my software-house is developing a component for advertisement in some of ours portals. The advertisement is click based, thus the source portal that more originates click's is the winner. My preucupation is about "fake clicks", malicious HTTP clients raising requests. It's possible for a attacker to falsify the IP source address of a HTTP request? How i can prevent this? We are observing so much random requests in a little interval of time
It is possible to go via some proxy, there is a plenty of free proxies around the net and you can pretend to have a bunch of different IPs even when you are physically sitting in front of one computer. This is probably very hard to detect although it can be considered "malicious".
As far as I know there is no simple way to change the IP without physically going via a machine with this IP, but I am not an expert here so probably somebody else will give you more confidence.
I think your best bet is going to be some sort of cookie & IP technology together. Realistically though the other poster is right. You can clear cookies and use TOR to come out of any number of unique IP addresses.
Related
So I'm baffled, no dynamic IP is activated on either the router side or my local desktop side. I have to change my IP in Azure almost twice a day. I'm getting scared as it might be a security issue. I tried to write into a chat and it told me that I'm not allowed to use it, because I'm using a proxy, which I don't, not even VPN, so I'm asking you what I should do or if I should be scared?
(scanned the PC and there were no issues)
IPs are not likely to change like that for residential users, you can double check however by logging into your modem and determining the IP of your WAN. This won't reveal the proxied IPs/etc, but what your ISP sent you.
If that's changing then sure, no issues but odd.
Now if that's fixed and it's still changing, you may have a proxy installed and forgot to turn it off.
I'd not worry personally but you could be subject to MITM man in the middle stuff. Best you can do is sort this and if you deem it to be MITM to just change passwords/etc ezpz.
I never use honeypot before. But, I have a task from my lecture, that I should use a honeypot for detecting hackers attacks.
I searched in journals, tutorials and articles. I tried using honeydrive3 and used the honeypot Kippo. When I tried that, and I attack by myself, it works, the detailed of attack is served. But, when I told that to my lecturer, he said it was not what he wanted.
The workflow he want is, we use the honeypot and then we try that to some websites. But, when the attacker scanning or do something to that web IP address, it must deflect to the honeypot, it means that the attacker really attacks the real website.. and I really don't know what to do.
You either misunderstood what the lecturer wanted, or what he wants does not make sense.
You can only analyze traffic sent to your IP (or an IP you control), it is not possible for you to "deflect the traffic" from a generic IP address.
What you did is correct: putting in place the honeypot, and then sending some traffic to it.
The next step would be to expose it to Internet to get malicious traffic (directed to your IP) but you must be very careful as the whole machine is likely going to get successfully attacked. It must not have any connection to your (home|uni|private) network, because (I am being frank reading your question), you stand no chance to secure it for the time being.
I would go for a cloud hosted machine which I would then kill.
Tough question. It has to do mainly with security, but also computers. Probably not been done yet.
I was wondering, is it possible to host for example a web application, yet be able to hide *where* the actual server is, and, or who is the originator, making it very very hard ( practically impossible ) for some one to track the origin of the server, and who is behind it?
I was thinking that this might be possible through a third party server, preferably with an owner unrelated to the proxy sites. But the question then also becomes an issue of reliability *of* the third party.
Does the TOR network have support for registering for recieving incoming requests rather than outgoing ones? How secure would that be? Might it be possible that the TOR network has been infiltrated by for example a big goverment ( read USA ) ( dont get angry, please enlighten me as I do not know much of how the TOR network is hosted ).
How can one possibly create such a secure third party server, that preferably does not even know who the final recipient of the request is? Third party companies might be subjected *to* pressure from goverments, either directly from powerful *nations* such as USA, or by the USA applying pressure on the goverments of the country where the server is, applying pressure on the company behind it, and force you to enable a backdoor. ( Just my wild fantasy, think worst case scenario is my motto :) ).
I just came with the idea, that being that this is probably *impossible*, the best way would be to have a bunch of distributed servers, across several nations, make it as hard as possible to go through each and one of them to find the next bouncing server. This would have to be in a linked list, with one public server being registered on a DNS. If compromised, the public server needs to be replaced with another one.
request from user0 -> server1 -> server2 -> server3 -> final processing server -> response to user0 or through the incoming server chain.
When sending a response to someone, could it be done using UDP rather than TCP and hide who the sender was ( also in a web application ) ? So that a middle man listening on user0 computer incoming responses ( and outgoing requests ) do not figure *out who the final* processing server is, if we decide to respond directly to user0 from the final processing server?
The IP of server1 will be public and known to anyone, server1 will send the message to server2 and it is possibly to figure out by listening directly behind server1 traffic node, but perhaps it could hide its own origin if not being listened to directly, so that if big goverments have filters on big traffic nodes or routers, they wouldn't be able to track who it came from, and therefore what the message to server2 is intended for. It would blend in with all other requests.
Anyhow, if you have followed my thoughts this far I think you should know by now what I am thinking about.
Could this be possibly through a P2P network, with a central server behind it, and have the P2P network deliver it to the final server respond in some pattern? The idea is to have one processing server, and then have "minor", "cheaper" servers that acts as proxys?
Why I keep saying central server, is that I am thinking web. But any thoughts on the matter is interesting.
For those that wonders, why... I am looking into creating as secure as possible, and that could withstand goverment pressure ( read BlackBerry, Skype and others ).
This is also a theoretical question.
PS.
I would also be interested in knowing how one have a distributed SECURE database ( for keeping usernames, friendlists and passwords for example ) but this time, it is not neccessery for it to be on the web. A P2P software with a distributed secure database.
Thanks!
Yes, you're reinventing Tor. You should research Tor more fully before going further. In particular, see Hidden Service Protocol. Tor is not perfect, but you should understand it before you try to reinvent it.
If you want to find an ant's nest, follow the ants. If you want to find the original server, follow the ip packets. If you meet a proxy server not willing to provide their path, call the server administrator and have your men in black put a gun on his head. If he does not comply, eliminate the administrator and the server. Carry on following the ants in their new path. Repeat the operation until server is reached or server can't communicate anymore.
So no, you can't protect the origin and keep your server up and running when your men in black can reach any physical entity.
i dont want to do something illegal with it(e.g. vote continuously, in fact, somebody is doing it), but i only feel curious about it. For i have learned TCP/IP, and i found there are many software such like "IP changer",using which you can submit a website with different IP. WOW it is really magic! so i analysed some possible mechanism about it. But every possible way was denied by me.
i thought that they might connect and disconnect the internet continuously. because each time they connect the Internet, the ISP will dispatch a new IP address, and the hacker can make use of the new IP to submit the website, and disconnected after submitting successfully, and then connect for the next time...But it is impossible to some extent, for if do like this, every submitting will last a long time, and it doesn't work in some areas.
Modify TCP/IP data packets.For some time i did think it might be all right. but then i denied it. Assuming that i would submit a website, and i changed the IP address of the data packet which i will submit to the web site. it seems that everything is OK, but the web server will send message to the fake IP, so i wont get any information from the website. but in some circumstances where we only needn't reply it should work. Right? netfilter and iptables in linux may realize it, but i am not sure because i dont know the tools very well.
Using proxy server. i also think it is impossible to some extent.is there any method to get lots of free proxy servers? and most free proxy servers is very unstabitily, for there is a possible circumstance that you cannot use the proxy server in one day.Of course, paid proxy server may be permanent. but with these money you can do something better.
IMO the three methods all have disadvantages. and the realization may be none of them. Can anybody tell me the real mechanism of the technique?
Use lots of proxy servers. That will do the trick and since they can be harvested quite easily that's not very hard. Proxy's can be installed on hacked websites for example.
The added question:
Using proxy server. i also think it is impossible to some extent.is there any method to get lots of free proxy servers?
By simply hacking lots of webservers, totally automated, this is possible. For example searching for bad Joomla installs could allow you to install software at each webserver. Also normal computers can be used off course. Like a botnet.
and most free proxy servers is very unstabitily, for there is a possible circumstance that you cannot use the proxy server in one day. Of course, paid proxy server may be permanent. but with these money you can do something better.
