DOCUMENTATION |
Different computer documentationIP the address, its determination and concealment.As it is known, Internet it is based on family of tcp/ip protocols defining how interaction between the computers connected to a network is carried out. Identification of these computers is carried out by means of so-called IP addresses, each of which represents the unique 32-bit identifier which is normally written down in the form of four decimal numbers, напрмер, 192.168.0.1. And from the point of view of addressing the server processing every second thousand of requests practically by nothing differs from your computer connected to a network on dial-up. The unique difference - the house user, as a rule, receives the so-called dynamic ip-address changing from connection to connection. While the server address should be accessible to all clients, wishing to use its services, the client is not obliged to advertize not so the address at every turn. Moreover, ip-address promulgation can lead to rather serious consequences. What it is possible to make with the person, knowing its ip-address? Well, for example, if by its machine with Windows ' 95 lives NetBIOS over IP, and some disks it is a lot of are divided for access on a network, moreover and without the passwords :) (for become interested - help here can nbtstat, lmhosts and net use). Truth it not too often meets at dial-up users. Other example - last year holes in IE and NN have been found, allowing to get access to files of the client. Those holes, truth, already covered, but who knows, how many they still remain. Till now the programs united by the general title Gently favourite millions users ICQ (http://www.icq.com) too appeared not without a sin. On page Fyodor's Exploit world (http://www.dhp.com/~fyodor/sploits.html) besides the other the information on weaknesses ICQ-shnogo of the protocol (http://www.dhp.com/~fyodor/sploits/icq.spoof.overflow.seq.html) which already allowed to create the numerous programs doing life of user ICQ not too fresh is resulted. So, for example, on page ICQ Snoofer Team (http://const.ricor.ru/~icq/) it is offered to test the program, allowing to send messages on ICQ from stranger UIN. Snoofer exists in two variants - in the form of a script accessible from page, and in the form of the program which promise to deliver by mail. The nobility suffices for its usage the ip-address of the addressee, port number on which hangs ICQ, and UIN the sender. The instruction is applied. However, all these cheerful programs are suitable in the core for destructive activity, special sense in which I do not see (by the way, the voting launched on our server by an occasion "нюков" showed that the majority of visitors with me is solidary). Let's look, what actions can be undertaken for determination and ip-address concealment. Absolute recipes certainly does not exist, it is possible to speak only about the most widespread cases. Generally speaking, your IP address can be lit in a large quantity of places. Another matter - as it then therefrom to pull out. We tell, your favourite browser at stopping on any page informs on itself достоточно a lot of information. As simple demonstration I will result a script on Perl'е, deducing the main information on the visitor of page: Listing 1. showuser.pl #!/usr/bin/perl Generally it is the most harmless case of promulgation of the ip-address (unless if to admit malicious intention of the web master who have installed a script, attacking the visitor, but probability of purposeful attack is insignificant is small). The IP address of the sender can be pulled out from title of the received electronic mail (Most likely, it will lie in the last field Received: unlike field From: it to forge it is hardly more difficult). If at you dynamic selected address the similar situation is not too dangerous. Worse if the address constant that, truth, meets less often. Various systems for interactive dialogue appear the most dangerous from the point of view of ip-address promulgation - IRC (a command/whois), InternetPhone, ICQ etc. For the sake of justice it is necessary to note that some of them try to cover the address of the user (we tell, in MS Comic Chat the address part is shown only, in ICQ ' 98 there was a possibility of concealment of the address, not too truth well working at dialogue with old versions), but in the majority of systems the address lies absolutely openly. As to html-chats, here all depends on desire of the developer, the basic possibility of show of the ip-address exists, as it has been shown hardly above. Idea following: if in a chat input of tags html is resolved, nobody prevents to interpose into the message something of type <img src = "http://www.mysite.com/cgi-bin/sniffer.cgi"> As a result all present at a chat (even not registered) will be, that without knowing, to cause a script sniffer.cgi. Well and remaining already the trick, implementation of a similar script on Perl'е, conducting a broad gull of all calls, occupies some lines. The demonstration variant of this script is accessible on http://www.hackzone.ru/cgi-bin/sniffer.cgi. The application method is very simple - you interpose into the message the text like the following: <img src=http://www.hackzone.ru/cgi-bin/sniff.cgi?id>, where id - the channel identifier (it helps not to be tangled at script usage on different chats different people). If this chat supports an insertion of html-tags most likely you see animated logo HackZone. Everything that now it is necessary - to view a broad gull (http://www.hackzone.ru/files/snifflog.txt) to which date of reversal to a script, the ip-address and the identifier id is written. It is a question of demonstration, 30 last records are stored in a broad gull only. #!/usr/bin/perl $log = "/local/path/on/your/server/snifflog.txt"; $now_string = localtime; @thetime = split (/+/, $now_string); @theclock = split (/:/, $ thetime [3]); $ampm = ' am '; if ($theclock [0]> 11) {$ampm = ' pm ';} if ($theclock [0] == 0) {$theclock [0] = 12;} if ($theclock [0]> 12) {$theclock [0] - = 12;} else {$theclock [0] + = 0;} $lnum = $ ENV {' QUERY_STRING '}; open (DB, "$log") || die "Can't Open $log: $! \n"; flock (DB, 2); @line = <DB>; flock (DB, 8); close (DB); $line0 = "[$ thetime [0] $theclock [0] \: $ theclock [1] $ampm] (". $lnum. ")". $ENV {REMOTE_ADDR}." ". $ENV {REMOTE_HOST}; $maxline = line; $maxline=30 if ($maxline> 30); open (DB, "> $log") || die "Can't Open $log: $! \n"; flock (DB, 2); print DB ("$line0\n"); for ($i=0; $i <$maxline; $i ++) {print DB ("$line [$i]"); } flock (DB, 8); close (DB); Now it is a little how to be protected from all this disgrace. The most simple method to be covered at walks on Web - to use proxy or service like Anonymizer, Inc. (http://sol.infonex.com/). The principle of their operation is similar - you directly communicate only with the proxy-server, and on stopping on sites it does manual labor for you. If you are excited all the same with a problem with detection of the ip-address at e-mail usage, you can use service of the same Anonymizer'а for departure of letters through web (https://www.anonymizer.com/), or any anonymous ремэйлером (http://www.replay.com/remailer/). Worst of all business is with chats. The problem that if to find any left proxy for www it is easy enough, similar service for irc, icq and others meets, to put it mildly, very rarely and to the simple dialup-user is almost inaccessible. For this reason the most part of means for attack on ip is ground under various irc-clients. So it is possible to struggle here only two methods. The most reliable - not to use them generally :) More realistic - to struggle not with the reason, and with consequences - to find for the freshest patches and to hope that against your armor yet did not invent a suitable gun. |