DComTalk.com

I've been testing out Tenebril's GhostSurf which claims to encrypt your
data and hide your IP address online. However, I just went to Shield's
Up (https://www.grc.com/x/ne.dll?bh0bkyd2) while running GhostSurf and
it seemed to have no problem detecting my IP Address. I double-checked
my settings and GhostSurf says it's hiding everything.

Is Tenebril's product BS? Can anyone suggest a better anonymizer
product?

Thanks,

Tom

Any software like that is snake-oil. You cannot hide your machine out here
on the Internet. It's bunch of BS. And BTW, I got some swamp land (that's
prime real-estate) in Mississippi you can buy too.

Duane :)

If you left Javascript enabled, allow ActiveX downloads and executes, or
downloaded GRC's local client then obviously it will know and can report
the IP address for your host.

--
____________________________________________________________
For e-mail, remove "NIX" and add "#LAH" passcode to Subject.
____________________________________________________________

I've been testing out Tenebril's GhostSurf which claims to encrypt your
data and hide your IP address online.

That's a proxy service - so while your IP isn't shown on the packet that
arrives at that pr0n site you want to visit - your network admin can still
see the traffic. Oh, and do you trust the proxy site you are using?

ALL traffic on the net has to have legitimate source and destination
addresses. Think for a moment about viewing a web page at foo.example.com
(a well known non-site on the web). Your browser asks to send a packet
there (how else do you think the page shows up on your computer) - so the
O/S first has to send a different set of packets to some name server to
translate 'foo.example.com' into an IP address. (Packets travel the world
using IP addresses - four byte addresses, that take up less space in the
packet that the fifteen bytes needed for foo.example.com or the fortytwo
bytes for 'adsl-69-235-220-167.dsl.irvnca.pacball.not'.) The DNS replies
that 'foo.example.com' is at 192.0.2.144 (no that address isn't real either).
Your computer then sends a 'hello' packet to that IP address - and think
about this - with your legitimate IP address as the sender. Why? How do
you think foo.example.com is going to send packets to you, if you are giving
them a fake address that says you are in Timbuktu in Mali (a country in
Western Africa)? If you use a fake address, the packets are going to be
sent there (not to you), and who ever has that fake address is going to be
wondering WTF this crap is.

However, I just went to Shield's Up (https://www.grc.com/x/ne.dll?bh0bkyd2)
while running GhostSurf and it seemed to have no problem detecting my IP
Address.

Awww, would Steve lie to you? Yup. Turn off java/javascript/activeX.

I double-checked my settings and GhostSurf says it's hiding everything.

It's not hiding everything - if it was, your networking wouldn't work.

Is Tenebril's product BS? Can anyone suggest a better anonymizer
product?

Get a fake ID card, and go to your public library. Get access using
their computers. No one will _ever_ know it's really you.

Old guy

klenwell@gmail.com wrote:

I've been testing out Tenebril's GhostSurf which claims to encrypt your
data and hide your IP address online. However, I just went to Shield's
Up (https://www.grc.com/x/ne.dll?bh0bkyd2) while running GhostSurf and
it seemed to have no problem detecting my IP Address. I double-checked
my settings and GhostSurf says it's hiding everything.
Is Tenebril's product BS? Can anyone suggest a better anonymizer
product?

Better forget this.

"Shields up" is just nonsense. No product can "hide" you in the Internet,
even if "Shields up" is telling you such trash.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

Vanguard <vanguard.code@comcastnix.net> wrote:

If you left Javascript enabled, allow ActiveX downloads and executes, or
downloaded GRC's local client then obviously it will know and can report
the IP address for your host.

It does not matter.

If you're going onto a webpage, the server there has your IP address,
wether you will do ridiculous things like "stealthing" your PC or not.

POC: http://www.dingens.org/forget-stealthing.cgi

This is BTW:

---------------------------------- snip ----------------------------------
#!/usr/bin/perl

use CGI::Request;

$req = GetRequest($pkg);
$cgi_obj = $req->cgi;
$cgi_var = $req->cgi->var("REMOTE_ADDR");

print "your client IP is ".$cgi_var."\n";
---------------------------------- snap ----------------------------------

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

klenwell@gmail.com wrote:

I've been testing out Tenebril's GhostSurf which claims to encrypt your
data and hide your IP address online. However, I just went to Shield's
Up (https://www.grc.com/x/ne.dll?bh0bkyd2) while running GhostSurf and
it seemed to have no problem detecting my IP Address. I double-checked
my settings and GhostSurf says it's hiding everything.
Is Tenebril's product BS? Can anyone suggest a better anonymizer
product?

