Home | Community | Message Board


Magic-Mushrooms-Shop.com
Please support our sponsors.

Community >> Security and Safety

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1
InvisibleLanaM
Head Banana
Female

Registered: 10/28/99
Posts: 3,102
Loc: www.MycoSupply.com
IP Masquerading Tutorial
    #450841 - 11/07/01 10:26 PM (16 years, 3 months ago)

Hi Everyone,
I'm becoming a fan of Linux, I'm reading up on it more and more and somtime soon I hope to have the nerve to get rid of Widows and run Linux full time.

In my homework I came across something some of you might like. Its a tek about how to mask your IP address. Now this isn't like the traditional way of "hiding" your IP addy. This is a technical way to practically lie about you IP address.

For many of you, it may not help. You need to be running Linux and have 2 computers (Can you see where this is going?) I hope some of you use this so someday soon I can come to you and say "How the heck did ya do it" :)

For everyone looking to go through an easy proxy server, go to http://www.linkbeat.com/lb/ and click on "proxy".

Lana
-----------------------------------------------------------

IP Masquerading Tutorial

(version 1.1) - learn what IP Masquerading is, and what is it good for anyway.


1 Masquerading ?

1.1 About this document

This document has one reason for existing, to teach something to others.


Who should be reading this document

If you have some computers standing at home and you want to share your internet connection with the rest of the family, or if you like seeing your mail on the screen on the left side of your desk and your irc window on the screen that is standing at the right side of your desk you need ip masquerading. Yes I know there are also modem sharing packets for Microsoft products on the market. But the advantage is that this can be run on a 386 computer and it takes 3 more commands and you can have your own firewall. There are also more providers who offer cable modems and (too) much bandwidth for one computer. I think it is very handy. If I am reading my e-mail and I want to see if one of my friends is on IRC I just have to turn my head. You don't really need a cable modem, it also goes
if you have a modem connection (I am the living example of that).


1.2 What do you need ?

Although I haven't explained what masquerading actually is (be patient) I will start by telling you what you need in order to use masquerading. You need:
Multiple (>2) computers
A network connecting these computers
Different ip-numbers assigned to all computers
One pc who has a modem and an internet connection
The Linux os with a 2.2.x or higher kernel running on that machine
Half an hour of time (in the worst case)
Something to eat
So now you know what you need in order to use masquerading, I can start explaining what masquerading actually is:


What is it

I know that masquerading is a complicated process so before getting all technical I'll start with an example that makes it easier to understand. Person A loves person B but person A isn't at the same school nor has her telephone number. There is also a common friend (person C) someone who knows A and is at the some school of B. So A is going to ask C to talk to B without mentioning who person A is. Pretending the acquired information is for himself.
You will probably wondering why I made that example or on what television show you have seen the same. Well it is quite simple. Person B is the internet, and person A is a masqueraded client and person C is the masqueraded server.
For understanding it I'll first give a short introduction to TCP/IP". TCP/IP stands for Transmission Control Protocol / Internet Protocol. It is widely used for data communication among computers (before TCP/IP, everybody used UUCP = Unix to Unix Copy Protocol). TCP/IP is literally a protocol that controls your communication, it also uses IP numbers. IP-numbers consist out of 12 numbers grouped by 3 (123.456.789.123). Every computer attached to a network (and to the internet) have their own unique IP number. TCP/IP works like the following.
=> I am 1.2.3.4 and i want to contact 1.2.3.3
-> I am 1.2.3.3 did you call me ?
=> I am 1.2.3.4 and I contacted you
-> I am 1.2.3.3 and ready
=> I am 1.2.3.4 and I want that file
-> I am 1.2.3.3 and I am sending the first part to 1.2.3.4
=> I am 1.2.3.4 and I have received it.
-> I am 1.2.3.3 and I am sending the second part to 1.2.3.4
=> I am 1.2.3.4 and I haven't received anything
-> I am 1.2.3.3 and I am sending again
=> I am 1.2.3.4 and I have received it.
-> I am 1.2.3.3 and I am waiting.
=> I am 1.2.3.4 and I am ready, bye
-> I am 1.2.3.3 Bye
I know this may seem a little childish but data communication (and TCP/IP) are working like that.

