Anonymous Internet Access and DNS Leaks

In present day, the ability to use the Internet “anonymously” is within reach of most people. It doesn’t so much cost money, but you do need to educate yourself on the tools and techniques. I recently learned some new techniques which I found intriguing. Along the way, I ran across this concept of the “DNS leak” and I laughed aloud at how big of a mistake it would be to overlook it! More on that in a minute…

Why be anonymous?
It’s a very strange reality we live in. Just about all of our electronic world is not-safe, and is observed by MANY observers, including:

  • Your ISP
  • The company of the service that you are using
  • Multiple marketing and advertising companies who bought your information
  • Your government
  • Foreign governments
  • Hackers

In fact, about the only one who doesn’t have access to your data is the casual computer user. So, why be anonymous? It depends.

  1. If you are a journalist – especially nowadays, the things you communicate can get you killed.
  2. If you live in a country where freedom of speech is not allowed (but it is still your human right), you may need or want to communicate freely.
  3. If you are in the information security (a.k.a “cybersecurity”, or “cysec” which I’m trying to get people to start using!) industry then you’d need these techniques for your White Hat pentesting tasks.

It’s not easy to be anonymous, but there are several legitimate needs. This post will be an overview of how you might approach that.

How to be anonymous:
There is a lot to it. The main idea is that you first don’t want to use the internet in a way that will allow your connection to be personally-identifiable. That means, don’t check your e-mail, don’t use the same browser which already has all of your marketing, and tracking cookies – which all leave a huge footprint behind. Those are some of the user-things to which you need to be aware. However, there are several other significant steps.

First, you can’t use Microsoft Windows. You just can’t. Windows has the complete OPPOSITE goal in mind. It wants to track and correlate everything you do, back to a Live ID. That is personally identifiable. Even if you could get around that, the tools and technique that you need to do – aren’t available on Windows. MacOS X is pretty much in the same boat. Apple ties everything back to your Apple ID. So, what do you use?

Well, if you are a journalist or activist, some distribution of Linux. However, I’ll speak to the IT security professional – the answer is: Kali Linux (which I’ve written about, too). This is primarily because it has ALL of the tools you need to do this.

Here’s a overview of how this might look:

image

Instead of connecting directly to the internet, you could connect to a VPN service for internet access, then go through proxy servers to reach the Tor network, to ultimately make your internet requests.

Network Usage, by Default:
By default, when you connect from your home machine to out on the internet, you have a very traceable footprint. Your requests come from an IP address which is correlated to your ISP. If a government is looking at you, they can compel the ISP to turn over who had that IP address, at that time. If a hacker or foreign government is looking at you, they will just break into the ISP and look for themselves.

They then correlate that IP address, and the MAC address of your computer directly to you. If you’ve committed some sort of crime, then they have an airtight case: that network traffic correlates directly back to your computer.

If you are an IT security professional doing legitimate white hat work, the “victim” can easily trace you and start a counter-attack to stop you, and compromise your computer and network. If you are a professional, this is the kind of thing that will make your company go out of business. So, where do we start?

There are two general things you’d want to do: 1) create secure connections, and 2) abstract away your identity. For #1, that is done with SSL/TLS connections. For #2, that is done via proxy servers and “NAT”, or Network Address Translation. This concept of a “proxy” is like if you ask Joe to go ask Jane for a book, Joe asks as if it’s for himself. When he returns, he hands you the book. Jane has no idea it was for you, she thought it was for Joe. At the network-level, this translation information is not routinely kept very long. So, if you made a NAT-type proxy connection through a server last Thursday, it will likely be extremely difficult or impossible to figure out who the originator was. Then – multiply this concept by using several proxies and additional encryption! Now, you have something close to anonymity. Well… at least as far as your network traffic goes. Your behavior on that network will likely be the thing that actually gives you away!

A VPN service:
As discussed, the first problem is that all of your network traffic comes from your public IP address which is directly correlated to you.

image

Imagine instead if you could create a Virtual Private Network (VPN) tunnel to some external service (in any part of the world), and have your “entry point” to the Internet be over there? That is what a VPN service offers. You connect into a remote service; that is, you create a secure (SSL/TLS/IPSEC) tunnel. Then, that tunnel leads out to the internet connection provided by that VPN provider.

image

Although you can pay for a VPN service, believe it or not, there are PLENTY of free services you can use. For example http://www.vpnbook.com/freevpn or just google for “free VPN service”. Granted, the public/free ones will be slower – you get what you pay for.

As far as how to use it, simply download the .ovpn files from a provider, and at the command-line in Kali, run “openvpn filename.ovpn”. From that point in, all of your network traffic will be routed through the VPN service and then out to the Internet, instead of just directly out of your own Internet connection.

Proxy Servers:
Proxy servers are the simplest of all of these steps. It works exactly how your home internet gateway does: you attempt to go a network location, and your gateway stops it – makes the request on your behalf. When it gets the response, it hands it back to you as if it was you all along. On the internet, this is valuable because instead of YOU navigating to a web page, the proxy server is navigating to the web page on your behalf, and giving you the results. Since most/all(?) public proxies don’t track who is connected, that connection cannot be technically correlated with you. This is just another useful layer of anonymity.