For anonymizing, you could use AN.ON/JAP or Tor for example.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

I thought the concept with a service such as Tenebril's was that your
packets got routed through their servers so the end site you were
visiting didn't get your address but rather got Tenebril's server's
address. Tenebril would have a record of your ip address's page
request to watchmygrandparentshavesex.com, but
watchmygrandparentshavesex.com wouldn't know where you were coming from
and the trail would end at Tenebril's proxy server. Obviously even in
this model, only as secure and anonymous as Tenebril's server, but not
complete snake oil and effectively anonymous until the Feds come
knocking on Tenebril's door with a court order or a hacker or rogue
employee hacks their servers.

I asked about Tenebril because their software was recommended in a
computer magazine I was looking at.

Tom

In the Usenet newsgroup comp.security.firewalls, in article
<1126196358.619776.220080@g49g2000cwa.googlegroups.com>,
klenwell@gmail.com wrote:

I thought the concept with a service such as Tenebril's was that your
packets got routed through their servers so the end site you were
visiting didn't get your address but rather got Tenebril's server's
address.

As a proxy service - yeah, that's the basic concept.

Tenebril would have a record of your ip address's page request to
watchmygrandparentshavesex.com,

[clickity-click]... NXDOMAIN - darn. ;-)

Obviously even in this model, only as secure and anonymous as Tenebril's
server, but not complete snake oil and effectively anonymous until the
Feds come knocking on Tenebril's door with a court order or a hacker or
rogue employee hacks their servers.

Doesn't have to be the Feds - but you've got the idea. For a while, there
were some wide open proxy servers on the net. These tended to get closed
due to pressure by the upstream providers. In some cases, there were
questions if the server wasn't even being run as a sting, or was being
run by bad guys to steal identity information, credit card numbers, and
so on.

If you are so inclined, there are millions of systems on the Internet
that are so poorly set up that you can take over the system, and run your
nasty deeds and pr0n surfing out of J. Random User's home system, and if
the Feds come looking, he's to clueless to know if anything happened and
they will blame him. Just make sure he really is clueless, and the
computer isn't being run by the local Fuzz under a grant from the national
committee to "save the chilldruns from peddlephiles and junk food merchants"
or some such.

What a lot of people forget is to secure their own systems, and turn off
all of the automatic features that "improve your Internet experience"
such as Java/JavaScript/ActiveX/Cookies/Remember_my_password/Log_me_in_
to_all_sites/etc. and so on. I suspect this is due to the radiations
from the screen of the PC, or the satellite mind-control rays, but people
who get near computers do some of the most stupid things imaginable. In
some cases, this is because the individual doesn't want to spend any
time learning WTF, and just click on an icon to see what's behind door 3.

Old guy

"Volker Birk" <bumens@dingens.org> wrote in message
news:431ed98f@news.uni-ulm.de...

Vanguard <vanguard.code@comcastnix.net> wrote:
If you left Javascript enabled, allow ActiveX downloads and executes,
or
downloaded GRC's local client then obviously it will know and can
report
the IP address for your host.

It does not matter.

If you're going onto a webpage, the server there has your IP address,
wether you will do ridiculous things like "stealthing" your PC or not.

POC: http://www.dingens.org/forget-stealthing.cgi

This is BTW:

----------------------------------
snip ----------------------------------
#!/usr/bin/perl

use CGI::Request;

$req = GetRequest($pkg);
$cgi_obj = $req->cgi;
$cgi_var = $req->cgi->var("REMOTE_ADDR");

print "your client IP is ".$cgi_var."\n";
----------------------------------
snap ----------------------------------

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

The target host only knows the IP address of the host that connects to
it. If you use a proxy, which is the point of Ghostsurf, then the IP
address you get is for the proxy, NOT for yourself that went through
that proxy (or the proxies before it). The idea of using proxies is
that the target gets the IP address of the proxy host, not of you. It's
really not that complicated a process to grasp. It is the Javascript,
ActiveX, or client programs that you download - through all those
proxies - that then runs locally which can report *your* IP address. It
is very similar to using a NAT router. The target host doesn't get your
intranetwork's IP address from the packet it gets but instead gets the
WAN-side IP address allocated to the router. ICS is a proxy and works
similarly.

And far as you "BTW" code goes, that CGI script runs on the *server*
which is the target or last host. All it will report is the IP address
of whatever host is connected to it, and that would be for the proxy
host, not your host.

