匿名.

txt.

释放双眼,带上耳机,听听看~!

anonymity.txt,

anonymity.

txt,tags | paper,匿名教程/由您的Really编写,R a v e N(blacksun.box.sk)<================================================1.

4版,99年9月24日注:每当你看到这样的东西:blah(1)它意味着如果你不明白blah这个词的意思,这里有一个解释,只为你,位于新手角落的第1节.

注2:如果你在阅读本页时遇到困难,因为每当有长行出现时,你必须向右滚动,这可能是因为你没有使用“换行”.

大多数UNIX文本编辑器和高级Windows编辑器(以及一些不太高级的编辑器,如Wordpad)都是自己完成这项工作的.

要在Microsoft记事本上进行换行,只需转到“编辑”,然后单击“换行”.

作者笔记========如果您对本教程有任何意见或问题(没有火焰(10)或垃圾邮件,请发电子邮件至barakirs@netvision.net.il).访问blacksun.box.sk获取更多教程、免费的黑客/编程/unix书籍下载等.

免责声明:我们不鼓励任何形式的非法活动.

如果你认为触犯法律是给人留下深刻印象的好方法,请停止阅读,慢慢长大.

做一个罪犯没有什么了不起或酷的.

内容=====匿名性?*你是说我在网上完全没有匿名性?*那又怎样?我为什么要匿名?*好吧,我明白你的意思了.匿名告诉我.代理?*代理是什么?*什么是公共代理?*我在哪里可以找到公共代理列表?*他们除了匿名还有什么好处吗?*好吧,那我该怎么用呢?温盖特?*什么是温盖特?*我怎么能用它们来匿名?*温盖特听起来很有用.

我想在我自己的电脑上运行一个.

我怎么才能不把它变成一个“匿名蜂巢”?*我怎样才能告诉IRC客户,即时消息,如ICQ等,使用它们?匿名翻译者?*什么是匿名翻印者?*我怎么能用它们来更匿名呢?*为什么一个人要启动匿名重编服务?抓到什么了?加密?*为什么我要加密我的电子邮件?*如何加密电子邮件?饼干?*什么是饼干?*他们能拿我的隐私冒险吗?.

chk文件?*它们是什么?*他们怎么能拿我的隐私冒险?匿名者?*匿名者是什么?*我怎么报名?我在哪里可以了解更多关于匿名的信息?*有用的网址.

*其他有用的教程由黑太阳.

附录A:使用Altavista作为“代理”*如何使用Altavista的web翻译服务匿名化自己?附录B:欺骗浏览器历史*如何欺骗我的浏览器历史?附录C:the+x mode书目*http://www.

theargon.

com*Anonymizer.

com*各种教程Black Sun*FTP黑客的其他教程.*超频.*广告和垃圾邮件屏蔽.*发送邮件.*弗里克.*高级语法.*弗里克二世.

*IRC战争.

*Windows注册表.*信息收集.*代理/温盖特/袜子.

*脱机Windows安全.

*ICQ安全.

匿名?无论你意识到与否,因特网并不像你想象的那样是匿名的.

这里有几个例子:1)你进入一个网站.

一旦你点击web服务器上的任何一个文件,网站所有者就可以找到这些关于你的信息,还有更多:1.

你的IP地址.2.你的主机名.三.你的大陆.四.你的国家.5个.你的城市.6.你的网络浏览器.7号.你的操作系统.8个.你的屏幕分辨率.9号.你的屏幕颜色.10个.您以前访问过的URL.11号.您的ISP.这只是冰山一角.

请访问我们的主页blacksun.box.sk并找到web statistics按钮.

在那里你可以看到我们能告诉多少关于我们的访客2)另一个例子:你连接到一个IRC网络,你正在和你的朋友聊天.

现在一个人只需要知道你的昵称就可以了.

他甚至不必认识你,也不必和你在同一个频道.

这里有几个例子,你可以通过简单地知道一个人的昵称(在最理想的条件下):1.你的真名.2.你的电子邮件地址.三.你的IP地址.四.你的主人e、 5个.您的ISP.6.你的大陆.7号.你的国家.8个.你的城市.还有更多.允许玩家查看其他玩家IP地址的在线游戏也是如此.

3) 假设我的名字是Paul Matthews,我的电子邮件地址是pmatthews@boring.ISP.net.很容易就能知道我名字的第一个字母是P,我的姓是马修斯,但这还不是全部.

一些ISP将其全部列表提供给web目录.

意思是,人们可以去,说.

whowhere.

com,在boring.ISP.net上输入Paul Matthews或搜索以Matthews为姓氏的人,发现pmatthews@boring.ISP.net确实属于Paul Matthews,从而发现您的真实姓名.

但也可以将这些web目录用于1001种用途.

因此你应该尽快去whohere.

com,试着追踪你自己,然后告诉whohere.

com删除你的列表.

4) 一些ISP也运行finger守护进程.

守护进程是在特定或多个端口上等待传入连接的程序.

finger守护进程是等待端口79上打开连接的守护进程.

一旦你进入,你需要在这个守护进程运行的系统上输入一个用户名,你会得到很多关于他的信息.

例如:不久前,我的ISP在他们的服务器上运行一个finger守护程序(直到我强迫他们将其删除,因为这是一个隐私入侵).

现在,假设除了我的电子邮件地址barakirs@netvision.net.il之外,你对我一无所知.

你应该做的第一件事是去79号端口的netvision.net.il,希望那里有人.

如果有的话,你可以通过输入我的用户名barakirs找到以下信息:1.我的真名.2.我最后一次上网是什么时候.三.如果我现在在线,从什么时候起我就在线了.四.不管我有没有新邮件.

还有更多(一些finger守护进程可能会提供任何信息,比如我的家庭地址和电话号码).

除了明显的用途(查找某人的真实姓名和其他私人信息)之外,您还可以将此信息用于各种目的,例如:1.

大多数即时通讯工具,如ICQ、AIM、YAHOO instant Messanger和MSN instant Messanger,允许您将联系人列表内外的人添加到一个“不可见列表”中,这样他们就无法知道您是否在线,并且您看起来对他们来说是离线的.

如果他们有你的电子邮件地址,而且你的ISP正在运行一个finger守护程序,他们就能知道你是真的离线了,还是只是想愚弄他们.2.你的朋友答应你在网上为你做点什么,但当你最后上网问他是否做了,他说他刚下班回来,他刚上网.

用手指,你可以测试一下,看看他什么时候真的上网了.

这些只是许多例子中的一点.

在本教程中,我将向您解释如何防止人们发现有关您的信息(总会有新的技巧,但阻止最基本/最常见的技巧将阻止大多数攻击者,并使更有经验的人更难).

如果你真的想学习如何做这些事情,以及一些非常酷和先进的技巧,那么请阅读“追踪人们”教程.

代理?为了加速互联网连接,发明了代理.

它们的工作原理如下:您正在尝试连接到地球另一端的服务器.

你的HTTP请求被发送到代理服务器,代理服务器位于ISP的总部,比那台遥远的服务器离你更近.

代理首先检查它的一个用户最近是否访问过此网站.

如果是,它应该在服务器上的某个地方有一个副本.

然后代理服务器启动连接,只检查其版本是否过时,这只需要查看文件大小.

如果它有最新版本,它会将文件发送给您,而不是让远端服务器将其发送给您,从而加快连接速度.

如果没有,它会自己下载请求的文件,然后发送给您.

但是代理也可以用来在网上冲浪时匿名,因为他们处理所有的HTTP RE.你的任务.大多数情况下,您的ISP都有代理.

打电话给技术支持,询问他们.

但ISP提供给您的代理访问的问题是:1.

有些ISP甚至没有代理.2.网站所有者仍然能够知道你正在使用的ISP和你住在哪里,因为这种代理不是公开的,他们只能被ISP的用户访问.

对于这样的情况,有一个解决方案——公共代理.

你可以在任何地方找到一个公共代理列表.

这里有两个好的网址开始:1.

http://www.

theargon.com 2.http://www.

cyberamy.

com/lists若要将web浏览器配置为使用代理服务器,请在“设置”对话框中找到相应的对话框(因浏览器而异).

注意:有些代理服务器也会处理FTP会话(有些可能只处理FTP).

温盖特?====Wingate是一个程序,用于将运行Windows 9x或NT的PC转换为代理服务器.

有几个原因可以解释为什么一个人想要运行这样一个应用程序并将他的计算机变成一个代理:1.

如果他拥有一个ISP并且他想为它建立一个代理.2.如果他想把他的电脑变成公共代理.三.如果他想让通过局域网连接的一大堆计算机接入互联网,但他只能为一台计算机提供互联网接入.

在这种情况下,他会把他的计算机变成代理服务器,并设置网络上的所有其他计算机使用他作为代理.

这样,网络上的所有其他计算机将通过一台计算机、一个调制解调器和一个Internet帐户中继其HTTP和FTP请求.

温盖特的问题是他们高度.好.他们非常.我该怎么说?愚蠢的.简直太蠢了.为什么?每个人都可以通过连接到计算机上的1080端口并键入“目标ip地址或主机名端口”(无引号)来连接到您的小代理,并用ip地址或要连接的主机名替换目标ip地址或主机名,然后用目标端口替换端口.

“wingated”mahcine随后将通过它传递您的输入,但看起来wingated机器正在连接到目标计算机,而不是您.

当然,Wingate机器的系统管理员可以将该端口更改为其他端口,但这是默认端口,如果您愚蠢到使用Wingate,则可能不想使用默认端口.

首先,如果出于某种原因需要使用Wingate,请使用SyGate.

它做的正是温盖特所做的,只是它不会像温盖特那样为每个人服务.

现在,这些Wingates几乎可以用来匿名化任何东西.

此外,每一个可以设置为运行在SOCKS防火墙后面的程序(大多数IRC客户机、大多数即时消息发送器和大多数web浏览器)都会自动地通过SOCKS进行路由,如果你给它们IP/主机名和wingated机器的适当端口的话.

wingate也可以用来进入你被禁止的IRC频道(通过伪造你的IP).

警告:一些IRC网络运行的机器人会把使用wingate的人踢出去.

这些机器人试图连接到1080端口上的随机人.

如果他们成功了,他们就把你赶出去.

这是因为IRC网络和它上面的每个人都认为你的IP是winged机器的IP.

如果机器人试图连接到端口1080上的IP,它实际上会连接到wingated机器.

然后,机器人会检测到你的IP实际上是一个wingate并将你踢出(因为它是由IRC网络运行的,并且有足够的特权将任何人踢出).

你可以在http://www.

cyberamy.

com/lists上找到wingate的列表.

还有大量的Wingate扫描仪可以扫描整个子网并查找Wingate,但这可能需要一些时间(并使您的ISP变得可疑),所以您最好去查一下cyberamy的列表.

匿名翻译者?之前我已经向你展示了一个对你知之甚少的人只需知道你的电子邮件地址就能了解你的情况.

现在很明显,为了保护您的隐私,您需要注册一个免费的电子邮件帐户(如Hotmail[Hotmail.

com]、Yahoo mail[mail.Yahoo.com]、ZDNet Mail[zdnetmail.

com]、Net@ddress[netaddress.

com]、Bigfoot[Bigfoot.

com]等).

但是,如果你在一个免费服务器上有一个特殊的电子邮件地址,可以自动将所有收到的电子邮件转发到你真正的邮箱,并保持所有信息的保密性呢?他们被称为匿名翻译人员.

他们中的大多数人都是免费的,他们的网站上有捐款和/或赞助横幅.

您可以在http://www.

theargon.

com上找到许多匿名重编程序.

这里有一个匿名翻译器的好例子:首先,去http://anon.isp.ee(顺便说一句,extension.

ee代表爱沙尼亚)注册你的免费帐户.

一旦您是注册用户,请向robot@anon.isp.ee发送一封没有主题的电子邮件,邮件内容如下:用户:您的用户名密码:您的密码实名地址:收件人的电子邮件地址.

你邮件的主题.

示例:如果我要发送包含以下内容的匿名邮件:Subject:ANONYMITY RULEZ!!嗨.

这是一封匿名电子邮件.

让我们看看你现在在追踪我!发送到bgates@microsoft.

com,用户名为user,通行证为pass,请将以下电子邮件发送到robot@anon.isp.ee(请记住不要输入主题):user:user pass:pass realaddr:bgates@microsoft.

com realasub:ANONYMITY RULEZ!!嗨.

这是一封匿名电子邮件.

让我们看看你现在在追踪我!一旦您的邮件发送完毕,您将收到anon.isp.ee的电子邮件通知.

一旦收件人回复此电子邮件,邮件将返回给您.

您也可以使用基于web的匿名重发程序,例如Replay Associates(Replay.

com/remailer/anon.

html),但它不会让您收到回复.

加密?每个人都可以阅读你的电子邮件.

不管是某个脚本小子入侵了你的Hotmail帐户,还是一个熟练的破解者(或是一个有很多空闲时间的脚本小子)入侵了你的POP3邮箱,或者是一个误收了你邮件的人.

如果你不想别人看你的邮件,使用PGP.

使用PGP的每个人都可以拥有自己的PGP密钥.

一个键由大量字符组成,不管它们是小写字母还是大写字母、数字还是符号.

制作密钥后,需要将其传输给要向其发送加密邮件的所有人.

一旦他们有了它,你可以开始发送加密邮件给他们,他们将能够使用你的密钥来解密它.

更多信息请访问www.pgpi.com.注:PGP非常强大,只能用巨型超级计算机来破解.

密钥越长,破解加密就越困难.

饼干?你有没有注意到网上所有的网站都突然变得越来越“聪明”?你知道,就像留言板记住你的昵称一样,有些网站记住你的密码,这样你就不必每次都重新输入,电子商场记住你上次在虚拟购物车里放的东西等等.

这都是因为饼干.

Cookies是一个小文件,网站可以请求您的浏览器创建,然后从中检索信息.

网站可以将您的密码或任何其他信息放在这些文件中.

如果你不想让你的同事或其他人四处窥探,看看你去了哪里,买了什么东西等等,你应该在不需要的时候删除它们.

在Unix上,cookies通常存储在主目录中的某个位置(通常是/home/your login、/usr/your login或/usr/local/your login(如果您是普通用户)和/root(如果您是root用户),但是任何具有/etc/passwd写访问权限的人都可以更改它).

在Windows和Mac上,Cookie存储在浏览器目录下名为Cookie的子目录中.

注意1:您可以告诉浏览器在接受cookie之前询问您.

只需浏览一下它的首选项菜单,你就会找到它(有很多浏览器,所以我无法对每一个都给出详细的解释).

注2:如果您是从公共计算机浏览,请不要保存任何cookies,否则其他人将可以四处窥探并查看您的cookies,甚至可以使用您的密码、信用卡号码等进入各种网站.

一位名叫Stone Cold Lyin Skunk的读者向我指出,cookies.

txt文件可以在netscap中找到e\users\default目录.

当您注册您的用户(Netscape让您为同一程序拥有多个用户,每个用户都有自己的设置等)而不给它一个用户名时,就会发生这种情况.

他还向我指出,有些网站会要求你接受cookies才能进入.

此外,他还建议小心浏览器的历史记录文件(有关删除该文件的信息,请参见“在哪里可以了解有关匿名的更多信息?”以及你的缓存和preferences.

js文件,因为它们可能会揭示你的浏览习惯(你去过哪里等).

chk文件?==Stone Cold Lyin Skunk指出,如果运行Windows并执行快速重新启动(在告诉Windows重置时按住shift键),Windows将生成一个名为FILE0001.

chk、FILE0002.

chk等的文件(通常位于c:\).

你会惊奇地发现你能在这些文件中找到多少信息!尽快删除它们!匿名者?一个匿名者是一个互联网服务,它可以帮助你更好地匿名.

匿名者的主页是www.

Anonymizer.com.以下是anonymizer.

com的快照:+++++公司概述—–anonymizer.

com是互联网隐私技术的先驱,也是提供在线隐私服务时最受欢迎和信任的名称.

如今,Anonymizer.

com已经拥有数千名付费服务用户,每月匿名页面超过750万页.

Anonymizer.

com的创始人兼总裁兰斯·科特雷尔(Lance Cottrell)是世界上最安全的匿名翻译器Mixmaster的作者,多年来一直积极推动言论自由.

兰斯获得了加州大学圣克鲁斯分校的物理学学士学位和加州大学圣地亚哥分校的物理学硕士学位.

贾斯汀·博扬(Justin Boyan)是卡内基梅隆大学(Carnegie Mellon University)计算机科学博士生,他设计并实现了匿名冲浪.

匿名者冲浪现在已经是匿名者工程团队开发的第四代了.

我们的使命——我们的使命是确保个人的隐私权在上网后不会受到损害.

我们成立这家公司是为了保护《联合国世界人权宣言》所载的这项权利:“任何人不得任意干涉其隐私、家庭、住宅或通信,也不得攻击其名誉和名誉.

每个人都有权得到法律的保护,免受此类干扰或攻击.

”50年前,该文件第19条在互联网最近发展的今天比以往任何时候都适用:“每个人都有意见和言论自由的权利.

这项权利包括持有意见的自由通过任何媒体和不分国界地干涉、寻求、接受和传播信息和思想.

”你可以在以下网址上阅读《世界人权宣言》全文:http://www.

unhchr.

ch/udhr/lang/eng.htm.+++++你可以通过登陆Anonymizer.

com并在要求的地方输入目标URL,或者购买一个匿名软件包,使用匿名软件包免费浏览网页,这将给你带来更多的好处.

如果你想把你支付的钱中的一部分交给黑太阳,请通过以下网址订阅:http://www.

anonymizer.com/3.0/affiliate/door.

cgi?CMid=12437.

如果你愿意,你也可以加入他们的俱乐部计划.

只需访问http://www.

anonymizer.com/3.0/affiliate/afdoor.

cgi?CMid=12437了解更多信息.

如果你通过这个网址订阅,你仍然会收到你应得的所有现金,但我们在黑太阳也会收到一些好处.

我在哪里可以了解更多关于匿名的信息?一个有用的网址:http://www.

theargon.com.http://www.pgpi.com(用于学习PGP加密以及如何使用它来加密电子邮件)IP欺骗Demystified-Phrack杂志关于IP欺骗(伪造IP)的一篇长篇文章.

你可以从我们的图书部下载.

HTTP://www.

WebMAR.

COM/LIST-对于WEATATE、代理和免费shell帐户列表,您可以从T中冲浪o匿名.

http://2waymedia.

hypermart.

net/hh/browser s/index.

htm-如何完全清除浏览器的历史黑太阳的其他有用教程:网络之神的IRC战争(了解更多关于在IRC上匿名的信息)、Jatt的Proxy/WinGate/SOCKS教程和我的Sendmail,R a v e N.

附录a:使用Altavista作为代理服务器的情况下,如果您访问Altavista.

com,并在其“工具”部分下选择“翻译”(或直接转到以下URL:http://babelfish.

Altavista.

com/cgi bin/translate?),您可以要求Altavista为您翻译网页.

但您也可以将其用作代理,因为当您告诉Altavista翻译web页面时,Altavista的CGI翻译脚本将为您检索该页面.

感谢Yoink提供的信息.

附录B:欺骗性浏览器历史记录=========================================================================================================================================================是的,在网页顶部的URL指示符将不会显示你访问的URL,即使是你自己的.

索引页它只会显示URL名称,所以如果有URL登录在你的工作或学校或其他什么,他们总是可以通过V3浏览到你的主页,他们将有.

但是,到那时,你已经删除或.

或者它有“隐藏”链接(链接与背景颜色相同).

无论如何,他们不会有你的网址,他们肯定不会有你在那里冲浪的证据.

例如,你可能不想,比方说,你的本地图书馆系统知道黑太阳…所以你设置了一个比如说,一个宅基地主页(这些很好,因为他们有密码保护的页面功能)…然后你设置了一个V3重定向到该页面.

宾果-你现在可以通过V3浏览网页,用你的密码登录,点击黑太阳,网络军,和平之火网站what wahtever的所有隐藏链接,URL snoop软件将只记录原始的http://surf.

to/fakeoutname.

别忘了,让V3 URl听起来尽可能无害…例如http://surf.to.backetweaving.

附录C:+x模式———-在IRC中,可以通过键入“/mode your nick+x”将自己置于模式x中(不包括引号,并用自己的nick替换您的nick).

例如:/模式raven+x).

这会告诉IRC服务器隐藏你的IP,因此当其他人试图/whois you或/dns you时,他们将无法获取你的IP(他们将获得部分IP).

这只适用于某些服务器,但当您使用IRC时,建议使用此选项.

此外,还有一种方法可以绕过这一点.

通过简单地创建与其他人的DCC连接(DCC聊天或DCC文件传输),然后可以在Unix或Windows/DOS上键入“netstat”(不带引号),查看计算机当前正在处理的连接.

其中一个是DCC和另一个人的连接.

为什么?因为DCC代表直接客户端通信,这意味着DCC操作不是通过服务器完成的,而是直接完成的(想想——为什么IRC服务器的所有者希望人们通过他们的服务器传输文件,并通过他们的服务器发起私人聊天?它只会占用一些带宽).

netstat命令显示所有当前连接(本地或远程),其中一个将是您与另一个人的DCC连接.

然后您将能够看到他/她的IP或主机名.

参考书目=====1)氩气-http://www.

The Argon.

com 2)匿名者-http://www.

Anonymizer.

com 3)Hacker.co.il-http://www.

Hacker.co.il 4)各种教程.

Black Sun提供的其他教程================FTP黑客攻击.*超频.*广告和垃圾邮件屏蔽.*发送邮件.*弗里克.*高级语法.*弗里克二世.

*IRC战争.

*Windows注册表.*信息收集.*代理/温盖特/袜子.

*脱机Windows安全.

*ICQ安全.*硬件.*开裂.

,网络安全教程anonymity.txt,tags |
paper,The Anonymity Tutorial / written by yours truly, R a v e N (blacksun.box.sk)
<=============================================================================> version 1.4, 24/9/99

Note: whenever you see something like this: blah(1) it means that if you don't understand the meaning of the word blah there's an explanation for it just for you, located on the newbies corner on section 1.
Note 2: if you're having a hard time reading this page because you have to scroll to the right whenever a long line comes, it's probably because you're not using "word wrapping".
Most UNIX text editors and advanced Windows editors (and some less advanced ones like Wordpad) do this by themselves.
To do word wrapping on Microsoft Notepad, simply go to Edit and then click on "Word wrapping".

Author's notes
==============
If you have any comments or questions regarding this tutorial (no flames(10) or spam, please) Email me at barakirs@netvision.net.il.
Visit blacksun.box.sk for more tutorials, free hacking/programming/unix books to download and much more.

Disclaimer
==========
We do not encourage any kinds of illegal activities. If you believe that breaking the law is a good way to impress someone, please stop reading now and grow up. There is nothing impressive or cool in being a criminal.

Contents
========
Anonymity?
* You mean I have absolutely zero anonymity on the web?
* So what? Why would I wanna be anonymous anyway?
* Okay, I see your point. Anonymize me.
Proxies?
* What are proxies?
* What are public proxies?
* Where can I find lists of public proxies?
* Are they good for anything besides anonymity?
* Okay, so how do I use them?
Wingates?
* What are Wingates?
* How can I use them to anonymize myself?
* Wingates sound useful. I wanna run one on my own computer. How do I do it without turning it into an "anonymity hive"?
* How can I tell IRC clients, instant messangers such as ICQ, etc', to use them?
Anonymous Remailers?
* What is an anonymous remailer?
* How can I use them to be more anonymous?
* Why would a person start an anonymous remailing service? Where's the catch?
Encryption?
* Why should I encrypt my Email?
* How can I encrypt my Email?
Cookies?
* What are cookies?
* Can they risk my privacy?
.chk files?
* What are they?
* How can they risk my privacy?
The Anonymizer?
* What is the anonymizer?
* How can I sign up?
Where can I learn more about anonymity?
* Useful URLs.
* Other useful tutorials by Black Sun.
Appendix A: Using Altavista as a "proxy"
* How can I use Altavista's web translation service to anonymize myself?
Appendix B: Spoofing browser history
* How can I spoof my browser's history?
Appendix C: the +x mode
Bibliography
* http://www.theargon.com
* Anonymizer.com
* Various tutorials
Other Tutorials By Black Sun
* FTP Hacking.
* Overclocking.
* Ad and Spam Blocking.
* Sendmail.
* Phreaking.
* Advanced Phreaking.
* Phreaking II.
* IRC Warfare.
* Windows Registry.
* Info Gathering.
* Proxy/Wingate/SOCKS.
* Offline Windows Security.
* ICQ Security.

Anonymity?
==========
Whether you realize it or not, the Internet is not as anonymous as you might think. Here are a few examples:

1) You enter a website. Once you hit any one of the files on the webserver, the website owners can find out these pieces of information about you, and much more:

1. Your IP Address.
2. Your hostname.
3. Your continent.
4. Your country.
5. Your city.
6. Your web browser.
7. Your Operating System.
8. Your screen resolution.
9. Your screen colors.
10. The previous URL you've been to.
11. Your ISP.

And this is just the tip of the iceberg. Go to our homepage at blacksun.box.sk and find the web statistics button. There you will be able to see how much we can tell about our visitors

2) Another example: you're connected to an IRC network and you are chatting with your friends. Right now all a person needs to find information on you is nothing but your nickname. He doesn't even have to know you, or be in the same channel/channels you are. Here are a few examples of what you can find by simply knowing a person's nickname (in the most optimal conditions):

1. Your real name.
2. Your Email address.
3. Your IP address.
4. Your hostname.
5. Your ISP.
6. Your continent.
7. Your country.
8. Your city.

And much much more.

The same goes for online games that allow players to view the other players' IP addresses.

3) Suppose my name is Paul Matthews, and my Email address is pmatthews@boring.ISP.net. It is extremely easy to figure out that the first letter of my first name is P and that my last name is Matthews, but that's not all.
Some ISPs give their entire listings to web directories. Meaning, people can go to, say... whowhere.com, punch in the words Paul Matthews or search for people with Matthews as their last name on boring.ISP.net and find out that pmatthews@boring.ISP.net does actually belong to Paul Matthews, hence discovering your real name.
But it is also possible to use these web directories for 1,001 uses. Therefore you should go to whowhere.com as soon as possible, try to track down yourself and then tell whowhere.com to delete your listing.

4) Some ISPs also run finger daemons.
A daemon is a program that waits for incoming connections on a specific or several ports.
The finger daemon is a daemon that waits for open connections on port 79. Once you get in, you need to punch in a username on the system the daemon runs on and you will get tons of information about him.
For example: a while ago my ISP was running a finger daemon on their servers (until I forced them to take it off because it was a privacy invasion). Now, suppose you know nothing about me besides my Email address, which is barakirs@netvision.net.il. The first thing you should do is to go to netvision.net.il on port 79 and hope there's somebody there. If there is, you can find the following information by typing in my username, barakirs:

1. My real name.
2. When was the last time I was online.
3. If I'm online right now, since when have I been online.
4. Whether I have new mail or not.

And much much more (some finger daemons might give out any pieces of information, such as my home address and phone number).
Besides the obvious uses (finding a person's real name and other private information), you can use this information for various purposes, such as:

1. Most instant messangers, such as ICQ, AIM, YAHOO Instant Messanger and MSN Instant Messanger, allow you to add people in or outside your contact list to an "invisible list", so they won't be able to know whether you're online or not and you'll appear to be offline to them. If they have your Email address, and your ISP is running a finger daemon, they are able to know whether you're really offline or just trying to fool them.
2. Your friend promised you to do something for you on the net, but when you finally go online to ask him if he's done it he says that he just got back from work and that he just got online. Using finger, you can test this and see when he really got online.

These were just a little out of many examples.
During this tutorial I will explain to you how to prevent people from finding out information about you (there will always be new tricks, but blocking the most basic / common ones will hold off most attackers and make it harder for the more experienced ones). If you really wanna learn how to do these things, as well as some really cool and advanced tricks, then read the 'Tracing People' tutorial.

Proxies?
========
Proxies were first invented in order to speed up Internet connections. Here's how they work:
You are trying to connect to a server on the other side of the planet. Your HTTP requests are sent to your proxy server, which is located at your ISP's headquarters, which are a lot closer to you than that far-away server. The proxy first checks if one of it's users has accessed this website lately. If so, it should have a copy of it somewhere on it's servers. Then the proxy server starts the connection only to check if his version is not outdated, which only requires him to look at the file size. If it has the latest version, it will send the file to you, instead of having the far server send it to you, thus speeding up the connection. If not, it will download the requested files by itself and then send them to you.
But proxies can also be used to anonymize yourself while surfing the web, because they handle all the HTTP requests for you.
Most chances are that your ISP has a proxy. Call tech support and ask them about it. But the problems with proxy access given to you by your ISP is:
1. Some ISPs don't even have proxies.
2. The website owner would still be able to know what ISP you are using and where do you live, since this kind of proxies are not public and they can only be accessed by users of that ISP. For such cases, there is a solution - public proxies.
You can find a list of public proxies everywhere. Here are two good URLs to start from:

1. http://www.theargon.com
2. http://www.cyberarmy.com/lists

To configure your web browser to use a proxy server, find the appropriate dialog box in your settings dialog box (it varies from different browsers).

Note: some proxy servers will also handle FTP sessions (some might handle FTP only).

Wingates?
=========
Wingate is a program that is used to turn a PC running Windows 9x or NT into a proxy server. Here are several reasons for why a person would want to run such an application and turn his computer into a proxy:

1. If he owns an ISP and he wants to set up a proxy for it.
2. If he wants to turn his computer into a public proxy.
3. If he wants to give Internet access to a whole bunch of computers that are connected by a Local Area Network, but he can provide Internet access for only one computer. In that case, he would turn his computer into a proxy server and set all the other computers on the network to use him as a proxy. That way all the rest of the computers on the network will relay their HTTP and FTP requests through a single computer, a single modem and a single Internet account.

The problem with Wingates is that they're highly... well... they're very... how should I say this? Stupid. Just plain stupid. Why is that?
EVERYONE can connect to your little proxy by simply connecting to port 1080 on your computer and typing 'target-ip-address-or-hostname port' (no quotes) and replace target-ip-address-or-hostname with the IP address or the hostname they want to connect to, and replace port with the destination port. The "wingated" mahcine will then relay your input through it, but it will seem like the wingated machine is connecting to the target computer, not you.
Sure, the sysadmin of the wingated machine can change that port to a different one, but this is the default, and if you're stupid enough to use Wingate you probably won't want to play with the defaults.
First of all, if you need to use Wingate for some reason, use SyGate instead. It does exactly what Wingate does, only it won't serve EVERYONE like Wingate does.
Now, these Wingates can be used to anonymize practically anything. Also, every program that can be set to run behind a SOCKS firewall (most IRC clients, most instant messangers and most web browsers) will automatically do the dirty work of routing your stuff through it if you'll give them the IP/hostname and the appropriate port for the wingated machine.
Wingates can also be used to get into IRC channels you got banned from (by faking your IP).

WARNING: some IRC networks run bots that will kick out people using Wingates. These bots try to connect to random people on port 1080. If they succeed, they kick you out. This works because the IRC network, as well as everyone on it, thinks that your IP is the wingated machine's IP. If the bot tries to connect to your IP on port 1080, it will actually go to the wingated machine. The bot will then detect that your IP is actually a wingate and kick you off (since it's being run by the IRC network and given enough priviledges to kick out anyone).

You can find lists of Wingates at http://www.cyberarmy.com/lists. There are also tons of Wingate scanners out there that can scan whole subnets and look for Wingates, but this might take some time (and make your ISP get suspicious), so you'd just better go for CyberArmy's lists.

Anonymous Remailers?
====================
Previously I have demonstrated to you what a person with very little knowledge can find out about you just by knowing your Email address. Now it is obvious that to keep your privacy, you need to sign up for a free Email account (such as Hotmail [hotmail.com], Yahoo mail [mail.yahoo.com], ZDNet Mail [zdnetmail.com], Net @ddress [netaddress.com], Bigfoot [bigfoot.com] etc'). But what if you had a special Email address on a free server that automatically forwards all incoming Email to your real mailbox and keeps all the information discreet?
These are called Anonymous Remailers. Most of them are free and live out of contributions and/or sponsor banners they place on their website.
You can find many many Anonymous Remailers at http://www.theargon.com.

Here's a good example for an Anonymous Remailer:
First, head to http://anon.isp.ee (by the way, the extension .ee stands for Estonia) and sign up your free account. Once you're a registered user, send an Email to robot@anon.isp.ee with no subject and the following content:
user: your username
pass: your password
realaddr: your recipient's Email address.
realsubj: the subject of your mail.
Example: if I want to send an anonymous mail containing the following:

Subject: ANONYMITY RULEZ!!
Hi.
This is an anonymous Email message.
Let's see you trace me now!

to bgates@microsoft.com, and your username is user and your pass is pass, send the following Email to robot@anon.isp.ee (remember not to enter a subject):

user: user
pass: pass
realaddr: bgates@microsoft.com
realsubj: ANONYMITY RULEZ!!
Hi.
This is an anonymous Email message.
Let's see you trace me now!

You'll receive an Email notification from anon.isp.ee once your message has been delivered.
Once your recipient will reply to this Email, the message will return to you.

You can also use web-based anonymous remailers such as Replay Associates (replay.com/remailer/anon.html), but it won't let you receive replies.

Encryption?
===========
Everyone can read your Email. Whether it's some script kiddie who hacked your Hotmail account, a skilled cracker (or a script kiddie with a lot of free time) that hacked your POP3 mailbox or a person who got your Email by mistake. If you don't want other people to read your Email, use PGP.
Everyone who uses PGP can have their own PGP key. A key consists of tons of characters, whether they are lowercase or uppercase letters, number or symbols. After you make your key, you need to transfer it to everyone you want to send encrypted mail to. Once they have it, you can start sending encrypted mail to them and they'll be able to use your key to decrypt it.
More info on www.pgpi.com.

Note: PGP is very strong and can only be broken with giant supercomputers. The longer your key is, the harder it is to break the encryption.

Cookies?
========
Have you noticed how all those websites on the net are getting "smarter" all of a sudden? You know, like the way message boards remember your nickname, some sites remember your password so you won't have to retype it every time, electronic malls remember what you last put in your virtual shopping cart etc'.
This is all because of cookies. Cookies are small files which a website can request your browser to create and then retrieve information from them. Websites can put your password or any other information in these files.
If you don't want your co-workers or other people to sniff around and see where you've been visiting, what items you've been buying etc', you should delete them when you don't need them.
On Unix, your cookies would usually be stored somewhere in your home directory (usually /home/your-login, /usr/your-login or /usr/local/your-login if you're a regular user and /root if you're root, but anyone with write access to /etc/passwd can change that).
On Windows and Mac, cookies are stored on a sub-directory at your browser's directory called cookies.

Note 1: you can tell your browser to ask you before accepting a cookie. Just play around with it's preferences menu, you'll find it (there are so many browsers out there so I can't give a detailed explanation for every single one).
Note 2: if you're browsing from a public computer, do not save any cookies, or other people will be able to snoop around and look at your cookies or even enter various websites with your passwords, your credit card number etc'.

A reader called Stone Cold Lyin Skunk has pointed out to me that the cookies.txt file may be found in the netscape\users\default directory. This happens when you register your user (Netscape let's you have multiple users for the same program, each user with his own settings etc') without giving it a username.
He also pointed out to me that some websites will require you to accept cookies in order to enter them.
Also, he recommended to beware of your browser's history file (information on removing it can be found on the "Where Can I Learn More About Anonymity?" chapter), as well as your cache and your preferences.js files, because they may reveal your browsing habits (where have you been, etc').

.chk files?
===========
Stone Cold Lyin Skunk has pointed out that if you're running Windows and you do a quick reboot (hold down shift while telling Windows to reset) Windows generates a file called FILE0001.chk, FILE0002.chk etc' (usually found on c:\). You will be amazed to see how much information you could find in these files! Delete them ASAP!

The Anonymizer?
===============
The Anonymizer is an Internet service that helps you anonymize yourself better. The Anonymizer's homepage is www.anonymizer.com. Here's a snapshot from anonymizer.com:

+++++

Company Overview
----------------
Anonymizer.com is a pioneer in Internet privacy technologies, and the most popular and trusted name in delivering online privacy services. Anonymizer.com, today, has many thousand subscribers to its paid services and makes anonymous over 7.5 million pages a month. Lance Cottrell, founder and President of Anonymizer.com, authored the world's most secure anonymous remailer, Mixmaster and has been active for many years in promoting free speech. Lance received his undergraduate degree in physics from The University of California, Santa Cruz and a masters in Physics from The University of California, San Diego.
Justin Boyan, while a Computer Science Ph.D. student at Carnegie Mellon University, designed and implemented Anonymizer surfing. Anonymizer Surfing is now in its 4th generation under development by the Anonymizer engineering team.

Our Mission
-----------
Our mission is to ensure that an individual's right to privacy is not compromised once they are online. We began this company as a means to protect this right as embodied in the United Nations' Universal Declaration of Human Rights:
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

While written 50 years ago, article 19 of this document is now more than ever applicable with the advent of the recent growth of the Internet:
"Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."

You can read the full Universal Declaration of Human Rights on the following URL: http://www.unhchr.ch/udhr/lang/eng.htm.

+++++

You can use The Anonymizer to surf the web with anonymity for free by going to anonymizer.com and typing in the target URL where asked, or buy an Anonymizer package, which will give you more benefits. If you want some of the money you pay to go to Black Sun, subscribe through the following URL: http://www.anonymizer.com/3.0/affiliate/door.cgi?CMid=12437.
If you want, you too can join their affiltrates program. Simply go to http://www.anonymizer.com/3.0/affiliate/afdoor.cgi?CMid=12437 for more information. If you will subscribe through this URL, you will still receive all the cash you deserve, but we at Black Sun will also receive some benefits.

Where Can I Learn More About Anonymity?
=======================================
Useful URLs: http://www.theargon.com.
http://www.pgpi.com (for learning about PGP encryption and how to use it to encrypt your Emails)
IP Spoofing Demystified - a long article from Phrack magazine on IP spoofing (faking your IP). You can download it from our books section.
http://www.cyberarmy.com/lists - for lists of Wingates, Proxies and free shell accounts you can surf from to anonymize yourself.
http://2waymedia.hypermart.net/hh/browsers/index.htm - how to completely clear your browser's history

Other useful Tutorials by Black Sun: IRC Warfare by The Cyber God (for learning more on Anonymizing yourself on IRC), Proxy/WinGate/SOCKS tutorial by Jatt and Sendmail by me, R a v e N.

Appendix A: Using Altavista as a proxy
======================================
If you go to altavista.com, and under their tools section choose translation (or go directly to the following URL: http://babelfish.altavista.com/cgi-bin/translate?), you can ask Altavista to translate web pages for you.
But you can also use this as a proxy, since when you tell Altavista to translate a web page, Altavista's CGI translation script retrieves the page for you.

Thanks to Yoink for this information.

Appendix B: Spoofing browser history
====================================
Here is something I got by Email from a reader called Stone Cold Lyin Skunk:

set up a V3 redirect (http://www.v3.com or something like that)
then build a quick webpage with a link to the site you want to
view discretely
then go to your webpage via the V3 redirect

all I know is that the URL indicatoer at the top of th e borwser
will not show the URL you visit even your own .index page
it will only show the URL name

so if there is URL logging at your job or school or whatever,
they can always surf to your homepage via the V3, which they will
have. But, by then, you will have erased or. Or maybe it has
"hidden" links (links the same color as the background)...

in any case, they will not have your URLs and they certainly
won't have proof you surfed there...

for instance, you may not want, say, your local library sysop to
know about Black Sun...so you set up say, a Homestead homepage (these are
great because they feature password protected pages) ...you then
set up a V3 redirect to that page. Bingo- you can now surf to the
page via V3, log in with your password, hit all those cool hidden
links to Black Sun, CYberArmy, peacefire.org what wahtever, and the
URL snoop software will only record the original http://surf.to/fakeoutname
... and don't forget, make the V3 URl as
innocuous-sounding as possible...eg. http://surf.to.backetweaving ...

Appendix C: the +x mode
-----------------------
In IRC, it is possible to put yourself into mode x by typing '/mode yournick +x' (do not include the quotes and replace yournick with your own nick. For example: /mode raven +x).
This tells the IRC server to hide your IP, so when others try to /whois you or /dns you, they won't be able to get your IP (they will get a partial IP instead).
This will only work on some servers, but when you're on IRC, it is recommended to use this option.
Also, there is a way to bypass this. By simply creating a DCC connection with someone else (either a DCC chat or a DCC file transfer), you could then type 'netstat' (without the quotes) on either Unix or Windows/DOS and see what connections your computer is currently handling. One of them will be the DCC connection to that other guy.
Why is that? Because DCC stands for Direct Client Communication, which means that DCC actions are not done through the server, but directly (think - why would the owners of the IRC server want people to transfer files through their servers and initiate private chats through their servers? It'll just chew up some bandwidth). The netstat command shows all current connections (local or remote), and one of them will be your DCC connection with that other guy. You will then be able to see his/her IP or hostname.

Bibliography
============
1) The Argon - http://www.theargon.com
2) The Anonymizer - http://www.anonymizer.com
3) Hacker.co.il - http://www.hacker.co.il
4) Various tutorials.

Other Tutorials By Black Sun
============================
* FTP Hacking.
* Overclocking.
* Ad and Spam Blocking.
* Sendmail.
* Phreaking.
* Advanced Phreaking.
* Phreaking II.
* IRC Warfare.
* Windows Registry.
* Info Gathering.
* Proxy/Wingate/SOCKS.
* Offline Windows Security.
* ICQ Security.
* Hardware.
* Cracking.

人已赞赏
安全工具

<p>信息.<p>txt.</p>

2020-2-6 3:24:36

安全工具

adblock.txt

2020-2-6 3:24:39

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索