Post Reply 
No-Trax
Mar. 07, 2005, 11:38 AM
Post: #16
 
JakBeNymble Wrote:Hi "Guyz",
"HpGuru" I have always trusted Your judgement in interNet security and privacy issues, . . .do You think that the next version of JakPack should go back to rotating strings on every connection or should I keep them "site specific"? My thinking was that if I made them site specific that it would look more like normal web traffic. But I could set the header filters to rotate with every connection and that would creat a "psuedo-crowd" to get lost in, . .I truely value Your opinion on this.~"JaK"~ [smoke]
Hi Jak,

To be honest, I haven't looked at the current version of JaksPak. The one I use is a heavily modified version of your original which I have linked to three bypass lists - one a site-specific list and the others are two of three stages of global bypass. The ClientIP, Via and X_Forwarded_For and UA lists still rotate but some only rotate after about 60 connections. The global bypass lists are the one that comes with Proxo and bypasses all filters, the second bypasses most web and header filters but still allows me to do some filtering or mods, and the third bestows basic priviledges upon a site (unrestricted use of scripting, cookies, iframes, popups, redirects and UAs).

Btw I have changed the entries in the ClientIP, Via and X_Forwarded_For and UA lists. I spent quite a bit of time studying headers that get transmitted when proxies are in use and when they are chained and modified my lists accordingly.

I may stop using these however. As I have long said, these spoofing filters will NOT fool any server or server admin. They will fake out some poorly written server software but you can't rely upon that always being the case.

Get hpHOSTS!
Add Thank You Quote this message in a reply
Mar. 07, 2005, 11:56 AM
Post: #17
 
besafe Wrote:Knowledge is power but knowledge takes time. Until you have the knowledge it is good to be paranoid on the net. IMHO
With that sort of reasoning it took our ancients many millennia to discover that lightning was an electrical phenomenon that had nothing whatsoever to do with the anger of the gods. Hail [rolleyes]

Get hpHOSTS!
Add Thank You Quote this message in a reply
Mar. 07, 2005, 01:38 PM
Post: #18
 
Oddysey
Quote:in today's society, it just isn't possible to keep up at the killer pace set by the bad guys. I think it's easy to see why most folks throw their hands up in the air and give up after just one or two rounds of updating, scanning, being scared out of their wits, etc.
That was my point ; You said it better ! Too many updates , scans , ect. to keep up with , that most will just throw in the towel . Keeping ones privacy can take an awful lot of time and knowledge ; both in short supply !
Add Thank You Quote this message in a reply
Mar. 07, 2005, 02:43 PM
Post: #19
 
Oddysey Wrote:...in today's society, it just isn't possible to keep up at the killer pace set by the bad guys.
It is more than possible. I do it, and I know many others who do too. And no we aren't losing our minds trying to keep up to date, continuously scanning for malware or constantly watching our backs either. That's the difference between merely taking a mental ascent to Safe Hex and actually living and breathing safe hex.

Get hpHOSTS!
Add Thank You Quote this message in a reply
Mar. 07, 2005, 09:47 PM
Post: #20
 
hpguru Wrote:
besafe Wrote:Knowledge is power but knowledge takes time. Until you have the knowledge it is good to be paranoid on the net. IMHO
With that sort of reasoning it took our ancients many millennia to discover that lightning was an electrical phenomenon that had nothing whatsoever to do with the anger of the gods. Hail [rolleyes]
Some still haven't figured that out. Cheers
Add Thank You Quote this message in a reply
Mar. 07, 2005, 09:51 PM
Post: #21
 
JakBeNymble Wrote:"BeSafe" , . .did You read this reply to that article, . ."click here" According to the article, , ,by denying  icmp from any to any out icmptypes 13, 14, . . invalidates the whole concept. But I think the author meant "Firewall" instead of "Firewire", . .lol Big Teeth

Best Wishes,
~"JaK"~ [smoke]
No I hadn't read that. I believe simply turning off time stamps will also defeat the tracking methods in the article. Seems like the guy wasted a lot of time. lol Smile!
Add Thank You Quote this message in a reply
Mar. 08, 2005, 01:19 AM
Post: #22
 
Hi "Besafe", . .Yeah, . .I think he did waste a few, . .Smile!