--
____________________________________________________________
For e-mail, remove "NIX" and add "#LAH" passcode to Subject.
____________________________________________________________

Vanguard <vanguard.code@comcastnix.net> wrote:

The target host only knows the IP address of the host that connects to
it.

Yes, of course. There are some better possibilities than "stealthing"
to anonymize your connection. I already recommended Tor and AN.ON.

The point is, "stealthing" is nonsense, not using proxies or even
onion routing.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

"Volker Birk" <bumens@dingens.org> wrote in message
news:4323e305@news.uni-ulm.de...

Vanguard <vanguard.code@comcastnix.net> wrote:
The target host only knows the IP address of the host that connects
to
it.

Yes, of course. There are some better possibilities than "stealthing"
to anonymize your connection. I already recommended Tor and AN.ON.

The point is, "stealthing" is nonsense, not using proxies or even
onion routing.

I wasn't addressing the pros and cons of stealthing or whether or not it
is nonsense. I was addressing your claim that:

"If you're going onto a webpage, the server there has your IP address,
wether you will do ridiculous things like "stealthing" your PC or not."

which is not correct. You even contradict your own statement by later
recommending to use Tor to anonymize a connection.

As to whether anonymizing your connection is nonsense or not, that
depends on why you use it (and if you classify abusive use as nonsense).
Most users that hide do so for anti-social reasons (which also includes
wanting to disavow responsibility for your words), and the same for
posters that use anonymizing mail2news gateways. There are some
legitimate uses but most times it is just fluff that will reduce
reliability and impact performance only to provide imagined protection
that can be circumvented by other means (as mentioned in my other post,
although I neglected that the content of non-encrypted traffic can also
be interrogated to find useful info tidbits). Also, users of these
stealthing services are assuming that Tenebril, Tor, and other
anonymizing services aren't logging your source at their first
proxy/router and, if more than one is used, doing the same at their last
proxy/router to know where you came from and where you go so they can
covertly monitor your traffic, your destinations, and even your content;
i.e., you attempt to stealth your connection by trusting an unknown with
your traffic.

Vanguard <vanguard.code@comcastnix.net> wrote:

"If you're going onto a webpage, the server there has your IP address,
wether you will do ridiculous things like "stealthing" your PC or not."
which is not correct. You even contradict your own statement by later
recommending to use Tor to anonymize a connection.

OK, I think, this is just a misundersanding. I referenced the topic
"stealthing". Please read my sentence as "If you're going onto a webpage,
ridiculous 'stealthing' will not prevent if the server there has your IP
address or not". This is how it was meant.

A problem with context, I think ;-)

As to whether anonymizing your connection is nonsense or not, that
depends on why you use it

Yes, of course.

Also, users of these
stealthing services are assuming that Tenebril, Tor, and other
anonymizing services aren't logging your source at their first
proxy/router and, if more than one is used, doing the same at their last
proxy/router to know where you came from and where you go so they can
covertly monitor your traffic, your destinations, and even your content;
i.e., you attempt to stealth your connection by trusting an unknown with
your traffic.

This is the misunderstanding again - with "stealthing", I did not thought
about anonymizing with proxies or onion routing or something like that,
but this ridiculous thing GRC is crying for, and he is calling "stealthing",
and the providers of the "Personal Firewalls" are advertizing.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"

grc talks about stealthing because his shields-up service is a test of your firewall. It has nothing to do with browsing or anononymity. He is saying that one of the things that you should do as PART of your general internet security practices is to make sure you operate in "stealth" mode. This means that any unsolicited probes to your computer should not reveal the existance of a machine. This is not the same as anonymous surfing and grc does not say that it is.

Ghostsurf (proxy service+software) "redirects" your http requests through one of a number of proxy servers. It is for you to satisfy yourselves whether or not the service meets your needs. If you want anononymity from your ISP then this is probably not a bad product, however if you need something more you need to check it out properly.

For those who have not noticed the initial post on this subject referred to grc's shields up probe at an adderss beginning with https. Ghostsurf only proxies http and not https. The https request would have been routed directly from the requesting computer and not via ghostsurf's proxy. Had s/he used http instead then the IP address of the proxy would have been shown instead. This has nothing to do with Java/ActiveX etc. (although I suggest disabling ActiveX as a matter of course) it is a browser configuration issue (See proxy settings in IE/Firefox etc) and a fact that https is not routed via a proxy when using Ghostsurf.

So niether grc or Ghostsurf are wrong. They both do what is says on the box. Whether that is enough or not is for you to decide based upon what your needs are.