Windows...

By the way I did send in an email to OpenVPN asking about all this. Seems kind of odd to give a client to end-users and not make something for options for the newer user to harden it easier, or at least an online HowTo somewhere on OpenVPN for getting started with just the client securing it for users that connect to a VPN, like many of the anonymity services online...


Thanks hierophant

[hierophant]

Quote:

Originally Posted by DasFox

Ok, I'm aware of the VPN, so we are more concerned with just blocking incoming requests on the VPN connection correct? Best to be safe and block all incoming requests other then legitimate VPN requests, but if you don't even know what those are, just block everything inbound correct?

The xB shorewall config lines block all incoming requests on the VPN. Although there might be legitimate server messages -- such as "I'm about to reboot" or whatever -- the connection seems fine without them.

Quote:

Originally Posted by DasFox

Ok for the sake of ease here for everyone I think it's best if we can simply post links for OpenVPN client security for people to follow and since you already posted two links, would there be any others you know of, or that pretty much covers it? But the firewall part at Xerobanks is just for Linux, so might be nice if someone knows of anything for Windows...

Not me. Sorry.

Quote:

Originally Posted by DasFox

By the way I did send in an email to OpenVPN asking about all this. Seems kind of odd to give a client to end-users and not make something for options for the newer user to harden it easier, or at least an online HowTo somewhere on OpenVPN for getting started with just the client securing it for users that connect to a VPN, like many of the anonymity services online...

Thanks. And remember, OpenVPN is for all VPN connections, and you generally trust the server that you're connecting to.

Quote:

Originally Posted by DasFox

Thanks hierophant

пожалуйста!

[caspian]

Quote:

Originally Posted by Dogbiscuit

How much faster would you say?

I don't know exactly. Just way faster than it use to be. It depends on the connection that you get too. And I guess there is a way to control that.

[DasFox]

Well I installed Shorewall and OpenVPN in my Slackware box.

Thank goodness for a single box Shorewall comes with some samples that work out the box to give you the basics. Can't say I want to spend my life making iptables rules, LOL...

Now all I have to do is find a nice VPN service I like, yeah still looking, LOL...

Then I'll follow those steps on Xerobanks site to harden it....

[hierophant]

Quote:

Originally Posted by DasFox

Well I installed Shorewall and OpenVPN in my Slackware box.

Quote:

Originally Posted by DasFox

Thank goodness for a single box Shorewall comes with some samples that work out the box to give you the basics. Can't say I want to spend my life making iptables rules, LOL...

There is much depth there, for sure

Quote:

Originally Posted by DasFox

Now all I have to do is find a nice VPN service I like, yeah still looking, LOL...

How would you know whether you liked it? I'm serious.

Quote:

Originally Posted by DasFox

Then I'll follow those steps on Xerobanks site to harden it....

They do seem to work. Also, FWIW, they were my introduction to iptables.

[DasFox]

Well all I'm looking for is decent speeds and the privacy, I think like most people.

SwissVPN had nice speeds just that they log the session IP, so I wasn't thrilled about that.

My gut feeling tells me Sweden is the way to go because of all the pirates there up in arms, so Sweden ended up starting a lot of VPN services to fight back and have their privacy. So personally I think this might be a good bet to go VPN in Sweden...

Going to have to keep our eyes on Ipredator and see what comes of that...

[nix]

Yep. Ipredator sounds about right to me. Maybe I'll take that one for a spin myself.

[DasFox]

Quote:

Originally Posted by nix

Yep. Ipredator sounds about right to me. Maybe I'll take that one for a spin myself.

Problem is for me, since this is one of the co-founders of Pirate Bay is all I know, not sure if there are more Pirate Bay members, I think this makes them a very open target, or at least eyes will possibly be on them.

Ok, so we know these guys Mullvad and I listed Relakks, lets get a list going for Swedish VPN services.

Here's what else I've found;

Anonine
https://www.anonine.com/en

VPNtunnel (Read on http://www.start-vpn.com/vpn-provide...nel/vpntunnel/ that they might be a part of another network is all).
https://www.vpntunnel.se/en/

[JokersWild]

This is a very positive discussion. I certainly don't want to throw cold water on anyone's parade. But if we're going to talk about Swedish services, might want to consider their seemingly immanent move towards EU Data Retention Compliance:

http://www.thelocal.se/30150/20101111/

http://www.thelocal.se/29854/20101027/

I am a Countermail subscriber. They are based in Sweden. Out of concern, I sent an email today to Countermail support regarding the proposed legislation and received the following reply:

"Hi,

They have proposed a law that will force us to store the IP-numbers,
sender-address and the receiver-address. The contents of the email will still be encrypted, and only readable by the owner.

But we will probably move our servers to another country to avoid the
IP-collection. This law is supposed to come into force July 1st next year. We
will give more information about this as soon as we know the final result.

Best Regards

Countermail Support"

Privacy and anonymity seem tougher and tougher to pull off no matter where one goes these days. So much to consider...

[DasFox]

You're not raining on any parade...

This is for ISP and since a VPN service is not an ISP from what I was told by a few VPN services they are not affected.

[Searching_ _ _]

Quote:

What is zipline? It's a secure IPSec VPN connection from wherever you are to our secure network. Why would I use zipline? Encrypting ALL of your traffic to the internet: torrents, IRC, web browsing, skype chats, AIM chats, file transfers, gaming, even your DNS queries - you name it. Don't become a victim of unwarranted wiretapping or man-in-the-middle attacks because the service you choose to enjoy does not encrypt their traffic by default. Say - how many wordpress blogs have you ever heard of that wrap their authentication in SSL? What about Facebook? Check your email using POP? What about VoIP or SIP traffic?

$10.00 a month
$80.00 a year
$15.00 a month High Priority
$120.00 a year High Priority
http://www.atenlabs.com/zipline/

ZombieHacking is pretty cool too.
Where can I find a cheat sheet?

[DasFox]

Zipline, it looks ok, but their contact section doesn't even work...

OOPS! You forgot to upload swfobject.js ! You must upload this file for your form to work.

Not having any part of your site not working like this is not professional at all and I take note of all these things when looking over a site, it's layout and function. To me this is not professional and I'll pass...

Thanks for sharing the info though Searching...

By the way who or what is ZombieHacking?

[mskmm]

does anyone know what program has the largest pool of US based proxies?

I'm looking for one that has different areas and doesn't have the first 2 numbers the same (ie- 25.144.71.59 and 25.144.68.21 would link to same area) I'm currently trying 'easy hide ip' (trial) and it seems pretty good...not sure if their pay subscription has a bigger pool of proxies though.

Tor easily wins when it comes to numbers but I'm not sure why you'd want many IPs. It doesn't improve your anonymity at all.

[DasFox]

Well I contacted Ipredator two days ago and no word back, so to me this isn't looking very professional when you can't give a reply back in 1-2 days.

So I wrote them again, let's see if they reply now in a timely manner.

Also anyone had any contact with them?


THANKS

[Searching_ _ _]

Does TOR do IPv6?

@DasFox

ZombieHacking is the art of Neuroliguistic Programming.
At the atenlabs site there is a cool vid about 8 minute cartoon titled ZombieHacking.
Also see Derren Brown http://www.youtube.com/watch?v=3Vz_YTNLn6w

Quote:

Originally Posted by Searching_ _ _

Does TOR do IPv6?

Not officially at least, I see there's a patch from 2007...
https://trac.torproject.org/projects...uldsupportIPv6.

[DasFox]

Quote:

Originally Posted by Searching_ _ _

Does TOR do IPv6?

@DasFox

ZombieHacking is the art of Neuroliguistic Programming.
At the atenlabs site there is a cool vid about 8 minute cartoon titled ZombieHacking.
Also see Derren Brown http://www.youtube.com/watch?v=3Vz_YTNLn6w

Ok wasn't sure what that had to do with Anonymous Services....

[Searching_ _ _]

If you can NLP a person to do something for you you can remain anonymous.

[DasFox]

Well this might technically fall some what under as an Anonymous type of service(s)

Freenet;
http://freenetproject.org

[mskmm]

is there anyway to pick the network proxy in tor? or atleast set it to US proxies only?

[Lyx]

Quote:

Originally Posted by caspian

I have heard that this is good. But you think Tor is better?

I think Jondo and Tor are complementary. E.G. Jondo's nodes are much more trustable than theTor ones. But on the other side there are much more Tor nodes

Great feature: The beta jondo client allows to connect to the Jondo cascade through Tor, according to:

You -> Tor -> Jondo entry Mix -> Jondo Exit mix -> internet

The Jondo entry Mix doesn't know you, as it only sees Tor exit's IP.

And Tor exit node can't snif your trafic, because this trafic is encrypted by the jondo client.


This scheme combines the advantages of each network.



NB: Concerning Linkideo: It's a Jersey company, and the vpn servers are located in NL, FR, US, and (I think) UK. They provide PPTP and Openvpn.