"HpGuru"
Quote:I may stop using these however. As I have long said, these spoofing filters will NOT fool any server or server admin. They will fake out some poorly written server software but you can't rely upon that always being the case.
, . . .boy, , , ,now do I feel unless, . . . . .Sad
HAHAHAHA, . .Take Care "HpGuru" If You don't mind, why don't You make Your version of Jakxpack into a zip file and attach them here on the Forum, . .I would love to take a look at them myself, . .and I know that some of the other members here might want to have a change because I haven't updated the lists in awhile. I've been working on them when I get the time. I've been toying with the idea of creating some kind of combination of Jakxpack & TOR network . Smile!
Question??? What do You think of the TOR network as a means of anonymity?
Have a great & wonderful Day My good friend, Cheers
"JaK" [smoke]
Add Thank You Quote this message in a reply
Mar. 08, 2005, 02:01 AM
Post: #23
 
The "Jakxpack" has been my 'saviour' a time or two...

I've been "banned" a few times from a web site or two, I'd "reset" my site-specific Jakx variables, and whola, I'm right back in...

Even so far as going right back in and "listening" to the board members discuss "issues" with a 'guy' they just banned and having them say I was from JAPAN... After a few moments, I was like, "er, um, it was ME you banned"... So they banned me AGAIN, thinking I was from GERMANY... I "reset" my site-specifics again, and whola, right back in...


The Jakxpack will do wonders for "many" admin's, but not "all" admin's...


ps - my download archive shows that I downloaded JakxPackIV on 3/7/04... ironically, the topic has come up one year to the day later - "when is JakxPackV going to be released?"... sure, it won't fool admin's like hpguru, but I have WITNESSED it fooling several admin's...
Add Thank You Quote this message in a reply
Mar. 08, 2005, 08:11 AM
Post: #24
 
JakBeNymble Wrote:"HpGuru"
Quote:I may stop using these however. As I have long said, these spoofing filters will NOT fool any server or server admin. They will fake out some poorly written server software but you can't rely upon that always being the case.
, . . .boy, , , ,now do I feel unless, . . . . .Sad
HAHAHAHA, . .Take Care "HpGuru" If You don't mind, why don't You make Your version of Jakxpack into a zip file and attach them here on the Forum, . .I would love to take a look at them myself, . .and I know that some of the other members here might want to have a change because I haven't updated the lists in awhile. I've been working on them when I get the time. I've been toying with the idea of creating some kind of combination of Jakxpack & TOR network . Smile!
Question??? What do You think of the TOR network as a means of anonymity?
Have a great & wonderful Day My good friend, Cheers
"JaK" [smoke]

Useless? Are you kidding me? Of all the Proxo filters that ever got published including the hyper-hyped (to coin a phrase) ZX List, JaxPack has IMO been the most popular and useful for what they do. But alas, nothing lasts forever. As developers become aware of such tricks they are going to recode their applications so as to not be taken in by such shenanigans.

Sorry but at risk of sounding mean or stingy I do not wish to publish my spoofing filters. One of my reasons for redoing JaxPack was that I wanted to put a serious smudge on its statistical signature. One might think (falsely) that these spoofers are random. They are not. After a long period of data collection a studious admin will note a repeating pattern. Once the pattern is discovered you actually become quite easy to track because the admin can predict exactly the sequence of headers that get logged. Now my version is not immune to this but it would require a much longer period of data collection to discover the pattern. Even if someone is aware of JaxPack, they aren't as likely to ID me as a user of it because there are no common header values to detect.

I have a better solution though. Users of JaxPack should periodically scramble the order of the rotation lists. This takes a fair amount of careful work but it's not so bad if you have a text editor like Ultraedit which supports column edits. I can scramble all my rotation lists in about 5 minutes.

What I do periodically is to temporarily remove the $CON commands from the rotation lists using Ultraedit in column edit mode and then scramble the order of the remaining $SET commands using a program called CoolRevGui. CoolRevGui allows one to either shuffle or reverse the order of lines in a text file.

http://www.saliu.com/programming.html

After randomization, I paste the $CON commands back into the list in column edit mode, remove any extraneous spaces that got inserted between the $CON and $SET commands, change the rotation frequency of the $CON commands and save the list. After doing this there is still a pattern but it has changed enough that anyone who was trying to peg you will not be able to predict the pattern. Of course if they are reading the raw server logs, the game is over before it starts because they will note that REMOTE_ADDR is always the same unless you are using a proxy.

What do I think of the TOR Network? Pretty much the same as I think of any proxy. They offer an illusion of anonymity but that is all. Ask yourself this - how many hops between your TOR client and the first TOR router in the sequence? 10? 20? 30? More?? The traffic analysis they claim to help you avoid can actually occur before your packets even reach their routers. An observer may not be able to determine the end destination of your packets but on the other hand, most net users don't connect to onion routers, so you may attract attention you don't deserve from people who wouldn't be bothered by the idea of sending you to Gitmo and jamming electric wires under your fingernails to coerce a confession to things you didn't do.

