Concealing one’s activities on the Web is something every Investigator should understand. You should understand this for your own use and to understand how these techniques may deny you needed information. Yet using these techniques may also target you as an undesirable in some circumstances.
The following are methods used to obscure Internet traffic and avoid IP blacklists and content filters.
Use the IP Address
As an example, check out the site baremetal.com where you can look up the IP address of just about any site. Put that IP address into your browser’s address bar, and it takes you there, bypassing the need to enter a domain name. This will avoid many implementations of blocking software. This won’t get past a good content filter and it won’t get past an IP blacklist that includes the IP address you just entered.
Cached Pages
Viewing cached pages will get past most blocking software but it won’t get past a content filter. The content filter doesn’t look at the IP or Domain address, it reads the content for its appropriateness.
Encrypted Connection
Employees can setup their browser so that their web queries go through an encrypted tunnel to an external server which may give them unrestricted online access. An example would be using the encrypted Google search site at its old address, https://www.google.com/, which was too close to the non-encrypted address. The new address of https://encrypted.google.com/ allows large organisations like school boards to deny access to this site. Referrals from a Google search will be invisible to the blocking software.
Just putting HTTPS: in front of the address may get you an encrypted connection to a stripped down version of the Web page.
The HTTPS: connection is the best approach in most cases. However, it is becoming more common for large companies to insert an inline HTTPS proxy in the network to read and analyze this traffic by creating a man-in-the-middle.
SSH
There is also SSH or encrypted SOCKS whereby users transfer unencrypted traffic over a network through an encrypted channel. SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services — so long as a site allows outgoing connections.
VPN
Hamachi, an VPN tool for creating direct tunnel to a server (for more on this see Episodes 18 & 19) and Tor, which routes Internet connections through a series of anonymous relays, are the most secure. These tools were built to protect privacy, but they also hide Internet activity.
Hamachi and Tor obscure Internet traffic with encryption and prevent traffic analysis by IP address. If the traffic is encrypted with a tool like Tor, then blocking or reading the traffic nearly impossible. Tools like Tor or Hamachi are highly decentralized and peer-to-peer, which makes keeping track of IP addresses an endless battle.
0 Responses to “Secret Squirrel”