You see a computer with local IP 10.0.0.1 who is connected to the internet by a telephone line and has achieved an IP number by this ISP (Internet Service Provider) that IP is 11.1.1.4. What does this mean ? If someone on the internet tried to contact 11.1.1.4 they would get a response but if they would try to contact 10.0.0.1 they would not get a response although it is the same computer because the IP 10.0.0.1 isn't recognized worldwide. Then we have 10.0.0.2 till 10.0.0.x who are connected to 10.0.0.1. In this case we could consider 10.0.0.1 as a gateway (a gateway is a sort of exit to another network, a gateway could be a link between 10.0.1.x and 10.0.0.x, but therefore that machine must be recognized by 10.0.1.x and 10.0.0.x or with other words it should have 2 network cards or in this case a modem and a network card). So we could consider it as a gateway but there is one detail, for 10.0.0.1 being a gateway. But it isn't for the simple reason that the internet wouldn't recognize it.
=> I'm 10.0.0.2 and I want to contact you
-> I'm 1.2.3.3 and I have now idea how to reach you, go away (this messages isn't really broadcasted because there is no logical route between the two computers, this is logged)
So what does masquerading actually do ? Well, it gives its own IP (11.1.1.4 this is the IP that is attached to the ISP, giving by DHCP by exemple) to the entire network and remembers which computer requested which packet. Something like:
=> I'm 10.0.0.2 and I want to contact 1.2.3.3
-> I'm 10.0.0.1 and I will be processing your request
-> I'm 14.1.1.4 and I want to contact 1.2.3.3
_> I'm 1.2.3.3 and awaiting your command
I hope this cleared out a lot. So a masqueraded server gives its IP ( in facts it masks the ip's of the network) in order for the other pc's to get on the internet. And the incoming data is being filtered under the 10.0.0.x network.

2 I hate theory I want to type something

2.1 Preparing your system

I am supposing that you all have a computer with Linux OS installed on it and that you have configured your internet account (if not, check the help pages by your provider). And know some Linux basics like compiling your own kernel. This entire site is only valid if you have a 2.2.x kernel. Because masquerading went thru some changes lately. If you have not got a 2.2.x kernel running, I suggest you upgrade. Because older kernels might contain bugs, might not support your newest hardware and make your system vulnerable to attacks. You can get the latest kernel from ftp.kernel.org (I will explain short the kernel basics here)
[GoMoRRaH@SaTaN GoMoRRaH]$ mv mykernel.tar.gz /usr/src/
[GoMoRRaH@SaTaN GoMoRRaH]$ cd /usr/src
[GoMoRRaH@SaTaN src]$ rm linux (removes the symbolic link to your old sources)
[GoMoRRaH@SaTaN src]$ tar -zxvf mykernel.tar.gz
(your kernel is now being extracted default in the directory linux)
[GoMoRRaH@SaTaN src]$ cd linux
[GoMoRRaH@SaTaN linux]$ make menuconfig
(you can choose, type: make config for text based, type: make menuconfig for graphical and type: make xconfig under X-windows)
Now you can see all the options you can use, this is different for each system so, * stands for support and M stand for modules, modules are pieces of kernel code that can be compiled in at any time, later on) But however you have to say YES to the following:
=> Prompt for development and or incomplete code / drivers
=>Enable loadable module support
=>Networking support
=>Network firewalls
=>TCP/IP Networking
=>IP:forwarding/gatewaying
=>IP:firewalling
=>IP:masquerading
=>IP:ipportfw masq support
=>IP:ipautofw masq support
=>IP:ICMP masquerading
=>IP:always defragment
=>Dummy net driver support
=>IP:ip fwmark masq-forwarding support

Note that the above options are required for ip masquerading so you still need other codes in your kernel. When you are finished you will be prompted to save changes. The following commands do the actual compiling and may take a from 10 - 40 minutes and will show many characters which you may not understand on your screen, don't worry it is normal.
[GoMoRRaH@SaTaN linux]$ make dep
[GoMoRRaH@SaTaN linux]$ make clean
[GoMoRRaH@SaTaN linux]$ make bzImage
[GoMoRRaH@SaTaN linux]$ cp /usr/src/linux/arch/i386/boot/bzImage /boot/kernel
[GoMoRRaH@SaTaN linux]$ make modules
[GoMoRRaH@SaTaN linux]$ make modules_install
At this point you should edit your /etc/lilo.conf file. You should add something like
image=/boot/kernel
label=masqkernel
root=/dev/hdax (replace this by your root filesystem, harddisk, partition, ..)
read-only
This makes your boot manager find your new kernel at boot. So if your see the lilo prompt the next time you should type masqkernel
[GoMoRRaH@SaTaN linux]$ lilo
added linux-2.2.5-15 *
added dos
added masqkernel
Now you should edit your /etc/rc.d/rc.local file so the modules needed are automatically loaded at boot
.
.
/sbin/depmode -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
.
.
These modules are needed for ftp, real audio and irc. There is only one thing to do besides rebooting and that is enabling your IPV4 forwarding.
[GoMoRRaH@SaTaN linux] echo "1" > /proc/sys/net/ip_forward(ing) Now you should reboot your system with your newly made kernel, see if everything boots properly, if not you should redo the above steps. Until you have a properly working kernel.


Start up your masquerade

In fact there isn't much to do once you've got your kernel right. It is a matter of dialing in with you provider, and typing 2 commands. They are used to set your forwarding policies. [GoMoRRaH@SaTaN GoMoRRaH]$ ipchains -P forward DENY
[GoMoRRaH@SaTaN GoMoRRaH]$ ipchains -A forward -s 10.0.0.0/4 -j MASQ
In order for this to work on your local network the only thing you have to adjust is the -s parameter. 10.0.0.0 is your network address and the 4 is the highest ip number that is masqueraded. Your server should work now. And yeah, that's really it, you have a lot of theory and a lot of preparation with your kernel and you have to type 2 lines to get your server up and running.


Configuring your clients

You have a server but what is a server without clients ? What is a supermarket without customers ? Not that you have to do so much configuring no not at all. There is only one little thing that you have to take care of, (if it isn't already done). Your clients should have as a gateway the IP of your masqueraded server (here 10.0.0.1) This is located near your networking options it shouldn't be hard to find.


3 General

Other information sources

If you want to know more about Linux networking or Linux in general you should read documents that are published by the LDP (Linux documentation Project). They have published a Network administrators guide, a system administrators guide, a programmers guide and several HOWTO's. They come with each Linux distribution and are really worth reading.


Credits

For any further questions, you can mail GoMoRRaH, a member of Black Sun Research Facility


--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMalice
still learning
Registered: 10/22/01
Posts: 69
Last seen: 7 years, 3 months
Re: IP Masquerading Tutorial [Re: Lana]
    #451527 - 11/08/01 11:38 AM (16 years, 3 months ago)

well, i also can handle those *nix dribis, but i still like to use my NTFS system (mostly nt4, then xp, then 2k).
of course i would bet you have NO chance to get my real IP, nevermind i'm running *nix or Win. so these little copy & paste tutor is just fine to read, and also intersting - but in fact there are much better ways to 'spoof' (not really, but you may call it so) your IP.
f.e. get someones Net datas and connect to the net with this (or just code a simple redir troja - but self code god damn), and then make your 'activities' you want to do *lol*

nevermind. i still prefer the Login data stealing methodes. (greets to Loni - nice to c u over here.)

