Anonymous Services - Can We Get A List Going And Feedback?

No I don't have it wrong, most ISPs where I live do not hand out static IPs for Broadband, of course they are dynamic, BUT those Dynamic IPs stay with you for 30-45 days.

With your IP out there and a cheapy firewall, you can be owned.

Dynamic IPs on dialup are one thing, on broadband it's not getting dynamically assigned all the time unless you have some strange broadband that's not always on that you sign onto, then of course there is the possibility of getting a new IP assigned.

There's a VERY BIG point to hiding your IP and not exposing it and I can't believe you don't think so.

How do you think people get hacked and what you don't think boxes don't get hacked anymore? Of course they do...

Also if you come out stealth here with your home IP you are NOT as secure against these sort of threats as it gets.

Windows has a firewall and using it will make you stealth YET that is not as good as it gets.

Maybe because you used the word HOME user you think that this makes it ok and it is good enough? Yes for a lot of average users that may be true, but in todays world with all the changes over the past 20 years I don't believe as a Tech that the Windows firewall is good enough anymore...

Even for Grandma just surfing the web and emailing the grandchildern, her box can be hacked and used to commit crimes, so in that sense, no it's not just as good as it gets.

 

Not much to add.

Just to clarify, I said typical home user with windows firewall _and_ a router that does NAT. In the default configuration no ports are forwarded, no listening services on the WAN side, no attack surface, no way to get in that way.

The only possible attack I can think of is a flaw in the TCP/IP stack, Ethernet drivers or the firewall software itself (often iptables). Send crafted package and own the router.
All I can find are DOS attacks that probably won't work when iptables is blocking everything, as for iptables:
http://www.cvedetails.com/vulnerabi...uct_id-1656/Netfilter-Core-Team-Iptables.html
Good luck.

Take a vendor with a less impressive record, netgear:
http://www.cvedetails.com/vendor/834/Netgear.html
I went through the vulns and couldn't find a single one that could be exploited from the internet side just by sending packages against the closed firewall.

I'll stop here, I'm pretty sure you weren't thinking of this kind of highly theoretical risks. (I'm not even sure if it's theoretically possible, the crafted packages need to pass through tons of other routers along their way, are they even going to get through and attack "the right one" at all?)

"Cheapy firewall", if it's running Linux, of course it can be very cheap...
Doesn't say anything about the quality though.

 

Can you share some examples, I'm curious what else you think is possible?

 

I'm not asking for POC code. Just some high level examples, got nothing to do with vulnerability disclosure.
That sort of discussion is accepted by all researchers and hackers I've ever heard from.

 

Am I not getting your wit/humor or are you actually a sort of Self-appointed Grand Educator?

Tsk, how about some clear-cut examples indeed, if only to inform the uneducated like me.
Do you mean well-known stuff like hidden factory admin profiles in a router, vulnerabillities in protocols like HNAP, routers with never updated firmware etc. or much more insidious attacks?

 

As a Tech I certainly understand all the complexities but don't sit here and tell me it's all fantasy about having IP addresses exposed to a hacker when it's not....

 

You did say this; ---> This fear, as most fears, has no validation in reality.

Having no validation of reality, touches on aspects of fantasy and that is what I was talking about.

What question?

And this is starting to go around in circles and is getting silly.

We're suppose to be GEEKS on a SECURITY forum, I'm not here taking cooking lessons and I'm a UNIX Geek that understands a lot and who also doesn't know everything, BUT show me the person who does know everything because there is no such person....

 

Well because we seem to be running around in circles now

You said to me;

No but you passed on answering the question.

That's why I said what question?

And that's why I said all the things I said about this all getting silly and being Geeks and all...

So was this the question(s) you are still looking for?

Good enough against who? Who is your adversary? Which ver of Windoz, which firewall, how is it configured?

And if so, then I said I understand all these complexities and you said good, because I'm the only one, which was silly too, because a lot of Geeks understand all this, so why answer something like this when Geeks on this forum, you being one and me also, need to answer it when we should know, at least I do, don't you?

 

Things we have been talking about that Geeks should understand.

1. Geeks should understand IPs
2. Geeks should understand Ports
3. Geeks should understand the differences across different platforms (OS)
4. Geeks should understand firewalls

 

This reply does not help those that do not understand this technology.

Not everyone is using onion routing, or even knows what it is, so be considerate and post a reply everyone can read about and understand.

You could of at least posted some URLs

http://www.onion-router.net/
http://www.wired.com/politics/security/news/2004/08/64464

TOR is also an onion-routing system so what's with all the secrecy?

 

Usenet is calling His Eminence.

Signed,
"Lunchbox"

 

Usenet, LOL, I'm a Usenet junkie.

Well I'm on the Onion Express and looking at that URL Mr. Eminence posted.

 

I think there are good things about Tor, but privacy is one aspect that it lacks.

It would be nice, since Tor is free and offers the best when it comes to IP hiding and anonymity, but privacy and security are another matter when it comes to Tor, that we can have a discussion on ways in which to improve privacy and security when using Tor...

For the Windows user I found something that might be of interest, Cloakfish;

http://www.cloakfish.com/

Something off the topic a bit, MAC spoofing;

http://www.klcconsulting.net/smac/

I wouldn't mind hearing some input on MAC spoofing...

 

Found something else of interest for a Tor VPN...

http://www.cypherpunk.at/onioncat/

 

Lol, what a mess

 

What's a mess?

Actually OnionCat is a VPN just to be used on the OnionCat Virtual Lan.

My bad, I wish it was something to harden Tor.

 

I believe that katio refers to the thread sans EminenceFront. He'll be back, I'm sure.

 

Ahhh.

HEY now this is really interesting!

TUVPN High Anonymity Free Web Proxy service;

http://www.tuvpn.com/proxy/index.php?ln=en

 

I just noticed that Anonyproz allows OpenVPN chaining. For $10/month this is far cheaper than any double VPN solution.

 

I've seen them before but didn't know about the chaining...

In New Zealand too so that should hopefully be a good thing...

Something I heard the other day on a Tor IRC network that JonDo wouldn't be good to use since they are in Germany and by German law they have to keep logs of the servers...

 

This seems like a replete list:

-http://www.privacylover.com/vpn-and-ssh-tunneling-providers-for-anonymous-internet-surfing/-

 

Please read and heed the listed warning. Some of the sites may be dubious.

 

I can see a few not on that list.

http://vpndog.com/en/ (very cheap)

http://dblvpn.com/ (double vpn)

http://www.doublevpn.com/en/ (double vpn)

http://www.surfonym.com/en/ (Austria)

 

Frank's a good guy and has put together an interesting list. Most interesting to me was the ad for a VPN service right next to the list. Seems like a good "Christmas Special" - does anyone know anything about IBVPN?
http://www.ibvpn.com/premium-vpn.html