Pages

Sabtu, 12 November 2011

通过SOCKS5上OICQ隐藏真实IP OICQ on through SOCKS5 hide the real IP

by Sinbad by Sinbad

1. 为什么要隐藏IP 1 Why should we hide the IP

众所周知,现在有很多工具或者补丁都可以查到OICQ在线用户的IP地址,再结合追捕还能知道该IP所在的地理位置、主机信息等等。 As we all know, there are many tools or patches can be found online OICQ user's IP address, combined with the hunt but also to know the geographic location of the IP, host information, and so on. 我们主要关心的是自己真实IP地址一旦暴露,他人就可以利用系统的漏洞,来攻击我们的机器。 Our main concern is their true IP address once exposed, others can take advantage of loopholes in the system, to attack our machines.

1.1 公司专线 1.1 Company Line

公司里面的专线用户,本机一般都是用的内部IP地址,以192.168开头,通过网关/代理服务器上网。 Users inside the company line, the machine usually with internal IP addresses beginning with 192.168, through the gateway / proxy server. 这种情况下,阻止外部攻击的任务就交给网关了,个人机器相对比较安全。 In this case, the task of preventing external attacks on the gateway to the individual machines are relatively safe.

1.2 家庭拨号 1.2 Dial-up family

家庭用户一旦通过PPP接入Internet,登上OICQ,如果本机设置的不够安全,就很容易受到恶意用户的攻击。 Once the PPP home user access to Internet, boarded OICQ, if the machine is not set up security, it is vulnerable to malicious users. 如果能够隐藏真实IP,就可以在上OICQ的同时,保证本机的安全。 If you can hide the real IP, you can OICQ on the same time, to ensure the safety of the machine.


2. 如何隐藏IP 2 How to hide IP

本文所讲的办法是通过socks5代理来隐藏IP地址。 This is the way to talking about socks5 proxy to hide IP address. socks5支持UDP协议的proxy,这点正是OICQ所需要的(目前最新版本的OICQ支持HTTP代理,好像仅对付费员开放)。 UDP protocol support socks5 proxy, this is what needs OICQ (OICQ support the latest version of the HTTP proxy, it seems only open to paid members). 关于socks5协议与应用层代理、NAT的区别,请参考其他文章,本文主要给出实践的内容。 Protocol and application layer on socks5 proxy, NAT difference, please refer to other articles, this paper gives practical content.

2.1 安装socks5 2.1 Installation socks5

我们用一台Red Hat Linux机器来作为socks5 server,它具有Internet IP,为ABCD。 We use a Red Hat Linux machine as a socks5 server, it has the Internet IP, as ABCD.

下载: Download:
http://matrix.tesi.dsi.unimi.it/pub/securitytools/socks5-v1.0r11.tar.gz http://matrix.tesi.dsi.unimi.it/pub/securitytools/socks5-v1.0r11.tar.gz

解压后进入目录: Extract into the directory:
./configure --with-threads . / Configure - with-threads
make make
make install make install

启动和停止的命令: Start and stop commands:
/usr/local/bin/socks5 / Usr/local/bin/socks5
/usr/local/bin/stopsocks / Usr / local / bin / stopsocks

如果要开机启动,请修改/etc/rc.d/rc.local。 If you want to boot, modify the / etc / rc.d / rc.local.

2.2 配置socks5 2.2 Configuration socks5

策略: Strategy:
* 允许Internet上任何机器的访问 * Allows access to any machine on the Internet
* 通过user/password来验证 * By user / password to verify

# vi /etc/socks5.conf # Vi / etc/socks5.conf
auth - - u auth - - u
permit u - - - - - sinbad permit u - - - - - sinbad
interface - - ABCD interface - - ABCD

第一行auth,u表示采用/user/password方式认证; The first line of auth, u said that the use / user / password authentication methods;
第二行permit,表示允许sinbad用户使用本代理; The second line permit, that allows the user to use this agent sinbad;
第三行interface,ABCD是服务器的外部IP,用实际的取代之。 The third line interface, ABCD is the server's external IP, replaced with the actual.

# vi /etc/socks5.passwd # Vi / etc/socks5.passwd
sinbad sinbad sinbad sinbad

这是密码文件,每行一个用户,用户名和密码用空格隔开。 This is the password file, each line of a user, user name and password separated by a space.
本例中用户sinbad的密码是sinbad。 In this case the user's password is sinbad sinbad.

关于各个配置项的解释请man socks5.conf。 Explanation of each configuration item on your man socks5.conf.

2.3 客户端配置 2.3 Client Configuration

客户端是你安装了OICQ的机器,要能够直接访问到socks5服务器。 Client is the machine you installed OICQ, to be able to directly access to the socks5 server.

启动OICQ,主菜单-〉系统参数-〉网络设置,选中“使用PROXY SOCKET5防火墙”,输入服务器的IP(ABCD)、端口(默认1080端口)、用户名(sinbad)和密码(sinbad),测试成功后重新启动 OICQ,请别人帮你看一下,IP应该为为ABCD,这样就达到隐藏自己真实IP的目的了! Start OICQ, the main menu -> System Parameters -> Network Settings, select "Use PROXY SOCKET5 firewall", enter the server IP (ABCD), port (default port 1080), the user name (sinbad) and password (sinbad), test successful restart OICQ, please someone help you look, IP should be for the ABCD, so to hide their real IP destination of the!

3. 安全问题 3 security issues

假设我们的服务器以前做过安全配置、打过补丁,是比较安全的。 Suppose we have done before the server security configuration, patched, is relatively safe. 现在增加了一个socks5 proxy服务,就要注意了。 Now add a socks5 proxy services, should pay attention.

3.1 采用最新的版本 3.1 using the latest version of the

本文中提到的是v1.0r11版本,我也不确定是否为最新,在http://www.socks.nec.com上没找到最新的版本号。 Mentioned in this article is v1.0r11 version, I'm not sure whether the latest on the http://www.socks.nec.com not find the latest version. 有个远程溢出exploit(http://www.securiteam.com/exploits/6Q00R0A0AQ.html),对此版本不起作用。 There is a remote overflow exploit (http://www.securiteam.com/exploits/6Q00R0A0AQ.html), this version does not work. 而且我们配置的user/password方式认证,这个exploit在不知道用户名和密码的情况下是无法成功的。 And we configure user / password authentication method, the exploit without knowing the user name and password in the case can not be successful.

3.2 制定访问控制策略 3.2 The development of access control policy

如果只有很少人使用这个代理,那么可以加上IP限制。 If only few people use this proxy, you can add IP restrictions. 比如我在家通过95963上网,就修改/etc/socks5.conf中的permit行,加上211.100.这个网段的访问权。 I am at home, such as the Internet through 95963, you modify / etc/socks5.conf permit in line with 211.100 and this segment of the access.


4. 参考资料 4 References

http://www.socks.nec.com/ http://www.socks.nec.com/
http://www.securiteam.com/exploits/6Q00R0A0AQ.html http://www.securiteam.com/exploits/6Q00R0A0AQ.html
http://www.linuxaid.com.cn/engineer/bye2000/doc/socks.htm http://www.linuxaid.com.cn/engineer/bye2000/doc/socks.htm

Tidak ada komentar:

Posting Komentar