Hiding IP address

even with proxy servers, some sites are intelligent enough to trace back the local ip address you use. other possible way could be to use a router sort of thing which connects with external world and your system.

whenever access comes from your machine, router will rewrite the ip address and send it to destination site. so the destination will always get router's ip address. a cheap linux box(x286) will do for a router and internet connection manager

hope this solves

Ther's a lovely program called proxomitron for windows:

http://www.proxomitron.org/

Provided you have access to enough proxies, you can keep changing your 'apparent' ip to a different proxy at each connection request.

It also does great things like filtering popups and other junk that might wish to run on your PC

Hope that helps:)

ive personally never heard of a 'router sort of thing' that sekargopi is talking about.

But Pjedmond and shadow are on the right track.  

Using anonymous proxies is the best way to hide your tracks.  There are enough free and anonymous WEB proxies out there for surfing anonymously.  But...using other apps like IRC anonymously...those proxies are harder to come by.  usually anonymous public proxy servers only open up 80 or 8080 to allow HTTP traffic and that's it.  If you REALLY want to be anonymous...you'll most likely have to purchase a subscription to a pay-based proxy service whch allows you much more flexible internet anonymity.  

Even those free proxies on the Internet...99.9% of them are bad addresses, old addresses or just plain not working.  So..its frustrating.  Searching Google returns TONS of sites and literally hundreds of addresses to try out.  You could use a tool such as Access Diver to bulk import a huge list of those and it can run a check.

Unfortunately its another case of...most good things arent free.  Quick, easy and cheap HTTP traffic is sometimes free if you can find an open one...the  rest is usually pay-based.  

> I don't care if the school authorities trace me, but I DO mind other students being able to point back at me.

Good. Because you cannot really hide at all. I am unclear here how you think other students can use IP to trace you out. If they are sufficiently intelligent, they can uncover your activity other ways. But in part, a specific answer depends on topology.

Suppose you are on a campus where numerous students access a distant server via ethernet card that has copper wires run to a router through hubs. To make admin easier, they run dhcp. This is simpler than having students manually type in things they've yet to understand.

Now you are severely limited for range of addresses available if you want any functionality at all. This is called subnetting. Try running IPConfig /all  to see all the number assignments. Then run IPConfig /?  to get list of options.

If the bottom of your screen for /all options shows that you have a lease period, this is talking about dhcp. Do some simple math to find out the range., the rate of change. It should be every four weeks, IMO, but is probably closer to 2-4 days. So if it is small, as I suspect, then exercise these options.

On Friday:
IPConfig /Release

On Monday:
IPConfig /ReNew

In between, do your homework, visit family, party.

The admin has you locked into both the subnet and the specific address for a limited amount of time. Once you permit the time period to elapse, then your prior address will be given to another user. Then you reboot to request an address, and the one you are assigned is going to be necessarily different. There is no mapping of such address to any human.

So, same human can have this control over changing address. It is built into the protocol. But there's an issue of timing involved to make it do what you want -- getting a different address.

Sunbow has good thinking here but don't most DHCP servers tie the IP it gives you...to the MAC address?  This has been my thought.  If the scope is rarely modified and the pool runs smoothly...chances are even with a 4 day lease, you're issued the same IP each renewal based on your MAC address.  This rarely changes.  

So even though you can renew/release to heart's content, I believe you'll be issued the same IP unless you get a new NIC card or unless the admins change the scope parameters of the subnet.  

Thanks for all your help so far...

A question for SunBow - when I run ipconfig it just flashes up there for a sec and then the window closes so I can't read anything. What gives?

Oh, and Proxomitron doesn't seem to hide my address when connect to others on the LAN, which is what I really want. I know I can surf the web "anonymously" but what about when I connect to other students' servers on the LAN?

If you want to connect anonymously to other servers on LAN, you can try sockscap at http://www.socks.permeo.com/Download/SocksCapDownload/index.asp .

nouellette> don't most DHCP servers tie the IP it gives you...to the MAC address

Yes/No. Not most, but all servers. The address while in use is tied to machine's identification (unique), typically MAC, but not necessarily NIC... or else the server itself is misbehaving (it is in the spec). But for general use of PC's, you should assume it is the 12 hex_digit NIC address.

Further, the server does remember the association after the client requests release from the association. This is quite important to rememeber. It is very friendly for handling unusual periods such as holidays and vactions and in preserving the licenses that would otherwise have expired. OTOH it is very bad when trying to administer systems an performing upgrades - picture trying to make a change in ISP. Not fun for when everybody but you keeps remembering the old ISP.

kevcole2> A question for SunBow - when I run ipconfig

Sorry, I got sickly, virus, but IMO you are getting this answered well enough by nouellette - you proved you got NT, the command is good, but probably did a start|run without freezing the dos display. You could try to add a pause or a |more, or something, but are far better off openind a DOS window first. Running CMD is a good way. Once window is open, you can run plenty commands. Enter Exit to close it up.

"The admin has you locked into both the subnet and the specific address for a limited amount of time. Once you permit the time period to elapse, then your prior address will be given to another user. Then you reboot to request an address, and the one you are assigned is going to be necessarily different. There is no mapping of such address to any human." - Not true for the most part.

Actually, MS' DHCP works a little different then mentioned in here. Most of the time especially on a corporate LAN that doesn't change much from a topology standpoint, the clients more so then not keep the same IP even through DHCP. This is because of how the protocol works.
When a given lease period is 50% of the way through the DHCP client sends a request to the DHCP server to renew, as long as there are no problem the lease is renewed and for the same IP. I've had DHCP client’s keep the same IP for 2 or 3 years and the lease renews every 30 days.

After a DHCP client lease expires, it is not immediately scavenged from the database. A grace period of four hours is added to the end of the lease to prevent against clock drift between the DHCP client and server. On a Windows 2000-based DHCP server, leases are scavenged from the database if they meet the criteria of (Expiration Time + 4 hours).

If you want to really hide your IP you spoof it to make it look like another. This gets into other topics however. Even when you NAT you’re not anonymous, logs will point back at the very least to your subnet and your admin will figure it out from there. You also have no idea what type of logging is taking place on your network as well. In your situation where you are on a school network you're not going to be able to accomplish much in the area of playing around with network settings on your pc.

Unless your Net Admin is a complete idiot he has things locked down pretty good I would assume. Having a bunch of kids on the network such as yourself trying to cause havoc :) you know they have it locked down. If I were running it you wouldn't even be able to change the time on it. That's only because it keeps the admin from constantly running around fixing problems from people playing around with the machines.

For educational purposes only do a search on IP Spoofing and you'll get a better education on how to mask your IP.

Stay out of trouble!

TKK

Spoofing is not so hidden from peers on same local network.

True but if done correctly at the very least it will point to another student and not directly back at him. Causing confusion is much better then knowing either way when it comes to spoofing.

It is virtually impossible to 'spoof' your IP on a local LAN on the same subnet.  

The only possible way is to hijack someone else's session or poison an ARP table and take on another MAC address, which is way beyond the scope of most people.  

Remember hubs (and most switches) aren't layer 3 devices and aren't routing by IP, so inside, it's mainly about the MAC address here.  That's really your only hope of possibly covering your tracks.  

maybe you should bind like 4 tcp/ip protocols to the one adapter, you can use all 4 ip's in conjunction and use ipconfig to switch them up without losing any active connections.

that way you can shuffle ip's so fast theres no way anyone is gonne be able to trace ya ;)  

other than that there is a method commonly used by hackers to mask ip's. theres is a "FTP Bounce" opportunity on public ftp severs that do not use upload/download ratios.

you simply send a request to the ftp server to open a file, only instead of putting in a url that would be local to the computer, you actually make a request for http or whatever.

pretty slick huh

http://www.cert.org/advisories/CA-1997-27.html
http://www.cert.org/tech_tips/ftp_port_attacks.html -Actual excerpt below!


The FTP Bounce Attack
To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destination machine and port for the data connection. However, this behavior also means that an attacker can open a connection to a port of the attacker's choosing on a machine that may not be the originating client.

Making this connection to an arbitrary machine for unauthorized purposes is the FTP bounce attack.

For illustrative purposes only, several examples of how attackers can use FTP bounce follow.


Port scanning
An attacker wishing to carry out a port scan against a site can do so from a third-party FTP server acting as a stage for the scan. The victim site sees the scan as coming from the FTP server rather than the true source (the FTP client).

Under some circumstances, this technique offers the attacker more benefits that just hiding the true source of the probe. When the intended victim site is on the same subnet as the FTP server, or when it does not filter traffic from the FTP server, the attacker can use the server machine as the source of the port scan rather than the client machine, thus managing to bypass access controls that might otherwise apply.

Bypassing basic packet filtering devices
An attacker may bypass a firewall (or other boundary protection measures) in certain network configurations.

For instance, assume that a site has its anonymous FTP server behind the firewall. Using the port scan technique above, an attacker determines that an internal web server at that site is available on port 8080, a port normally blocked by a firewall.

By connecting to the public FTP server at the site, the attacker initiates a further connection between the FTP server and an arbitrary port on a non-public machine at that site (for instance the internal web server at port 8080). As a result, the attacker establishes a connection to a machine that would otherwise be protected by the firewall.

Bypassing export restrictions
An example of how to bypass export restrictions was described by Hobbit in a posting to the bugtraq mailing list in 1995 [4]. This description is available from

ftp://avian.org/random/ftp-attack

No offense to ViRoy but I highly doubt these college students are running five year old versions of AIX or Sun on their x86 laptops!!  This one of those obscure attacks found six years ago that not even Microsoft was vulnerable to..just a few old versions of AIX, Sun and some other unique flavors of Unix.

Even if he found a machine with this exploit out on the Internet to take advantage of, he would have graduated before then.  

Not to mention that this doesn't do what the questioner asked for. FTP Bounce doesn't hide or mask his IP it simply makes it harder to trace but not impossible. Especially if the data signatures are the same between each FTP server. In some cases the FBI does exactly that, they trace the data signature back to the origin even if they know the IP or not. Considering most hackers don’t really know what they are doing in the first place they tend to use other people's programs and scripts. This is what creates the traceable data signatures and will eventually lead them to your front door. Seeing as how you thought there was no way they were going to catch you this is were you’d be. A smart hacker NEVER hacks from a location that can be traced back to him no matter how many zombies he has out there to link through. Also a smart hacker wouldn't use his own ISP account either; he would use another’s that he has hacked obtained the password for.

TKK

actually nou:
 if you follow that link, it does cover newer implementations of the PASV mode and how to route through it.
it also includes links to known public ftp's that can do a LIVE test just to put infront of your face.

too: your argument of "simply makes it harder to trace but not impossible", i hope you realize in order to be on the internet you do have to have an ip address which means that it is impossible to make it impossible.

oh and did i forget to mention that this was how the microsoft source code was stolen lol.
that person was said to use a trojan to locate the server and get info he needed to mount the attack through an ftp bounce with the first route going through russia.
;)

Yet another urban myth about MS source code being stolen.  I've yet to see, read or hear of any links to this so called 'stolen code', I've never heard any reports about it being published, don't know anyone who's ever seen it...so with that said...if someone really did steal it...do you honestly think they'd keep it to themselves?!  :)

That brings up an interesting question. If I had the source code to Windows 2000 server would I share it with others, hmmmmmm........NO! Especially if I obtained it by hacking MS, hehe. Think about that for a second, if you were Bill Gates would you let anybody know the code had been stolen if you could avoid it? Of course you wouldn't, do you have an idea what the ramifications would be for Microsoft if they had to admit that there source code had been stolen? If it were me and I had the code I would never say a word to anybody about it, but you could bet your ass I would be signing up for the next course teaching C++, lol. If you had the code I imagine that you could develop ways into any 2000 server and hide your tracks as well. This is why you will never hear anything about it even if anything important was stolen, it's bad press for MS and that’s why the only thing they could say was that "nothing important was stolen or seen".

"your argument of "simply makes it harder to trace but not impossible", I hope you realize in order to be on the internet you do have to have an ip address which means that it is impossible to make it impossible."

Gee really? I had no idea. It doesn't mean that the IP you are using actually belongs to you or traces back to you. I never said that you could be on the Internet without an IP silly. Also anybody with the balls big enough to attack MS hopefully was smart enough not to be traced. A smart hacker would know how to properly route their zombies through public networks where they knew the logs aren't being maintained or even turned on for that matter. Networks in 3rd world countries are great for this ;) Makes it seriously hard to trace someone with no logs, however still not impossible.

nou: no, i know they didnt keep it too themselves.
http://www.vnunet.com/News/1113113
http://news.com.com/2100-1001-247719.html

too: for every action there is an equal and opposite reaction.
Newtons 3rd law
Obviously if you can make a path, someone can track it.
So in a well preserved theory, yes it is impossible to make it impossible.

This question has been classified as abandoned.  I will make a recommendation to the moderators on its resolution in approximately one week.  I would appreciate any comments by the experts that would help me in making a recommendation.

It is assumed that any participant not responding to this request is no longer interested in its final deposition.

If the asker does not know how to close the question, the options are here:
http://www.experts-exchange.com/help.jsp#hs5

zenlion420
EE Page Editor