My ideas are the same for general proxy use. I haven't used any in quite a long time because at best, it is unethical and at worst it is illegal. Just because some idiot who couldn't administrate his way out of a paper bag setup an unsecured ("open") proxy server doesn't mean its free for everyone and his brother to use. If you failed to secure your PC does that make it acceptable for spammers and script kiddies to turn it into a zombie and use it for their own purposes? In a word, no.
Furthermore in using an unsecured proxy server you way well be opening yourself up to a MITM attack. How can you be certain that the proxy is simply unsecured and not left open deliberately by a blackhat on a phishing expedition? How can you be sure that when you connect to XYZ.COM via a proxy that it is really XYZ.COM that loads up in your browser? You cannot. Not likely you say? Perhaps. Perhaps not.

I know one net admin however who is taking folks to task who connect to his proxy. He had a lot of problems securing the mess of a network left behind by the previous admin. After everything was secured he got his revenge. He setup an "elite" proxy as a honeypot. Everyone who connects to it gets reported to the DHS.

Enough said about proxies and "anonymity".

Get hpHOSTS!
Add Thank You Quote this message in a reply
Mar. 08, 2005, 08:34 AM
Post: #25
 
Amen to your tidbit there on proxies...
Couldn't have said it better myself...


ps - it's unfortunate that you wish to keep your version of JakxPack private, but understand your wishes nonetheless...
Add Thank You Quote this message in a reply
Mar. 08, 2005, 08:50 AM
Post: #26
 
hpguru;
Quote:
Oddysey Wrote:...in today's society, it just isn't possible to keep up at the killer pace set by the bad guys.
It is more than possible. I do it, and I know many others who do too. And no we aren't losing our minds trying to keep up to date, continuously scanning for malware or constantly watching our backs either. That's the difference between merely taking a mental ascent to Safe Hex and actually living and breathing safe hex.

For the most part, I agree with what you've said here. If I were to 'make excuses', I'd only say that I was keeping in line with Ralph's assertion about most users not wanting to go through what they perceive as BS; certainly not about all users, and most certainly not about those like the inhabitants of this forum. Big Teeth

The users mentioned by Ralph are finding it difficult because they are getting nearly useless advise from the main-stream press (advertiser driven), their peers in the truest sense of the word (equally clueless), and/or their retail providers (commercially motivated). Users in this boat don't have a clue about going beyond what they've been shown by the aforementioned advisors. (Side observation: I'd go so far as to bet that 100% of them have never even heard of a PC User's Group, where they might get some help that's actually helpful.)

Mind you, I'm not saying Proxo is the be-all, end-all best solution, I'm just saying that until the average user starts actively seeking information on security from the bottom up, we're gonna continue to hear things like what Ralph posted.

[/soapbox]


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Mar. 08, 2005, 02:57 PM
Post: #27
 
hpguru Wrote:As I have long said, these spoofing filters will NOT fool any server or server admin. They will fake out some poorly written server software but you can't rely upon that always being the case.
I don't use a remote proxy but I like to hide any more personal info about my pc with JakxPack. It doesn't bother me that some admin can figure out that I'm using it. Are you saying that they can tell what OS etc. is running on my pc or that they just know I'm spoofing? Sorry if this is a lame question but I'm just a simple home user.
Add Thank You Quote this message in a reply
Mar. 08, 2005, 05:47 PM
Post: #28
 
besafe Wrote:
hpguru Wrote:As I have long said, these spoofing filters will NOT fool any server or server admin. They will fake out some poorly written server software but you can't rely upon that always being the case.
I don't use a remote proxy but I like to hide any more personal info about my pc with JakxPack. It doesn't bother me that some admin can figure out that I'm using it. Are you saying that they can tell what OS etc. is running on my pc or that they just know I'm spoofing? Sorry if this is a lame question but I'm just a simple home user.
When I say you won't fool the admin I am thinking about non-trivial headers such as REMOTE_ADDR which aren't spoofed by JaxPack. There are other things that might stand out to an attentive admin which AFAIK cannot be spoofed. For example if you are using IE but spoof your UA to say Opera the admin might see that your browser failed to transmit headers which are unique to Opera or that the headers are in the order in which IE transmits them or that your browser "shakes hands" like IE. Things that make you go hmmmmmm.... [smoke]
Then if you allow Javascript it is not only possible but common for developers to determine what browser is in use without reading the UA string. All the good programmer needs to do is sniff what DOM objects are supported by the browser. Filter out the ability to do that and you may as well just disable javascript.

Get hpHOSTS!
Add Thank You Quote this message in a reply
Mar. 09, 2005, 03:40 AM
Post: #29
 
hpguru:
Thanks for the explanation.

besafe
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: