How to Hide IP Address

Before we will in detail consider known technologies of hiding of ip address, we should learn the ip address and to clarify some things convicting our computer in a network, for example the DNS-server address. For this purpose it is enough to come on any tools of check of anonymity, for example www.whoer.net, the main thing that it possessed interactive check of your computer by means of Java, ActiveX, Flash and Javascript. To hide the ip address, for example by means of Socks or VPN, insufficiently, since there is a set of the technologies, allowing it to reveal, which need or to be disabled on the computer, or to deceive. Also not the superfluous will change transferred HTTP-HEADINGS, it will allow to “force down” definition installed Software and the geographical location of the computer. In more details to check up the computer it is possible in the expanded version www.whoer.net/ext.

VPN (Virtual Private Network)

Outwardly VPN-connection a little than differs from connection to a usual local area network: applications at all will not feel a difference and consequently without any customisation will use it for access to the Internet. When one of them will want to access to a remote resource, on the computer the special GRE-package (Generic Routing Encapsulation, the common encapsulation of paths) which in the encrypted sort will be sent a VPN-server will be created. The VPN-server, in turn, will decrypt this package, will understand, in what its essence (inquiry about downloading of any HTTP-page, simply data transfer etc.), and will fulfil appropriate operation from the person (that is will light the IP). Further, having received the answer from a remote resource, the VPN-server will place it in a GRE-package, will encrypt and in such sort will send back to the client.

Continuous encryption of the transferred data is a key moment in safety. PPTP-traffic can be encrypted by means of MPPE (Microsoft Point-to-Point Encryption, supports 40, 56 and 128-bit keys). It is the protocol from Microsoft. Early versions were monstrously full of holes and were elementarily cracked, in new gross errors are corrected, but attempts Microsoft to make something in the field of cryptography of anything except laughter do not call. New versions of their protocols simply especially do not parse about holes.

OpenVPN

OpenVPN— free implementation of technology VPN, will be organised on the basis of the stack of TCP/IP protocols standard on the Internet. It guarantees connection operation even with those providers who do not support PPTP (more often these are operators of cellular communication which cut all GRE-packages which are passing through GPRS and EDGE). Also OpenVPN works even when you do not have real ip address, unlike PPTP, demanding simultaneous installation of two network sessions.

For OpenVPN there is variety of advantages before technology VPN:

Adaptive data compression in connection with application of algorithm of compression LZO. Bit rate through OpenVPN higher than PPTP;

Supports flexible methods of authorisation of authenticity of the client, grounded on certificates;

Usage of one TCP/UDP-port without a binding to concrete port (in our case UDP);

Enciphering of 2048 bits, provides unprecedented safety, is realised through a constant key.

Servers for anonymous VPN usually install in the countries where most loyally concern breaking, a spam etc. (China, Korea and other). The arrangement with administration which for the certain card undertakes to ignore complaints in abuse-service In most cases takes place and not to carry on broad gulls.

Proxy, SOCKS

Proxy server — the service in the computer networks, allowing clients to fulfil indirect inquiries to other network services.

At first the client is connected to a proxy server and requests any resource (for example, a file), allocated on other server. Then the proxy server is connected to the specified server, receives a resource for it and transfers to the client.

And on what protocols we can access to what servers through a proxy, depends on type of this proxy, i.e. The protocol on which we access to it. Proxy types exists a little: a HTTP-proxy, SOCKS4, SOCKS5 and some others.

HTTP-proxies are most extended, they are the most easier for finding in the Internet, but they work only with HTTP (there is also a https-proxy), besides can insert into headers of inquiry the address of the client, that is to be not anonymous.

SOCKS protocol is most remarkable that it encapsulates protocols not applied, but transport layer, i.e. TCP/IP and UDP/IP. As only on these protocols operation in the Network is possible, through SOCKS it is possible to work with any servers including same SOCKS and, thus, to organise chains of SOCKS-servers. For the same reason all a SOCKS-server are anonymous — it is impossible at level TCP/IP and UDP/IP to hand over the additional information, without having broken operation of the higher protocol.

Still it is possible to select anonymizer — look as the usual searcher, only instead of words/phrases it is necessary to enter URL of that site which you would like to look into them. Anonymizers represent the scripts written, for example, on perl, php, cgi-scripts.

Pair of useful programs on operation from a http-proxy and Socks:

SocksChain — the program, allowing to work through chain SOCKS or a HTTP-proxy (it is necessary to remember that any proxy server and furthermore free, carries on a broad gull. And the person who allocates the appropriate rights, can always calculate, where you came and that you did, even if you will use chains of 10 anonymous proxy servers in the different ends of a planet).

FreeCap — the program for transparent readdressing of connections through a SOCKS-server of programs which have no native support of a SOCKS-proxy.

TOR

Tor (The Onion Router) — free (BSD) implementation of the second generation onion router (so-called «onions (multilayered) routeing»). The system allowing users to incorporate anonymously, providing transmission of the user’s data to the encrypted sort. It is considered as the anonymous network giving anonymous web-surfing and safe data transfer. By means of Tor users can save anonymity at visiting of web-sites, publications of materials, sending of messages and operation with other applications using TCP protocol. Safety of the traffic is provided for the score of usage of a distributed network of the servers named with «multilayered routers» (onion routers).

Networkers Tor start onion-proxy on the computer, the given software is connected to servers Tor, periodically forming a virtual chain through network Tor which uses cryptography in the multilevel way (analogy to onions — English onion).

Each package getting to system, passes through three various servers (node) which are selected in a random way. Before departure the package is consistently ciphered by three keys: at first for the third nodes, then for the second, and, eventually, for the first.

When the first node receives a package, it decrypts “the upper” layer of the cipher (analogy to how clean a bulb) and learns where to send a package further. The second and third server arrive similarly. At the same time, the software onion-proxy gives the SOCKS-interface. The programs working on the SOCKS-interface, can be customised on operation through network Tor which, multiplexing the traffic, routes it through virtual chain Tor that finally allows to provide anonymous surfing in a network.

Existed for special add-Tor for web browsers Opera, Firefox.

SSH-tunneling

SSH (Secure Shell) — a network protocol, allowing to make remote handle of the computer and a file transfer. Uses algorithms of encrypting of the transferred information.

SSH-tunneling It is possible to consider as cheap replacement VPN. A principle of the given implementation the following: all network software on the computer fowradring on the assigned port (yours localhost) on which the tools connected on SSH with a server hangs (and as we know, connection on SSH to the protocol is encrypted ) and tunneling all inquiries; further all your traffic (any more in the encrypted sort) can be forwarded from a server on a proxy (supporting tunneling) or socks which transfer all traffic to necessary addresses. Presence of a proxy or socks is not mandatory.

What are the benefits of this system:

For the organisation of the given circuit it is not necessary to install a server software (since the SSH-account and socks can be got without problems on the Internet);

Since at SSH-connection of traffics it is encrypted and compressed, we receive small increase of speed of operation in an Internet (it truly when the soks-demon is on the same server);

In a case when the soks-server is on other host we receive an additional chain of servers which raise to us safety and anonymity.

JAP

In one of German institutes artful enough way of saving of anonymity has been developed. In system of the user proxy-program JAP which accepts all inquiries of the user about connections is installed special, encrypt (AES with 128-bit a key length) and in a safe mode sends on a special intermediate server (a so-called mix). The matter is that the mix simultaneously uses a large quantity of users, and the system is constructed so that each of them has been indiscernible for a server. And as all clients identical and to calculate it is is concrete one user it is not obviously possible.

Mixes are usually installed on a voluntary basis, basically at universities which confirm officially that do not carry on any dens. Besides chains of mixes, as a rule 3 mixes are usually used.

P2P anonymizers

Let’s consider on an example of network Peek-A-Boot:

Peek-A-Booty Is the distributed P2P network from the computers belonging to volunteers from the various countries. The network is created that users could bypass the limitations superimposed by local censorship and to get access to prohibited in this or that state Internet resources.

Each net point masks, so the user can route inquiries and receive the information from certain ip-addresses bypassing acceptable barriers.

The user, is connected to a special network where works Peek-A-Booty. The a little accidentally selected computers get access to a web site, and transfer given to the one who has transmitted inquiry.

All traffic in this network is encrypted under standard SSL accepted in electronic commerce so all looks as innocent transaction.

Output

From all methods considered by us only TOR and P2P is completely free, thus possess high reliability, but, unfortunately, are not convenient in daily use and customisation.

From the point of view of high level of safety and simplicity in tincture is in the lead OpenVPN, but the prices for it start from 15$ in a month. Wide distribution technology DoubleVPN in which now receives packages pass through two VPN a server. It perhaps, the fastest and convenient solution of a question of the guaranteed anonymity, but the price …

Conclusion

From all methods hiding ip address considered by us only TOR and P2P is completely free, thus possess high reliability, but, unfortunately, are not convenient in daily use and customisation.

Intermediate solution can become so-called clone VPN — SSH-tunneling for which presence only suffices shell-access that is rather cheap, and connection is customised, for example, through Putty. Unfortunately, customisation is not simple and labour-consuming, convenience of usage too limps, so it on former a variant for «geeks».