Proxo - Fake Proxy Host_Name & IP Filters

OK, briefly...

re: hiding your IP address...

I looked at a couple of online line proxies. To name a couple:

1) Anonymizer - http://www.anonymizer.com/

2) IDzap - http://www.idzap.com/

using the free service, it is easy to see the URL pattern used for each of these and either set up bookmarks or simply copy and paste links into the URL entry spot...

negatives were:

1) if you use proxo with any of these, some (maybe all) of the filters used may not work properly.

2) slows surfing

positive:

both do what they say they will do... hide your IP address

Not satisfied with the above, I started looking at Proxo again.

Bottom line is using public anonymous proxies with proxo as mentioned in the quote above, works well. The biggest effort is sifting thru lists of anonymous proxies and finding 7-10 anonymous proxies which work efficiently, and that you are comfortable with, which don't slow your surfing.

I found Norton's check servers to be helpful in doing a traceroute and who is to id appropriate anonymous public servers

Norton ck server:

http://security.symantec.com/ssc/vr_main.asp?j=0&langid=us&venid=sym&plfid=20&pkj=YXWGOOTGUSDJNRNJWDJ

Google search will yield many lists of anonymous public proxies

Jak's fake Proxy Host_Name & IP Filters adds obfuscation to the mix by providing Pseudo via, xforward, and ClientIP.

 

I was playing around at lockdown and ran the Netbios MAC test here and found that two of the so called anonymous proxies I was using were giving up the proxy MAC address not my MAC address (mine is stealth).

From the standpoint of these 2 proxies are supposed to be anonymous and are instead giving up this info, I'm tempted not to use them, but they work good other than this. It's Hard Work finding good working proxies.

I wonder if the info given is fake info? Besides the MAC address the computer names given look a little bogus to me.

here is the info from lockdown:

This last sentence:

Having your MAC serial number exposed is like having a monster cookie that is leaving your finger print everywhere you go and logging everything you do on the net.

is enough for me to vote to dump

I decided to dump both of the proxies which gave up their proxy MAC address info since they also failed the ping test at lockdown.

Those using anonymous proxies with proxo, may want to check them against some of the on-line test to make sure you are getting what you think (anonymity)

 

A few here have expressed reservation about making a call to the lockdown page. This may be a trust or principle issue for some considering the history (of what was it lockdown 2000 software and resulting lawsuit), however, just a quick word on the test page at lockdown...

I found the lockdown test page to be very helpful in eliminating 3 of the 7 anonymous proxies which I had selected.

If the anonymous proxy failed any of the following tests, it was out:

Netbios MAC test


Netbios probe


If the anonymous proxy passed the two tests above but failed the lockdown DoS ping test, but otherwise was a good fast proxy, I made a judgement call - not automatic kick out since per the DoS test If you are on a proxy and your REAL IP does not show up in the ping test, your computer is NOT in ANY danger from this DoS attack.

Best result when using a proxy for this DoS test looks like this (which I achieved):

Stealth Ping Test

Sending five packets to your computer...

PING 111.111.111.111 (111.111.111.111): 56 data bytes

--- 111.111.111.111 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss


Proxy Test in progress...
Scanning for a proxy server on standard ports 1080 and 8080...

There was no proxy server detected


The lockdown tests also showed me the importance of running Jak's Fake Proxy Host config with the pseudo Via, Xforward and Client IP. If any of the proxies is giving up this info Jak's config substitutes the pseudo VIA, XForward & Client IP.

Finally, the test page provided some good food for thought in left hand margin for those using so called open anonymous proxies:

Open Proxy Servers ARE NOT secure!

They can not only direct hackers right to your computer, but also give complete access to your private information, system passwords and log web pages that you have visited.

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Hi "GUyz",
There is a new version of Jaxpack (JakxPack IV.) @ http://computercops.biz/postp108322.html or http://www.cheatandwin.com/~proxo/forums (server down @ the present)

Take Care & Safe-Surfin',
"~Jak~" =

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Thanks JakBeNymble for the links.

any progress on using proxo as an IP filter as discussed below, or is this a dead issue now due to constraints

http://www.cheatandwin.com/~proxo/forums/index.php?showtopic=70&st=0&

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

You are more than Welcome "~peakaboo~". And also I forgot My Manners awhile ago. (Thank You for letting Me Post in this Forum)

The only way that You could "Cloak" the IP header would be to use a "Remote Anonymous Proxy". If You were to alter the "actual IP" the Server would not know where to send the "Request" to. This is one reason why I started working on creating the JakxPack filter set. You never really know "who" is running the Remote Proxy that You might be using to surf through. And moreover for what "PURPOSE"! JakxPack has "almost" all the anonymity of using a Remote Proxy, but without slowing down surfing. And because of the "unknown" factor of using a Proxy that keeps "logs" it offers better anonymity in that respect. A good "Admin" with a "quick" eye and a couple of hours can track You down even if You are "chained" through a 1000 proxies. You could be chained through many proxies and if the web-page has a "java IP retrival Applet" imbeded in the Html, as soon as Your browser loads the page, the "Applet" will "grab" Your personal info and "bounce" it right back to the server. Thereby compromising Your Anonymity. But this too can be "Filtered" out by "Proxo filters".

I haven't heard yet from "Kye-U" so I'm not sure why the Un-Offical Proxomitron Forum is down, but I hope that it's up and running soon. There are a couple of "New" filter configs that can be downloaded from the "Data-base" that can take care of many of surfin' hazards.

I'm working right now on the next Version which will look more like "normal" web-traffic.

Here is a URL where You can get a very nice PRoxo-interface that You might be interested in if You are a PRoxo user. http://www.xs4all.nl/~vsetten/prox/
And here is a link to check out for Proxomiton help. http://www.proxomitron.info

And once again, thankx for letting Me post here, I hope to get back here soon. From what I have seen this is a Very Nice Informative Site to Visit!

Take Care & Have a Great and Wonderful After-Noon,
"~JaK~" =

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Oh, . .one more thing, the "JAP" program has been "back-doored" so its not a real safe proggie to use anymore. It's a shame too, I really like that program. But these things happen when the "pressure" is applied in the right places.

Safe-Surfin,
Your Friend,
"~JaK~"

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Hi "GUyz",

Also, I might mention that most of the "safe" site only use a "default server log". So they are not to "nosey" with capturing information. In this case the servers will just ignore the "extra" headers that Jakxpack forwards through. However the "nosey" sites that seem to be interested in capturing as much info as they can will log the extra headers. In this case I believe that Jakxpack is very effective in providing as much "anonymity" that is possible without using a "remote anonymous proxy".

Safe-Surfin',
"~JaK~"

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Sorry Jak, I phrased the question incorrectly.

My real question & the link I provided had to do with using proxo as a firewall.

http://www.cheatandwin.com/~proxo/forums/index.php?showtopic=70&st=0&

unfortunately the Kye's site is still down

Last post in that thread cast some doubt as to the possibility of using proxy as a firewall, but I think you said you were going to look in your notes to discern the possibilities.

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

"~Peekaboo~",
I wish that I could say that ~"Proxo~" could be set-up to run as a fire-wall but I also am doubtful of it. I have in my note book some filter arrangements that were used for some of the "e-mail" worms a few years ago. But basically what the filters did were block "Out-look" and other e-mail clients from "getting" out. Without the ability to "block" ports, I'm afraid Proxo wouldn't be able to offer much security. But when it comes to filtering Html and IN/Out "headers", . . .it's the best I've ever seen or worked with.

"~Proxo~" works really well for Http/Https protocols, but that's just about it. I was hoping that "Scott" would come up with a "Proxomitronic O/S", now I would not have minded "coughin' up a few hard-earned coins for that! With a "Proxo" shell we could set-up and filter anything comin' & a goin'.

I've still not heard anything from "~KYE-U~", . . .I don't know whats went down, . . .maybe "Kye" didn't pay the electric bill this month, . .LOL! At this point I would almost wire him the money if I knew that's for sure what it was! LOL!

Be Back later,
Take Care ~"Peekaboo~",
"~JaK~"

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Thanks Jak

Hope Kye_U can get it up

I like that proxo site.

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

LOL! Thankx "~Peekaboo~",
I'm glad that some of "Y'all" come over! I really like this FORUM too. I hope You "GUyz" don't mind Me a hangin' 'round.
I'm kinda out of "House and Home" right now with the server down. There's not to many "Friendly" FORUMS that I've found.

There's a "ton" of Good information here and when "~Kye~" getz it back up again, . . .*Smiles*, . . . I will make sure that there's a link from there to here!

Have a Great & Wonderful After-Noon My Good Friend,
"~JaK~"

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Interesting thread this - I use both Proxomitron and JAP so would like to mention a few things.

Faking a local proxy via Proxomitron seems totally pointless to me - the web site you connect to has got to have your IP address to send data back and the web server will log network connections - ignoring the HTTP header changes that Proxomitron makes, so aside from confusing some online scan sites I cannot see this achieving much security-wise.

Using a proxy server will hide your IP address from websites as long as the proxy does not report it. This is something that can be checked (Privacy.net's Analysis Page should do the job here). It will not hide your activities from your ISP though (who can see all traffic coming to and exiting from your PC). Anyone concerned about a visit from the Men in Black should be most concerned about the records their ISP keeps on this traffic.

An anonymising proxy (by which I mean one that encrypts traffic between your PC and the proxy server) will hide your activity from your ISP as well as disguise your real IP address. However, if you allow Javascript, Java or ActiveX then your browser could be "encouraged" by a website to make a direct connection bypassing the proxy - to avoid this either filter such content or use a firewall to block "normal" HTTP (only practical if you use the proxy all the time).

With proxies you do have to trust the administrator to some extent. With JAP however you can run your connection through multiple proxies (called a mix although there are only a couple of these available currently - see the JAP Homepage for details) so no individual proxy can track your activities. Since the client software is open source, any attempt to compromise the service by adding backdoor code can be detected (see this post for details) which makes JAP far superior to any of the commerical services in my view.

JAP does have its downsides - speed can be pretty anaemic at peak time (down to 2-3KB/sec with web browsing - the best speed I have encountered is 18-20KB/sec) and the client does sometimes lose its connection with the mix server (setting the Anonymity/Auto-Reconnect and Miscellaneous/Send Dummy Packet options can help greatly here). The InfoService (which tracks mix availability and usage) appears to be a single point of failure - if it goes down then no mixes can be accessed. However the service has had surprisingly little downtime for what is a research project. JAP covers HTTP, HTTPS and FTP protocols only - if you want anonymous chat, IM or P2P then you need to look elsewhere (although a web-based gateway for such services would be covered).

JAP makes no attempt to filter cookies or active content (Java, Javascript, ActiveX) or advertising. This is a good thing IMHO since these should be left to individual preferences. The JAP Forums on SourceForge are a good place to get further information - especially if you speak German!

JakBeNymble:

The JAP backdoor was removed some months ago - see my previous post for details.

Peakaboo:

Sorry, Proxomitron cannot be used as a firewall. It will only filter HTTP (web traffic - though it can do encrypted web traffic as well with the OpenSSL DLLs installed) so cannot handle any other network applications. It also has no ability to intercept incoming traffic before the Windows networking system does which is a key requirement of any firewall.

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Hi "~Paranoid2000~",
Thankx for the update on the JAP program, I had not heard about the overturn on the court dicision.

But let me explain about the JakPack filter set. While it doesn't alter Your actual IP, and You are directly connected to the server. It doesn't fake a Local Proxy. But what it does do is (to Server), Your actual IP is made to look like the IP of a actual Remote Proxy out on the Net that's "Spillin" Your info through the Proxy. Here is what My Header fields look like to a checker page. Now remember this "all" Fake:

To the checker page, it "appears" that I've chained two remote Proxies for the connection, when I'm actually directly connected. Now if I use and actual Remote Anonymous Proxy to cloak My IP, it will still forward all the Proxo/Jakxpack header through.

Take Care and Safe-Surfin'
~JaK~ =

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Fair enough - you have a setup that confuses those few sites that check for a proxy but without concealing your real IP address. But then what is the point of this? The vast majority of websites will not check for a proxy but will just note your real IP address in their server logs (which is presumably what you want to avoid) - those that do check for a proxy are mostly online scan or information sites so confusing them is not usually beneficial.

If you use a proxy that reports your IP address then this again will be your "real" IP address (and the proxy logs will use it too). If you use one that does not report/log then that filter is truly redundant. I would say that it is an interesting exercise, but not one that anyone should rely on for their online privacy. However it's your choice.

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

JackBN

This is the partial results of a scan taken just moments ago using your list:


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us Host: www.privacy.net Referer: http://www.privacy.net/analyze/ User-Agent: Opera/5.02 (Windows 98; U) [en] Accept-Encoding: gzip, deflate


Note that the Referrer was not blocked. Furthermore, the trace did not miss a heart beat an led directly to my correct address....no signs of a "spill"
while your list does provide some added privacy and your efforts are appreciated........

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

**NOTE** the links in my last post are "live" sorry, forgot to change that......the site of course is ok.....will be more alert in the future.

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

An here are the results using LEVEL 6........same results as previous:


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us Host: <privacy.net> Referer: hxxp://<privacy.net>/analyze/ User-Agent: Opera/5.02 (Windows 98; U) [en] Accept-Encoding: gzip, deflate


Again the referrer was not blocked. Blocked may not be the correct word...perhaps "spoofed"

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

my 2 cents:

if u don't think it helps don't use JBN's filter.

JBN filter serves to obfuscate, does not claim to cloak.

use it in conjunction with High anonymity servers to further befuddle the confused.

JBN thanks for all your work on this filter

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

The internet carries many security websites containing forums where people meet in open discussion regarding numerous matters....firewalls..virus scanners....block list....spyware.....an through the avenue of discussion products improve.....discussion being the means to obtain a goal.
Most vendors welcome such discusion because its their products that are improved. Its in the spirit of goodwill that thoughts are expressed..ideas exchanged........

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Snowguy,

what is your question? maybe Jak can answer it.

his filter is not designed to block or spoof referrer. As I understand it, it spoofs via, xforward & client IP header.

to block referrer if using proxo for those who don't know, just ck the out box for this standard filter: Referer: Hide where we've been (Out)

snowguy looks like you already are using this standard referrer out filter.

as I said probably the best use of Jak's filter would be to use in conjunction with with High anonymity proxies.

____________

Jak I have a question for you if you venture back to these parts.

back on page 1 post #10 is this possible for proxo to spoof:

p.s. maybe another addition to Jak's config. if it is possible, which I doubt but maybe if Proxo can spoof port 8080 somehow upon probe to say yes there is an anonymous proxy here.

if so this would complete the spoof circle, just thinking out loud. I may be all wet. But I am curious.

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Greetings Peekaboo

Hope you are doing well this morning........nice of you to offer instruction.....I am always open to new ideas......althought I have been tinkering around with proxo somewhere like eight years or so....always something more to be learned........
Question...no question....seems kinda pointless
Now have yourself a real fine day.......seeya


TheSnowGuy>snowman

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Thankx "~Peekaboo~" I appreciate that very much!
And You explained what the JakxPack does to a tee. I have been very suprised at just how "many" sites are actually fooled by the filter set. I have a lot of fun with it myself. LOL! You and I are thinking along the same lines "~Peekaboo~", . . .I've been thinking on how I can ::GET:: PROXO to execute the "spoofin' script" upon scan. I can make PROXO run a localfile when "triggered", . . .Any and all hints would be greatly apprecaite!

"~Paranoid2000~",

"~TheSnowGuy~",
Just copy and paste this simple filter into Your PROXO default.configs under [HEADERS] and it will stop this from appearing Your scan
[QUOTE}In = FALSE
Out = TRUE
Key = "AcceptOut)"[/QUOTE]
And besure to disable the "Active Content" in Your browser "VBS & Java-Script" can "nail Your Hide" everytime even if You are using PROXO.

Here is my results from the Privacy-site:

And that's a spoofed Date/Time Stamp also

Take Care & Safe-Surfin',
"~JAK~" =;-)

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

Sorry SnowGuy,
I missed the "tag", I'll try it again.

Have a Great & Wonderful Day,
"~JAK~" =

 

Re: Proxo - Fake Proxy Host_Name & IP Filters

JBN,

that is a really good result for privacy.net scan

humphammer.net <--getting close

lol humphammer

congrats! privacy.net is one of the harder ones to fool
___________

Jak, if you figure a way to spoof the existence of a proxy server let me know!

if you get it to fool the following site and get it to read:

http://stealthtests.lockdowncorp.com/cgi-bin/proxy

Stealth Test ...
You Appear To Be Stealthed Or On An ANONYMOUS Proxy!

let me know

some of the more stupid sites are already tricked into thinking the actual ip is a proxy server



Have a good one Jak