nevermind - do not take this post seriously, it's just a wired thinking of me, and has NOTHING to do with my real way to 'work'


--------------------
*chill*


Edited by Malice (11/08/01 11:46 AM)


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineDarK_SavioR
addict
Registered: 05/06/01
Posts: 454
Loc: Down the Street
Last seen: 15 years, 9 months
Re: IP Masquerading Tutorial [Re: Lana]
    #466929 - 11/22/01 09:58 PM (16 years, 3 months ago)

if you're lazy you can go to freshmeat (www.freshmeat.net) and find some shell scripts to configure iptables and setup your masquerading without having to go through and manually do the stuff yourself (unless your kernel doesn't have iptables enabled)... another neat little trick to pull in linux is to spoof your mac address... I use to know how to do that using ifconfig but I haven't messed with it in a while, spoofing your mac address wouldn't work over a modem (maybe not even ppp) but you can spoof it on your NIC and it'll use that on your network. Its just a temporary thing that only makes your system change the headers on the packets and lie about your mac address... a mac address is an address on your NIC itself which no other nic in existance (supposedly) is suppose to have. Kind of like a finger print... if they have the mac address of a computer that did something over the network they know its that computer. Anyway, there's a lot of fun stuff to mess with in linux and bsd. Openbsd comes with a program to spoof your mac address with, I think that same program works in netbsd and probably freebsd also.


--------------------
Vitamin C chase, kill the taste. You can tell its nasty by the look on my face.
Ralphster44 & The FSR!
All thats stated above is for humor and a lie!!


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleAphex
Co-Webmaster
Registered: 07/12/03
Posts: 170
Re: IP Masquerading Tutorial [Re: Lana]
    #467502 - 11/23/01 01:44 PM (16 years, 2 months ago)

IP Masquerading is a great feature, but it doesn't really hide your IP in the way you're talking about. Your external IP address will still be visible as if it were just one computer on the network. What is hidden is your internal IP address, which more than likely will be 192.168.x.x or some other private IP subnet. IP Masq is good for things like using multiple computers on one DSL/Cable connection or to create a firewall to protect those computers, but as far as "hiding" your IP address, this is the wrong technology.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineT0aD
Stranger

Registered: 06/18/02
Posts: 4,475
Last seen: 8 years, 11 months
Re: IP Masquerading Tutorial [Re: Lana]
    #1084586 - 11/25/02 04:09 PM (15 years, 2 months ago)

:laugh:


--------------------
Cuba Libre


Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous #1

Re: IP Masquerading Tutorial [Re: Lana]
    #1092674 - 11/28/02 01:11 AM (15 years, 2 months ago)

lana... in regards to aphex's post...

the same thought crossed my mind too... i don't know much about the technology or techniques but for many reasons it is something i've become more interested in learning more about. it makes sense that the "host" connection to the net remains visible. would this mean in order to insure anonymity, computer's connected to this host would have to be part of a wider network with guarentee's this host is capable of legally protecting network id's?

and while thinking about it, connecting to this host poses it own problems because the data that flowed between this host and the connected computer is now open game... is this where encryption technology comes into play?

i may have seriously tipped my hand in how green i really am, but i do want to learn more about this... can anyone recommend solid sources that can explain this from the ground up?

ur forum is cool and well moderated... thanks in advance... peace





Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous #1

Re: IP Masquerading Tutorial [Re: Anonymous #1]
    #1109153 - 12/04/02 05:34 AM (15 years, 2 months ago)

anyone?


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLanaM
Head Banana
Female

Registered: 10/28/99
Posts: 3,102
Loc: www.MycoSupply.com
Re: IP Masquerading Tutorial [Re: Anonymous #1]
    #1110013 - 12/04/02 03:29 PM (15 years, 2 months ago)

Hi Mycotao,
Sorry for the delay, been a little busy.

Encryption is the way to go.  If you're surfing the net, its hard to go completely invisible anymore.  So encryption is the best thing.    Its actually very easy to use, you just have to be disciplined to use it. 

If you want really secure, you can setup up a VPN connection (Virtual Private Network) with another computer.  Say a friend of yours has grow logs on their computer, you can setup a VPN connection with them and everything transmitted over that connection is encrypted. 

Using Windows 2k or XP its very VERY easy to setup.  But it is a Microsoft product :smile:  I've heard of some folks setting up DHCP servers in their home, then they'd have another computer that hooks up to that server.    The DHCP server gives you your IP address, and once your connection is to the internet is over, you simply shut off your DHCP server....

/me thinks.....

There's a bit more to DHCP servers to what I just said but, its an option. 

Some have "found" computers that have no firewall... a.k.a. uneducated cable/DSL users, and they're just piggy back or "hijack" their connection.  This is very common with wireless networks.  Look for a thread by Moe Howard called "Anyone into Wardriving"

Lana


--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleTinMan
Stranger

Registered: 10/01/02
Posts: 2,956
Loc: Russia
Re: IP Masquerading Tutorial [Re: Lana]
    #1111563 - 12/04/02 10:45 PM (15 years, 2 months ago)

Wardriving and warchalking!


Post Extras: Print Post  Remind Me! Notify Moderator
Offlineartemus
nerd
Registered: 11/19/02
Posts: 6
Loc: Finland.
Last seen: 13 years, 5 months
Re: IP Masquerading Tutorial [Re: Lana]
    #1131130 - 12/11/02 06:43 AM (15 years, 2 months ago)

IP-masquerading has nothing what so ever to do with "hiding your IP". IP-masq is just a form of NAT (Network Address Translation) which allows more than one computer to use the same IP-address (share the same Internet connection). The only one you're "hiding" the IP-address from is yourself.

Secondly, MAC "spoofing" is not a Linux or BSD feature, it's a functionality your network card may or may not have (most do), and thus it can be used in whatever operating system that supports said functionality. Windows for instance. And besides, changing MAC-addresses, at least if you intend to do it often, will fuck up your ISPs switch- and ARP-tables which will result in a lot of packet loss. It also won't do shit to hide your identity.

If you want to stay anonymous the way to go is to use an anonymous proxy (beware of that a lot of HTTP-proxies sends your address in the HTTP-header,
"Forwarded: by http://some.proxy.com for your.address.com"). Anonymizer.com should be a pretty safe choice, if I'm not entirely mistaken. Another way is to simply use someone else's computer, like a public library or an Internet cafe.


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

Community >> Security and Safety

Similar ThreadsPosterViewsRepliesLast post
* Nerotik's Network Security and Anonymity Guide. Nerotik 4,666 14 02/20/09 06:59 PM
by abetterlie
* "Who is connected to my network" prog? HSIHd 1,123 13 03/27/07 09:53 PM
by HELLA_TIGHT
* latent ip deeptraveller 629 7 11/18/06 04:41 PM
by OJK
* Any computer literates out there care to take a minute and explain IP's? SpookerShroom 1,333 6 10/11/06 11:18 AM
by Fungimental
* IP address blocker?
( 1 2 all )
Meatfart 1,976 21 06/02/07 02:18 AM
by CaptainLinger
* IP's being Logged at the Shroomery
( 1 2 all )
georgewash 3,089 30 12/05/03 02:36 PM
by highwayman
* Linux and Internet Privacy Heruuka 811 4 02/15/04 03:23 PM
by bogart
* Is my IP address safe???
( 1 2 all )
tonyperez420 1,770 39 01/24/06 03:53 PM
by Prisoner#1

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, Enlil, Alan Rockefeller
1,631 topic views. 0 members, 1 guests and 0 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
Everything Mushrooms
Please support our sponsors.

Copyright 1997-2018 Mind Media. Some rights reserved.

Generated in 0.029 seconds spending 0.004 seconds on 17 queries.