In Kali, the way to do this is to edit the /etc/proxychains.conf file, and then run “proxychains executableprogram”. For example:

$ proxychains firefox https://duckduckgo.com

which would connect to the proxies you have defined, and then launch Firefox and connect to that website. The connection would appear to DuckDuckGo to be coming from whichever is the last proxy server where your network traffic passed-through. You can find public proxies by simply googling for “free public proxy” and you’ll find lots of sources.

For someone tracking you, having your anonymous traffic coming from one proxy server, to just feed into a second proxy server – it becomes extremely difficult to trace.

image

and by the way, on TV crime dramas when you hear the “tech person say “Geez, he’s bouncing through 50 different servers!”, that’s not even approximately correct. After even just a few proxy servers, you’re connection will be VERY slow. There is no way you could even go through 10 proxy servers, nevermind 50! And that is the trade-off at each step here – your actual throughput to the internet will get slower and slower. There is a LOT of stuff going on at each step of this anonymizing process – and that takes time to process!

Tor:
Tor is a much bigger concept and does more things. However, the relevant piece here is that you can use the Tor network to anonymize yourself, even more.

image

Tor works on the concept of network of volunteers who offer to be Tor “nodes”. Each node acts as a proxy and establishes a new, encrypted, anonymized request for every inbound request it gets. After bouncing around several random nodes, your network traffic comes out of a Tor “exit node” and onto the greater Internet. As you might imagine, at the network level, it’s near-impossible to trace from where the traffic originated. Tor doesn’t keep track of who is connected.

In Kali, the easiest way to start is to (under a non-privileged user account), go and download the Tor browser from: https://www.torproject.org/ and run the executable inside.

image

So now we have the complete picture! First, we connect to our VPN service to get access to the internet from a different geographical location. Then, we connect through a few proxy servers to ultimately connect to the Tor network – and finally our network traffic makes it out to the internet. By that time, from a pure-network perspective, it’s going to be just about impossible to trace, except maybe for an organization with significant resources, like the NSA.

One more thing: your MAC address!
One other consideration when anonymizing, is you might consider changing your MAC address. The MAC address is the physical address of your network card. It’s made up of a portion to describe which manufacturer makes the card, and then a unique number to correspond to that unique computer.

In Kali, you can easily use “macchanger” to set your MAC address, or even better, set a cron job to randomize it every time you boot the computer. The idea being that if someone did track down your network traffic, the MAC address would be the final piece that correlates that network traffic with the physical device you own.

One more thing: your DNS server settings (DNS leaks)!
Again, imagine you’ve taken all of these steps. You:

  1. Have a new, random MAC address
  2. You connect to a VPN service
  3. You chain through several proxy servers
  4. You connect through the Tor network

and one of the first things you need to do is resolve a DNS name – like www.google.com. Uh-oh. Unless you’ve taken steps to correct this, where is your DNS request going to go? Well, you probably use DHCP at home (or at the public wifi), and that probably gives you the DNS servers of that ISP. So after allllll that work to become anonymous and to have your network traffic come out somewhere in the Netherlands, the first thing you do is make a DNS request to the Comcast residential DNS servers in Baton Rouge, LA where you live! UGG!! It would be obvious to anyone tracking you that you aren’t in the Netherlands at all – you are in Baton Rouge, specifically!

That is what a DNS leak is.

One way to verify this is to use www.dnsleaktest.com where you can run a test. It will show you what DNS server you are using. How to resolve this is to use a public DNS, even one that is in a different country. Luckily, sites like www.opendns.com offer a free service where you point to their DNS servers.

If you point to OpenDNS servers, in the same scenario above, when you come out of the Tor exit node and hit the internet to make a DNS request, it will go to OpenDNS, not giving away your location. This is an example of your DNS settings “leaking”, or giving away information. However, you need to be VERY aware of any other personally-identifiable information that can give away your identity or location too.

Bottom Line:
To be very, very, very clear. I in no way endorse nor encourage using any of these techniques for any unethical or immoral use. This is purely for educational purposes. There are several valid examples of why anonymity is needed, and these are some of the techniques that can get you there.

With that said, and I’ve alluded to it above – this takes care of your physical network traffic. That will be very difficult or impossible to trace by a nefarious adversary. However, that is not how most people get in trouble. Most people get in trouble from information leakage. If you check your e-mail over this connection, look up something local on the web, or “leak” any personally-identifiable information over this anonymized connection, you will have completely compromised all of this effort.

If you use your normal web browser, which has “trackers” and advertiser cookies over this anonymous connection, that allows you to be identified. So ideally, if you are using Kali, ONLY use it for your work. Don’t ever use it for things that will correlate to your identity or location.

So, anonymity is not fun, nor is it easy. But those that must use it, know that it’s an entire mindset.

You need to take all of these physical precautions, but HOW you use that anonymous network connection is even more important. I say more important because it’s the easiest thing to mess up and you can’t mess up, even once!

Posted in Best-practices, Computers and Internet, General, Infrastructure, Linux, Professional Development, Security, Uncategorized
5 comments on “Anonymous Internet Access and DNS Leaks
  1. […] I recently wrote about the concepts behind how one might attempt to become anonymous on the Internet. As I’ve been filling in the gaps and learning about this stuff, I regularly imagine how stressful this must be for people where a mistake is literally life-and-death! For example: […]

    Like

  2. Samuel W. says:

    I can change my ip to any of 100+ locations with arcvpn. I’m having good service with them so far.

    Like

  3. […] Anonymous Internet Access and DNS Leaks […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
Categories

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 5 other followers

%d bloggers like this: