Jump to content


Photo
- - - - -

Hiding Your Ip


  • Please log in to reply
54 replies to this topic

#1 Dragonman69

Dragonman69

    Newbie

  • Active Members
  • 7 posts

Posted 19 April 2012 - 11:00 PM

Hello all, I am looking for a way to make it look like I am comming from all over the world and be untraceable. I have been reading that you can do this through multiple proxies but I was unsure of the accurecy of the information. Basically I don't want my "activities" to be able to be traced back to me. If you could point me to a good website with this information or any information here would be good. Tks

#2 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 19 April 2012 - 11:05 PM

Start with searching the forums. Might save you time, and you can then come back and refine your question to get answers not already given by others with similar questions -

http://forums.hak5.o...h&fromMainBar=1

Edited by digip, 19 April 2012 - 11:05 PM.

@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#3 Dragonman69

Dragonman69

    Newbie

  • Active Members
  • 7 posts

Posted 20 April 2012 - 12:25 AM

Tks Digip for responding, I have been reading the forums for the last few hours but not really finding exactly what I am looking for and googling for a couple of hours before that, I got to get a life I guess lol and I am beginning to think I have to rethink my searches. I will admit I did run across alot of good info on other topics that I will use but wasn't looking for which always seems to be the way, alot of very smart people on here and a few very stupid ones for not following advice given to them.

#4 digininja

digininja

    Elite

  • Global Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,576 posts
  • Gender:Male
  • Location:Sheffield, UK

Posted 20 April 2012 - 03:02 AM

Simple answer, you can't stop your "activities" from being traced back to you. Check out a lot of the recent Lulzsec and Anon arrests and most are because people thought they were hiding their tracks but weren't. Sabu seems to be a very smart guy (regardless of whether you agree with his politics or not) and because of the nature of his activities would have been extra paranoid but still a single mistake and he was grabbed.

Whatever service or system you chose, assume that it isn't completely anonymizing you and make sure that your "activities" are not things that will get you in trouble when you make that one simple mistake.

#5 bobbyb1980

bobbyb1980

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 513 posts
  • Gender:Male

Posted 20 April 2012 - 08:56 AM

I read the FBI affidavit on Sabu... it seemed that they actually pinned all that stuff on him from setting up a device similar to a pineapple outside his home and verifying that it was indeed his MAC addy connecting to his router where they were able to see he was connecting to TOR. If the dude would have just spoofed a MAC or set it to a random one everytime the machine booted and leeched off of his neighbor's wifi, then they wouldn't have been able to catch him (using their rules of engagement, or it would have been much more difficult). I'm not saying it's right to do that, I'd never do that, but come on, if you're gonna hack gov contractors you can't just connect to your home router and jump on TOR thinking you'll be protected.

#6 Dragonman69

Dragonman69

    Newbie

  • Active Members
  • 7 posts

Posted 20 April 2012 - 09:13 AM

In your opinion would you be safer to go through proxies in countries like say china or north korea or ones like that?

#7 Dragonman69

Dragonman69

    Newbie

  • Active Members
  • 7 posts

Posted 20 April 2012 - 09:24 AM

Sure was an interresting read Digininja and tks for the info

#8 Dragonman69

Dragonman69

    Newbie

  • Active Members
  • 7 posts

Posted 20 April 2012 - 01:57 PM

My brain is turning to mush reading all this stuff on proxies lol.

#9 digininja

digininja

    Elite

  • Global Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,576 posts
  • Gender:Male
  • Location:Sheffield, UK

Posted 20 April 2012 - 02:01 PM

Sabu, from what I've read and heard, was caught because he connected to an IRC server directly rather than going through whatever proxy setup he was normally using. That one slip gave out his real IP and lead the police back to him.

For basic tunnelling to offer probably about as much anonymity as you are going to get without putting a lot of effort in just use Tor. There used to be ways to still try to lift the anonymity and the person running the end point can always sniff your traffic but for general anon surfing it is about the best you are going to get.

#10 Infiltrator

Infiltrator

    Gray-Hat Specialist

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,392 posts
  • Gender:Male
  • Location:Over the Atlantic, at a cruising altitude of 70.000 feet.
  • Interests:Wireless and Network Security
    Server Virtualization
    Computer Network Infrastructure
    Server implementation.
    General Aviation
    RC Airplanes and Helicopters
    Scuba Diving
    Sky Diving
    War driving
    Solar battery Systems.
    Pen-Testing
    Command & Conquer

Posted 20 April 2012 - 08:18 PM

If you want to change your IP address, I'd use TOR Project, but remember that it won't 100% hide your IP address.

They can still track back to you. Also TOR isn't the fastest when it comes to fast connection, so it will probably frustrate you.

Edited by Infiltrator, 20 April 2012 - 08:20 PM.

Regards,
Infiltrator


Posted Image

Currently studying for my CCE.

#11 Sitwon

Sitwon

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 393 posts

Posted 21 April 2012 - 12:28 AM

In your opinion would you be safer to go through proxies in countries like say china or north korea or ones like that?

Safer in what way? On the one hand, Western government wouldn't be able to subpoena the ISPs in those countries to give up connection logs, but you would be willingly subjecting your traffic to governments who have no qualms with sniffing your traffic or worse. In some of those countries they actively MITM many types of encrypted connections or tunneling attempts so that they can log and filter your traffic.

#12 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 21 April 2012 - 08:02 AM

Best bet, and some of this might not be completely legal, so use at your own discretion, get a pre-paid visa gift card paid for in cash, register it with a fake name, fake address, etc. Activate it from a remote location, not close to where you live. Then, sign up with a site that has shell access or even better, VPN access and even the capabilities to set up TOR exits. Using the pre-paid visa gift card, pay for all the services to get up and running. Then use either an SSH tunnel off of this site to encrypt all your traffic, possibly between multiple SSH tunnels, or add it as a TOR exit node, or if it has VPN capabilities to mask your IP, use it with TOR through the VPN itself. The trick here, is when using this setup, NEVER use it from your home, and NEVER log on to any website tied to your real identity(twitter, gmail, etc) and never let anyone else know, that you use a service like this. You would also need internet access from a location that to some extent, conceals your actions as well, whether it be open wifi hot spots, hotels, etc, you will want to be able to reach networks without having to physically be near them or in the public view. You will also want to spoof your MAC address on each use, in the event they trace it back to the physical location, you keep them on their toes.

Nothing is full proof, and it someone spends the time, money and resources, they will track you down at some point. If you want to live in fear of the man coming for you, and you intend to break the law, doing malicious things with computers and abusing other networks, then you shouldn't be surprised if someone shows up on your doorstep with an arrest warrant.

If you just want anonymity for the most part, or need to get around country filters, like say watching something on Hulu from outside the US, use a paid VPN service that masks your IP and country location.
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#13 bobbyb1980

bobbyb1980

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 513 posts
  • Gender:Male

Posted 21 April 2012 - 09:16 AM

Or you could take that same prepaid card and buy a 3g modem (obviously don't put any of your real info on any papers). When they trace GSM signals in urban environments their accuracy is about ~50 meters, which means if you were in an apartment complex they'd literally have to search a 50 meter radius in the complex which could mean 10 or 20 diff apartments, which 9 times out of 10 they won't do as it would completely give themselves away.

I'm also going to guess, that at least US law enforcement, isn't going to use this type of technology to trace cell phones to physical locations for cases that aren't related to drugs or terrorism.

The FBI has very strict protocols they must follow to indict someone. These protocols, thanks to anonymous, are public info. If one were to read them one could see how to avoid detection...

Its funny that anonymous and all those groups were mentioned in this thread. I've never said it before but personally I think they're some kind of trap, I don't know. All I know is that the hackers that I've met IRL over the past 5 years or so, I've never had a conversation about politics with any of them and they definitely weren't hungry for any type of attention.

#14 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 21 April 2012 - 10:49 AM

Or you could take that same prepaid card and buy a 3g modem (obviously don't put any of your real info on any papers). When they trace GSM signals in urban environments their accuracy is about ~50 meters, which means if you were in an apartment complex they'd literally have to search a 50 meter radius in the complex which could mean 10 or 20 diff apartments, which 9 times out of 10 they won't do as it would completely give themselves away.

I'm also going to guess, that at least US law enforcement, isn't going to use this type of technology to trace cell phones to physical locations for cases that aren't related to drugs or terrorism.

The FBI has very strict protocols they must follow to indict someone. These protocols, thanks to anonymous, are public info. If one were to read them one could see how to avoid detection...

Its funny that anonymous and all those groups were mentioned in this thread. I've never said it before but personally I think they're some kind of trap, I don't know. All I know is that the hackers that I've met IRL over the past 5 years or so, I've never had a conversation about politics with any of them and they definitely weren't hungry for any type of attention.

I'm not sure on the accuracy of the 3G modem and triangulation, but if google can give you pin point accuracy within a few feet over wifi, I'm pretty sure law enforcment could do it too. If you own a device like an ipad or touchpad, or mobile phone that uses wireless, use google's location service and be surprised what it shows. From my touchpad, using bing maps and the google api, it shows me within a few feet of where I am, or more correctly, where my wireless router is. No IP lookup, but wireless device triangulation. I wouldn't expect to use a 3G access point as my cover with any regard to security. Especially if I had it with me, moving from place to place, it just makes it that much easier for them to track you.
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#15 bobbyb1980

bobbyb1980

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 513 posts
  • Gender:Male

Posted 21 April 2012 - 11:33 AM

digi - I don't really understand what it is you're saying. While google can trace wifi signals on phones accurately, to my knowledge 3G runs on completely different frequencies with different properties. Don't a lot of those phones have GPS devices embedded also? Read this paper on geolocating IP's on 3G networks.

www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCQQFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.210.2072%26rep%3Drep1%26type%3Dpdf&ei=Ut2ST_3EN46Jtwfk-eG1Cw&usg=AFQjCNGzseTqbg_1gEj0LTXyxxMMc5S8fA

If you skip to section 6 in the conclusion part, it basically says that accurate geolocation using IP addresses on cellular networks is near impossible. While it still would be possible to triangulate the signal to get physical location, wikipedia says that is only accurate up to 50 meters in urban settings and even more inaccurate in rural settings. http://en.wikipedia...._phone_tracking

"Advanced systems determine the sector in which the mobile phone resides and roughly estimate also the distance to the base station. Further approximation can be done by interpolating signals between adjacent antenna towers. Qualified services may achieve a precision of down to 50 meters in urban areas where mobile traffic and density of antenna towers (base stations) is sufficiently high. Rural and desolate areas may see miles between base stations and therefore determine locations less precisely."

I also noticed in the affidavits I've read that the people the FBI are catching, they aren't using 3G.

I'm not very knowledgeable on this topic so take what I say with a grain of salt, but I've heard through the grapevine that this type of technology is pretty advanced and only used in the upper echelons of federal agencies and the military, IE, you'd have to do something really really bad for them to come after you with this technology. And even if they do, just take the SIM card out of the 3g modem when you're not using it and there is nothing to trace.

#16 Dragonman69

Dragonman69

    Newbie

  • Active Members
  • 7 posts

Posted 21 April 2012 - 01:00 PM

Thanks guys you gave me some good ideas. I was thinking about shell acounts but haven't got to that part of my research yet.

#17 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 22 April 2012 - 09:34 AM

digi - I don't really understand what it is you're saying. While google can trace wifi signals on phones accurately, to my knowledge 3G runs on completely different frequencies with different properties. Don't a lot of those phones have GPS devices embedded also? Read this paper on geolocating IP's on 3G networks.

www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCQQFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.210.2072%26rep%3Drep1%26type%3Dpdf&ei=Ut2ST_3EN46Jtwfk-eG1Cw&usg=AFQjCNGzseTqbg_1gEj0LTXyxxMMc5S8fA

If you skip to section 6 in the conclusion part, it basically says that accurate geolocation using IP addresses on cellular networks is near impossible. While it still would be possible to triangulate the signal to get physical location, wikipedia says that is only accurate up to 50 meters in urban settings and even more inaccurate in rural settings. http://en.wikipedia...._phone_tracking

"Advanced systems determine the sector in which the mobile phone resides and roughly estimate also the distance to the base station. Further approximation can be done by interpolating signals between adjacent antenna towers. Qualified services may achieve a precision of down to 50 meters in urban areas where mobile traffic and density of antenna towers (base stations) is sufficiently high. Rural and desolate areas may see miles between base stations and therefore determine locations less precisely."

I also noticed in the affidavits I've read that the people the FBI are catching, they aren't using 3G.

I'm not very knowledgeable on this topic so take what I say with a grain of salt, but I've heard through the grapevine that this type of technology is pretty advanced and only used in the upper echelons of federal agencies and the military, IE, you'd have to do something really really bad for them to come after you with this technology. And even if they do, just take the SIM card out of the 3g modem when you're not using it and there is nothing to trace.

I think it depends on where you are with it and how you use it, but I wouldn't bet on being secure with it alone like its an ace in the hole. Especially if you move place to place with the 3g device while its on, with enough signal and time tracking it, law enforcement would be able to find you. They could contact the phone company who's service you connect over, and shut you down leaving the 3G device disabled to the itnernet, but still track it, or just intercept your traffic and sniff everything you do on the 3G connection.

Think about what you are saying, regardless of triangulation, you are using the cell companies towers, which they can track which towers you are near and have connected to, and law enforcement can get a warrant to sniff your connection, or even force you to 2g vs 3g (since most devices will fall back or drop down to 2g for compatibility modes), which they can then remove 3G encryption and see all your traffic in the clear(although I am nto 100% sure on this with 3G modems, I do believe it works that way with cell phones, which 2G encryption is known to be broken to quote Georgia Weidman).

Now, you might tunnel your traffic over TOR or VPN via the 3g connection, but they can see the end points and still have control of the 3G network, and at some point figure this stuff out, or deny access to those networks or just deny you internet access all together. Same with wifi, but at least with wifi, when you leave a location and turn off your device, the connection doesn't leave with you, as where with 3g next time you turn it back on, "oh look, its on the other side of town now". They would be able to track your movements and eventually find you. Same with Wifi, but I think with wifi would be a tad harder, so long as you don't use the same places to connect from all the time, and don't leave identifying clues/trails when going online that pinpoint you as the same culprit each time. Hacking over 3G, leaves a consistent point of return every time to come back to when investigating.
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#18 bobbyb1980

bobbyb1980

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 513 posts
  • Gender:Male

Posted 22 April 2012 - 10:11 AM

digi - I understand what you're saying but it appears that the vast majority of your argument is based on speculation. 3G is not GPS. At least publicly, there is no central 3g tracking center designed to give coordinates on all 3G users.

The goal of using 3G is to limit the probability of someone finding your PHYSICAL location As you mentioned, if I were interested in hiding traffic or preventing traffic from being sniffed, all I would need is to connect to a VPN via 3G.

You are incorrect about "them" being able to track your movements. Assuming wikipedia provides correct info, in a best case scenario they'll only get up to 50 meters accuracy of the location of the modem.

Hacking over 3G, leaves a consistent point of return every time to come back to when investigating.


As opposed to hacking over a landline?

They could contact the phone company who's service you connect over, and shut you down leaving the 3G device disabled to the itnernet, but still track it, or just intercept your traffic and sniff everything you do on the 3G connection.


And they can't do this on landlines? It's actually much easier for them to do this on landlines, no?

Think about what you are saying, regardless of triangulation, you are using the cell companies towers, which they can track which towers you are near and have connected to, and law enforcement can get a warrant to sniff your connection


Once again, it would be easier for LE to do this if you were using a landline... and once again, the goal is not hiding data, it's hiding a physical location.

I have a question, are you aware of any cases where someone's physical location was tracked down from using 3g? I am not. I am aware of MANY recent cases where physical locations were determined, even though the target was using wifi + VPN/TOR. If FBI affadavits tell us nothing else, they tell us they have the technology to determine the physical location of someone using TOR/VPN who is connecting from a landline. Not saying 3G is a sure shot way to hide your identity, but it seems LE isn't quite there yet.

Edited by bobbyb1980, 22 April 2012 - 10:45 AM.


#19 digininja

digininja

    Elite

  • Global Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,576 posts
  • Gender:Male
  • Location:Sheffield, UK

Posted 22 April 2012 - 11:55 AM

I have a whole plan as to how this can work which involves international flights, wifi, coffee shops and hotels, local mifi and countries with limited IT law.

Buy me a drink at a conference if you want to know more

#20 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 22 April 2012 - 04:33 PM

As opposed to hacking over a landline?

I would never suggest using a landline, assuming you mean dial up or wired connection from your home or someone elses. I was saying, only use wifi exclusively, and not from your own network. If you are doing something illegal, then might as well do it on someone else's wifi, and not anywhere near where you live, but more from on the road like cafe's/hot spots, libraries, hotels, airports, etc. Connecting wirelessly gives you some anonymity as where 3G ties you to that same 3G device every time due to how the device works and identifies itself, just from different locations you decide to turn it on. With 3G, it follows you on the physical device everywhere you use it and from my perspective, gives too much of a trail to leave behind if its associated with a hacking event. If done over wifi with spoofed mac address every time, you tie it first to the access points you use, then back to you, so if you continually hop networks, with spoofed mac addresses each time, its that much harder to say its the same person they are trying to track down.

By the way, 50 meters is only 164 feet. Thats a pretty small radius. They could easily pin point that as one building or location in my mind.

I also recall last Christmas, shopping malls tracking visitors to see what stores the same people bought it, based on phones signal and I think IMEI, or some other unique identifier on the phone.

Edited by digip, 22 April 2012 - 04:38 PM.

@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users