CEH Scanning Methodology - Prepare Proxies
Proxy Servers
- A proxy server is an application that can serve as an intermediary for connecting with other computers.
- To hide the source IP address so that they can hack without any legal corollary.
- To mask the actual source of the attack by impersonating a fake source address of the proxy.
- To remotely access intranets and other website resources that are normally off limits.
- To interrupt all the requests sent by a user and transmit them to a third destination, hence victims will only be able to identify the proxy server address.
- Attackers chain multiple proxy servers to avoid detection.
Proxy Chaining
- User requests a resource from the destination.
- Proxy client at the user's system connects to a proxy server and passes the request to proxy server.
- The proxy server strips the user's identification information and passes the requests to next proxy server.
- This process is repeated by all the proxy servers in the chain.
- At the end unencrypted request is passed to the web server.
Proxy Tool: Proxy Switcher
- Proxy Switcher hides your IP address from the websites you visit.
Proxy Tool: Proxy Workbench
- Proxy Workbench is a proxy server that displays data passing through it in real time, allows you to drill into particular TCP/IP connections, view their history, save the data to a file, and view the socket connection diagram.
Proxy Tool: TOR and CyberGhost
- TOR:
- Tor allows you to protect your privacy and defend yourself against network surveillance and traffic analysis.
- CyberGhost:
- CyberGhost allows you to protect your online privacy, surf anonymously, and access blocked or censored content.
- It hides your IP and replaces it with one of your choice, allowing you to surf anonymously.
Proxy Tools
Proxy Tools for Mobile
Free Proxy Servers
Introduction to Anonymizers
- An anonymizer removes all the identifying information from the user's computer while the user surfs the Internet.
- Anonymizers make activity on the Internet untraceable.
- Anonymizers allow you to bypass Internet censors.
- Why use Anonymizer?
- Privacy and anonymity
- Protects from online attacks
- Access restricted content
- Bypass IDS and Firewall rules
- tracker
- web beacon
- super cookie
Censorship Circumvention Tool: Tails
- Tail is a live operating system, that user can start on any computer from a DVD, USB stick, or SD card.
- It aims at preserving privacy and anonymity and helps you to:
- Use the Internet anoynmously and circumvent censorship
- Leave no trace on the computer
- Use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging
G-Zapper
- Google sets a cookie on user's system with a unique identifier that enables them to track user's web activities such as:
- Search Keywords and habits
- Search results
- Websites visited
- Information from Google cookie can be used as evidence in a court of law.
- G-Zapper is a utility to block or clean Google cookies, and help you stay anonymous while searching oneline. It also helps to protect your identity and search history.
Anonymizers
Anonymizers for Mobile
Spoofing IP Address
- IP spoofing refers to changing source IP addresses so that the attack appears to be come from someone else.
- When the victim replies to the address, it goes back to the spoofed address and not to the attacker's real address.
- IP spoofing using Hping2:
Hping2 www.certifiedhacker.com -a 7.7.7.7
Note: You will not be able to complete the three-way handshake and open a successful TCP connection with spoofed IP addresses.
IP Spoofing Detection Techniques: Direct TTL Probes
- Send packet to host of suspect spoofed packet that triggers reply and compare TTL with suspect packet; if the TTL in the reply is not the same as the packet being checked, it is a spoofed packet.
- This technique is successful when attacker is in a different subnet from victim. Note: Normal traffic from one host can vary TTLs depending on traffic patterns.
IP Spoofing Detection Techniques: IP Identification Number
- Send probe to host of suspect spoofed traffic that triggers reply and compare IP ID with suspect traffic.
- If IP IDs are not in the near value of packet being checked, suspect traffic is spoofed.
- This technique is successful even if the attacker is in the same subnet.
IP Spoofing Detection Techniques: TCP Flow Control Method
- Attackers sending spoofed TCP packets, will not receive the target's SYN-ACK packets.
- Attackers cannot therefore be responsive to change in the congestion window size.
- When received traffic continues after a window size is exhausted, most probably the packets are spoofed.
Attacker送出SYN packet後,Target接收到並回應SYN+ACK,但windows size設為0,因此正常情況下,對方(10.0.0.5)應該只會回應ACK,並不包含其它data,但若有包含data,表示這是Attacker送來的spoofed packet。
IP Spoofing Countermeasures
- Encrypt all network traffic using cryptographic network protocols such as IPsec, TLS, SSH, and HTTPS.
- Use multiple firewalls providing multi-layered depth of protection.
- Do not reply on IP-based authentication.
- Use random initial sequence number to prevent IP spoofing attacks based on sequence number spoofing.
- Ingress Filtering: Use routers and firewalls at your network perimeter to filter incoming packets that appear to come from an internal IP address.
- Egress Filtering: Filter all outgoing packets with an invalid local IP address as source address.