Stability is off course important but in this case not really actually. You just send out lots and lots and lots of requests. Don't care which one succeeds and which one doesn't. It doesn't matter for your target.
1. ISP reconnect
This will not work for some (most?) ISPs which will reassign the same IP on a reconnect (as my provider does). Even if it works, you are likely to get the same IP address after some reconnects.
2. IP spoofing
That's the term describing your second method. You change the src-address of the outgoing IP packet. There are two problems with that:
Most ISP's routers don't allow it. They detect that the src address can't come from inside their network, so they simply drop it.
If you have a machine that is allowed to do this (maybe a dedicated server), you can only fake exactly one IP frame. This allows you to, e.g. spoof a DNS request but as you said, you will never get the response. Especially you cannot establish a connection within a stateful protocol like TCP, because this requires a bidirectional handshake. So you can't, e.g., fake a HTTP request using this (even if you don't need the answer)
Proxying
This is the only method that works. You have several options here:
Use open proxy servers (can be found using a search engine, although some will identify themselves as proxies and provide the original IP in the X-Forwarded-For HTTP header, which makes them basically useless for this use case)
Use hacked servers/desktop machines as proxies (maybe from a botnet)
Use free networks like JAP or TOR (the latter of which is probably your best bet, because you can change the exit nodes using some trickery)
If you are going to do something illegal, you might as well go all the way in. There ARE people who run "botnets" which are basically just armies of a few hundred to a few thousand indfected computers (that's what most viruses do). The people who run these armies, actually can charge people a certain amount of money for their "slaves" to visit a website for you (and rate/vote whatever) so you get a few hundred or a few thousand more ratings...
I can't exactly tell where or how much these services cost, since I haven't done it myself, but I know for sure that people over at "H#ckf0rums.net" will do it for you.
I need to put together a small brief about the weaknesses behind limiting content to specific countries based on IP address.
Besides using proxy server located in another country, can you think of another way to circumvent such a system?
Basically, any solution that uses an intermediary is a proxy. Period.
All the "surf anonymously" sites are proxies, even if they use their own software.
You can use SSH and tunneling, but that is, in effect, a proxy as well, just a tunneled one. Same with VPN.
The only thing that doesn't require a proxy is source address spoofing, and that only works with one-way attacks, because no return data will be able to get to you.
Also, consider that Geo-Locating is not 100% accurate. I have IP addresses in Canada that show up as US addresses, and I've had US addresses that show up as Canada. I'm sure this is more common in other parts of the world.
You could buy that software that prevents you from broadcasting your IP address. I'm sure it works, I see it advertised in banner ads all over the place :)
On a more serious note, one way of bypassing this would be by using a caching server (google cache, wayback machine).
I don't think you can. The machine you're talking to has to know where to send it's reply to; that's your IP address. The only way to hide that is to have it reply to someone that's not you who passes it on to you - ie. a proxy.
Tor is a good way of achieving anonymity in general, although it's not appropriate for circumventing the type of system you're talking about.
Since your IP address is in each IP packet that goes over the network, and it is required for you to get the response back, you cannot prevent your real IP address from being detected at the server (other than by putting a proxy in between).
Some links that may be of interest to you:
Conflict between Sweden and Norway about surveillance (Sweden cannot reliably identify Norway IP traffic and exclude it from surveillance)
Herdict.com (which we built, I am happy to report)
It depends on what level of the IP stack you are checking the IP, but on higher levels, you wouldn't need to even have a proxy server to have a different IP address show up. For example, modifying the TCP header would do it if that is what you are checking against.
Here's a link discussing spoofing: http://www.securityfocus.com/infocus/1674
If the service is using a web based Geo IP lookup, then a successful MITM attack could trick the service into thinking that the IP address is valid. Of course this is much more involved, but definitely doable.
Don't forget VPNs (and, admittedly, NAT). I guess that could be classed as a proxy, too. It also requires having access to a suitable machine in another country.