Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook

following seems to be the most functional one:
$ sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
On GNU/Linux, we can install nscd first:
$ su
$ apt-get install nscd
then flush the cache:
$ /etc/init.d/nscd restart
You can learn more online
[7]
.
2.4 IP Address
The IP address is a unique set of numbers identifying an IT device connected
to  a  network.  IP  addresses  as  we  know  them  are  in  IPv4  format,  composed  by
four  sets  of  numbers  evaluated  from  0  to  255,  for  example  192.168.1.1.  In  the
coming  years,  Internet  will  gradually  shift  to  a  new  format  –  IPv6  –  allowing
more  devices  to  have  a  unique  identification  code.  Until  then,  this  course  will
include  examples  with  IPv4.  Furthermore,  many  people  mistake  the  public  IP
with the local one: an IP address is assigned by a network and the latter can be
local or Internet-based, just like IPs.
The local IP address is then assigned by an internal network device, such as a
Modem or a Router, to identify a device within a network (i.e. a computer within
a  local  network).  In  the  most  common  cases,  IP  addresses  are  specified  with
values like 192.168.0.x or 192.168.1.x.
The public IP address, instead, is assigned by the provider or ISP offering the
Internet service: such address identifies a network or an IT device. Since public
IPs are assigned by ISPs, they cannot be changed by final users, but only hidden.
Finally, public IP addresses can be static or dynamic, therefore they can remain
unaltered  or  change  every  time  the  modem  is  restarted  (according  to  the
customers Internet service agreement).
2.4.1 Determining the IP in use

In  order  to  identify  the  public  IP  in  use,  we  can  rely  on  different  online
services. Most simply, we can visit one of the following portals via browser:
•
https://www.whatismyip.com
•
http://whatismyipaddress.com
•
http://whatismyip.org
•
http://mxtoolbox.com/whatismyip/
•
http://ip4.me
If  you  wish  to  familiarize  with  the  Linux  embedded  terminal,  use  the  wget
program:
$ wget
https://ipinfo.io/ip
-qO -
In order to learn how the -qO- parameters works, run the command:
$ wget --help or man wget
2.4.2 Proxy
Cyber  criminals  will  aim  to  hide  their  IP  public  address  –  the  one  that  can
identify  them  on  Internet  –  while  they  won’t  care  too  much  about  the  local
address,  since  they  will  have  already  wiped  their  MAC  Address,  so  any  data
within the local network will not betray them. As you already know, the local IP
address is assigned by a router and is not enough to identify the computer owner,
unlike the MAC Address.
It’s  worth  mentioning  that  experienced  cyber  criminals  will  mostly  never
work from their home or a nearby network: despite all precautions put in place,
they perfectly know they must hide every single trace or evidence, including the
“borrowed” network connection used for their attacks. Therefore, they will rely
to  one  of  the  oldest  IT  tools:  Proxies.  Proxies  (technically,  open  proxies)  are
servers – called proxy servers – which can perform different operations:
•
Provide anonymous navigation

•
Copy web pages
•
Run software-level filtering, acting like a Firewall
We  must  consider  that,  nowadays,  proxies  are  less  and  less  used  for
anonymous  navigation,  since  they  have  been  replaced  by  more  effective
methods;  however,  they  are  still  useful  in  certain  scenarios  –  mainly  in
programming – therefore you have to know them Basically, proxies lay between
a client and a server, acting as in intermediary between them.
2.4.2.1 Proxy types
As  we  mentioned  above,  there  are  many  types  of  proxies,  according  to
different  purposes  and  design  specifications.  Although  it  would  be  useful  to
understand how they can be smartly used in server infrastructures, here we will
only explain the differences in the scope of anonymous navigation.
Proxy HTTP/HTTPS
As we can tell, HTTP/HTTPS proxies can filter information within the HTTP
protocol  and  its  secure  form,  HTTPS.  In  short  (at  least,  for  now)  let’s  say  that
HTTP  is  a  communication  protocol  designed  to  parse  information  at  the  World
Wide Web level. It’s the most popular protocol and has two forms:
-
HTTP (not encrypted)
-
HTTPS (SSL/TLS encrypted)
When it comes to HTTP proxies, they are the most popular and easy to find,
since  servers  only  have  to  manage  such  protocol,  and  then  optimize  their
machines for that single task. Compared to SOCKS (that we will cover shortly),
they  are  usually  more  responsive  but,  naturally,  restricted  to  their  protocol.  In
turn,  such  types  of  proxies  are  broken  down  into  sub-categories  according  to
their  “quality”.  Although  each  agency  distributing  proxies  use  their  own
evaluation criteria, we conventionally distinguish 3 levels:
-
Non anonymous proxies: they don’t mask the original IP and usually add a
single string to headers (data sent in packages) to the recipient server.
-
     
Anonymous proxies: they mask the IP address but alternate headers to the

recipient server.
-
Elite proxies: they mask the IP address and don’t alternate headers.
SOCKS4 Proxies
Using  a  proxy  supporting  the  SOCKS4  protocol  instead  of  HTTP/HTTPS,
you  can  reroute  any  TCP-based  data,  and  it  is  a  huge  benefit.  This  essentially
means that you can filter the World Wide Web services – naturally based on TCP
as  well  –but  also  the  whole  range  of  protocols  supporting  this  kind  of  service.
You can also find a variant named SOCKS4a.
SOCKS5 Proxies
Quite  identical  to  the  previous  one,  SOCKS5  can  also  reroute  data  on  the
UDP  protocol,  making  it  the  safest  proxy  de  facto.  Furthermore,  SOCKS5
protocol allows the proxy owners to enable an internal authentication system as
well as the IPv6  support.  Then,  you  can  use  SOCKS5 proxies with any type of
software that uses an Internet connection, such as mail, chat, p2p programs, etc.
It is the direct evolution of SOCKS4 protocol.
Web Proxies (or CGI Proxies)
Web  Proxies  are  actual  websites  that  don’t  require  any  configuration  or

Download 2,32 Mb.

Do'stlaringiz bilan baham: