Post Reply 
JakxPack IV download
Jul. 30, 2004, 05:51 AM
Post: #106
 
Jak;
Quote:Proxo only deals with Port 80 & 445 <span style='color:red'> Jak, that should be Port 443</span> so I thought since this little "feller" logs the scan I might could point "Proxo" to it and that serve as a "trigger" for the "Redirector Filter" I was working on. I was very pleased to find out the results of running it. Smile!
Still working on that redirector filter, . . It works somewhat like I want it to, but it's far from was I'm looking for.
Since you say, correctly, that Proxo can't look at other ports, then I take it that you are capturing meta data from the utility proggie, which is, presumably, sending it to the browser on Port 80 (thereby letting Proxo 'see' it).

Not bad, but what do you do about sending falsified data back out to the offender on that same port?

(Gotta hint for ya: Telnet can be scripted!)


Oddysey

p.s. Shameless plug time: did you ever look at the topic Pix for Jak, in General Discussion? I didn't see any reply from you over there, so I just kinda wondered.

oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jul. 30, 2004, 05:56 AM
Post: #107
 
Well I think I've found out "why" this is working like it does. The "Attacker" proggie, . .it's allowing the "scanning" site to connect to the ports that are being monitored by "Attacker". There are no "packets" being sent according to My Fire-wall log, but it's allowing a connection to be made. I went to Steve Gibson's site and did the shields-Up test, and it show that these ports are no longer "stealthed". As long as I keep the "Attacker" program behind "Outpost" the ports are "Stealthed", however when this is the case, the "Lockdown" site No Longer "Thinks" that I'm behind a Proxy. Sad

You can visit "Steve Gibson's" Shields-Up site by Clicking "Here"

And Here is a nice site for test Your Fire-wall especially in the "Advanced" section. You can chose which one or all of Your Ports You wish it to scan. Click Here

Best Wishes,
"JaK"

----------------------------------
"Oddysey",
Yes, thank You for the "Pix". My youngest daughter "loves cats" also. We would have a house full if I let her keep everyone of them that she "brings" home. Wink

I hadn't thought about "telnet", . . .When You get a chance to, I would sure like to hear more on this. If we can come up with something that will "Spoof" the port that is being scanned it would go far to increasing the privacy aspect of PRoxo. Any and All help is greatly appreciated. Cheers
Best Wishes,
"JaK"
Add Thank You Quote this message in a reply
Jul. 30, 2004, 09:10 AM
Post: #108
 
You DO NOT Appear To Be Stealthed Or On An ANONYMOUS Proxy!

There's my result for the "Stealth Test".However,the only thing the scan picked up on was the I.P. addy that the router hosts,as ever.The other sections were blank.

Bad news if Oddysey ever tried to crack the router from the outside,I guess.Half expect him to appear on screen like Max Headroom at the best of times. *grin*

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 30, 2004, 05:46 PM
Post: #109
 
Jaded_Goth;
Quote:Bad news if Oddysey ever tried to crack the router from the outside,I guess.Half expect him to appear on screen like Max Headroom at the best of times. *grin*
Those days are over for me. Too much to do, and not enough excuses to get out of doing it! It looks like Bobalooie will have to "do the thinnin' around here" from now on! Big Teeth


Oddysey (nee "Quicksdraw")

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jul. 30, 2004, 10:43 PM
Post: #110
 
Jak, i have broadband with a static IP. My ISP blocks only 2 ports....145 and 445. Both MS ports I believe. On the test site above, i am getting ....Proxy server detected... even with Proxo bypassed.
Add Thank You Quote this message in a reply
Jul. 31, 2004, 02:44 PM
Post: #111
 
Hi "Proxo-addicts",
"Jaded_Goth" are running the "Attacker 3.0" program? Also are You using JakxPack? Here is what the scan show for Me, . .


REMOTE_ADDR: xxx.xxx.xxx.xx <----"actual IP"
If this field shows your REAL IP address, you are either not stealthed or connected to an anonymous proxy. For total stealth sign up with a proxy service. If you are using a proxy, check your proxy configuration and run the test again.

REMOTE_HOST:
If this field shows your REAL host name, you are either not stealthed or connected to an anonymous proxy. For total stealth sign up with a proxy service. If you are using a proxy, check your proxy configuration and run the test again.

HTTP_VIA: HTTP/1.1 61-218-141-226.HINET-IP.hinet.net (Apache/1.3.28)
If you are using a proxy and this line shows what proxy software is being used, including it's version number, you may want to ask your proxy service if they can stealth this information. What type of proxy software and the version number you are using, is no one`s business but your own. Example: In the test on my proxy server the proxy domain and port are displayed, but where the proxy software and version information should be it simply shows (STEALTHED).

HTTP_X_FORWARDED_FOR: 218.130.24.170
If this shows your REAL IP address or domain name, you are not using an ANONYMOUS proxy server. In the test, on my proxy server "unknown" is displayed in this field which is REALLY good!

HTTP_FORWARDED:
If this field has any of your real information, you are either not stealthed, or your proxy is not anonymous! Some proxies give you the IP address of the end-user, which would show up either in this field or the one above.

HTTP_FROM: mailto:comments@blankity-Blank.org <----"Faked via Proxo"
If this field has any of your real information you are either not stealthed, or your proxy is not anonymous!



Stealth Test ...
A Proxy Server Was Detected!

This Could Be Good!
-----------------------------------------------------------------------------------
"Oddysey" What do You think about running this program in the "Trusted App" section of the Fire-wall? I wouldn't want to create a security issue by giving it free access to the Net. But without running it that site knows that I'm not on a Proxy. I'm wondering if My Ports are actually "Stealthed" by "OutPost" , but because that "Attacker" is running outside the Firewall and listening to the Ports that it causes the "Checker" site to register "false Positives" on Port scanning. At least that's what I would hope for. But on the other hand it might be opening up a security hole which is defeating the purpose.

0n a lighter note,. . . .
Also You know now that I think about it, . . "Jaded_Goth" might be on to something, . . .You might be "Max Headroom", . Big Teeth. .hehehehe I never missed a Episode, that was one of my favorite shows. I hated to see it cancelled.
------------------------------------------------------------------------------------
"elshaddai" Your ISP has Your Broadband Connection over behind their Fire-Wall Proxy for added security. That site can detect it. So You do not have to use the "Attacker" to fool that site. Smile!

Take Care "Good Friends", . .Me and the kids are getting "outa Dodge" for a few dayz. Boating, fishing and just plain ole goofin' off.
"Ancient Mariner-Jak" =:-)

. . . . . Hey has anyone seen my lucky "albatross"?
Add Thank You Quote this message in a reply
Jul. 31, 2004, 04:57 PM
Post: #112
 
Hi,JaK.No-it did not reveal anything other than the static I.P. address hosted by the router.Like I said,all other fields were blank.
JaK,I honestly don't see how it's possible to mask the router addy.Surely,that is visible from the outside,because it's what stands between the net and the comp.Ultimately,you'd need to invent a device for spoofing static I.P.s hosted on the router,by uploading a file via Hyper Terminal or something....
If you did that,your I.S.P would probably deny you internet access.

No,I am not running the "Attacker 3.0" progamme.Comp registers as stealth at GRC.com.

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Aug. 01, 2004, 04:42 AM
Post: #113
 
Jak;

You're out boating and funning right now, so I'm gonna take a few hours (days?) to think about your question. Also, I'll actually install Attacker 3.0 to review it in operation. Seems like a good idea, no? Big Teeth

Have fun, and be sure to check back in when you're good and ready - not before! Them's the Doctor's orders. Go in peace, my son. (Makes the sign of the Geek Orthodox.)


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Aug. 01, 2004, 05:13 AM
Post: #114
 
Jaded_Goth;

You're correct, as you knew you were - unless your ISP is really friendly, your router's assigned IP is gonna show up on any host server's log sheet. No way outta that, short of paying for a proxy server, ala Jak's suggestion.

What the JakxPack spoofers actually do is to feed several mis-labeled header entries to the spying proggie (I include the server's logs here, just to be complete.) Said proggies are fooled because they are too simple to understand what would be obvious to any human reading the data. Mis-labeled headers are either ignored, or assigned an "Apparently...." moniker. If it's a duplicate header, then the chances increase that the proggie might get the correct info, but there's certainly no guarantee of that happening.

As for spoofing a static IP, that's technically a no-brainer. You need only know how to construct a TCP/IP packet, and you're off to the races. Well, that and you have to be able to hack your router. After that, the 'Net is yours, anonymously. Sure, your ISP may catch wise eventually, but if you don't abuse it, you might get away with it for quite some time. I won't go into detail of how to do all this, it's been covered to death on other parts of the 'Net. (Google is your friend!)


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Aug. 01, 2004, 04:05 PM
Post: #115
 
I've given this some thought,Oddysey (please,no jokes about butterflies flapping their wings in the jungles of the Amazon).

I've decided to leave well alone.I would actually be quite concerned if my I.S.P. *did* turn a blind eye to customers crafting packets in order to spoof their static I.P. addys.

My motives would be purely security-driven,but any miscreant,paedophile,hacker or general scumbag could argue the same.If my I.S.P tolerated me striving for (and possibly attaining) *total* anonimity,I'd seriously wonder how many deranged creeps were surfing under the radar,too.

Furthermore (and this is where I am going to get a bit addled in my thinking) wouldn't buggarising about with the I.P address prevent internet users accessing the files for download on my hypothetical server station?

My ultimate aim would be to host an array of anti-malware apps.People might ping the server,to check whether it is up...Where would it leave them?

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Aug. 12, 2007, 12:27 PM
Post: #116
RE: JakxPack IV download
I am not able to download the pack at present, it says the file not present. can you put a fresh link for this download
Add Thank You Quote this message in a reply
Aug. 13, 2007, 01:46 AM
Post: #117
RE: JakxPack IV download
http://prxbx.com/paFileDB/index.php?act=view&id=6

Smile!
Visit this user's website
Add Thank You Quote this message in a reply
Aug. 13, 2007, 03:27 AM
Post: #118
RE: JakxPack IV download
Kye-U,

I downloaded the filter set ok.
"Sreeji ",
Are You bypassing Proxomitron when You are trying to download?
Some "Configuration Filter Sets" can contain Web page filters that might prevent You from downloading and they can "Mangle" some of the filters.

I received You IM and I will try to email You the set. Take care and have a great and wonderful day, My Good Friend,
"JaK"
-----------------------------------------------------
Dear "Sreeji"
I tried to email the filter set to You, but Your email server sent it back. It said there was a fatal error, . .illegal attachment. It maybe because that there is an autoexe batch file in the filter set. I will remove it from the zip file and see if it goes through. I can either send You the "text" of the batch file and You can create the autoexe file.
Jak
Add Thank You Quote this message in a reply
Oct. 12, 2007, 04:36 AM
Post: #119
Big Grin RE: JakxPack IV download
hi jak!

just wondering if theres an updated version of your pack and where can i download it... tnx.. Cheers
Add Thank You Quote this message in a reply
Mar. 31, 2009, 11:55 AM
Post: #120
RE: JakxPack IV download
This does the same thing now
Code:
[HTTP headers]
In = FALSE
Out = TRUE
Key = "! |||||||||||| 3.1 Proxy Spoofing by Default     4.12.24 [jak sd] (o.1) (Out)"
URL = "$SET(keyword=$TST(keyword=(^*.(a_headers.|i_spoof:))\1)\1i_spoof:1.)"
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: