Why proxies are dangerous for real hackers

Printable View

09-19-2006, 10:11 PM
Moonbat

Why proxies are dangerous for real hackers

I've read some articles here and there, and a few of totse.com

It has come to my attention that many of these anyonymous proxy sites are acutally owned and run by the federal government. I'm not exactly sure which ones, but that brings up a lot of issues for hackers. Point and simple: if your just trying to get past a school filter, you're safe, for the most part, because the gov't couldn't care less. But if your proxy chaining, gearing up to do some actual stuff to someone (with malicious intent) then watch your back, 'cause if it gets serious, those proxies you used most likely are owned by the alphabet boys (FBI, CIA, etc.) and they will nab you.

Just some friendly advice:
If your serious, make a prog to change your MAC address very fast (in the milliseconds), connect to trusted proxies run by people you know, or make your own.
09-20-2006, 01:04 AM
Dshams

TOR proxies

Quite true MoonBat, I agree that most proxies world wide should be assumed to be government owned. But its also a reasonable supposition that proxies in red china, are not owned by the USA government. That would be an act of espionage. The person who set that proxy up, for the benifit of a foriegn government unfreindly to red china's commy government would end up having his organs sold as punishment

Using a proxy in a country that is generaly unfriendly or at least ambivlent to your country of residence is a dood idea. A TOR proxy is even better. Far better. They procide SSL encrption, so your ISP and your own government cannot easily record and examine all the bytes going in and out of you.

TOR also uses a "ring" of proxies. At any given moment, you are going throught two proxies. Only the entrace TOR proxy knows who you are, and sees your data stream input un-encrypted. Only the exit TOR proxy sees the target web site you surf to, and the data flow from that web site un-encrpted.

So, you choose which is your entrace TOR proxy, and the proxy softwares that all TOR proxies have agreed to use, jumps you around a random list of TOR proxies world wide about every ten minutes, with the exception of large firle transfers, that will keep you bound to that exit proxy until it is done.
09-20-2006, 12:08 PM
Ezekiel

Anyone who does anything questionable, unethical, or illegal from a standard proxy is extremely stupid.

It would take me 5 minutes to set up an open proxy on my computer and set it to log all traffic that passes through it (including passwords). Then all I would have to do is wait for port scans on the port it uses and it would appear on online proxy lists for people to use and give away their passwords, browsing habits, and sensitive data. And I believe a lot of the proxies you find are operated maliciously in this way.

Also, proxy operators will [b]never[/b] try to protect your anonymity. If they are asked by authorities to give up their logs, they will happily give up the data to save their own ass. Remember, they don't know or care about you.

So the only solution is to spoof your MAC address, connect to somebody's wifi point, and use TOR as a proxy.

If you are intent on doing bad things from your home connection, always run a TOR/proxy server on your computer so you can blame it on someone who used your proxy. If you do this, remember to conveniently set the program to not make any logs.
09-20-2006, 12:57 PM
Dshams

facinating....MAC spoofing?

How does a web user spoof a MAC address. All WiFi hardware I have seen has the MAC address programed into its flash memory.

I have yet to see an article on a single peice of WiFi hardware that has been hacked, letting the user/hacker get at that flash memory to alter the MAC address.

In most cases, that MAC address will be a hard coded part of the firmware program that makes that radio transciever act as a WiFi device. Thus the MAC address is not just six bytes of raw hex code,

but it is in the data strings portion of the firmware with lots of other data, and with the finishing touch being a Twos Complement Sum Total of all the firmware code and data. The hacker also needs to know where that sum code is, and what variant of sum code is used, so it too can be modified or the Wifi device wont boot up.
09-20-2006, 11:31 PM
Halla

[url]http://ilforums.thedarksun.org/viewtopic.php?t=*22*[/url]
[url]http://www.informationleak.net/wireless.txt[/url]
[url]http://www.informationleak.net/mac_spoof.txt[/url]
[url]http://informationleak.net/mac.txt[/url]

hope that helps.