How secure is my Internet connection?

Contributed by: /usr/share/bong
Submitted: 03-14-2003

Anonymizers
The internet is insecure - don't put your faith in all this anonymizer/proxy/software crap. To determine about how secure something is, you have to take a lot of considerations:

1.Where are they located?
The US government could trace back what you did (let's say you made a seed purchase online with a credit card like an idiot). The webserver of the seed place where you made a purchase will probably leave a webserver log that shows the IP address of your anonymous service. All the US government has to do is go to your anonymous service provider and subpoena your user information. Investigating agents get your e-mail address. They go to your ISP and under the United States Patriot Act, they can get your user information.

2. What kind of encryption technology do they offer?
The new version of OpenSSL (a popular SSL library) has been proven to be susceptible to a "timing" attack where a user could possibly snoop on the data that goes between a SSL session.

3. How secure is your home computer?
Even if you can get an encrypted overseas Anonymizer service (offers the greatest protection), there are ways for the Man to get around this. The FBI recently captured the PGP keyphrase of a Mafia guy by putting a keystroke logger on the guy's computer. It is very possible if you have a large ISP for them to capture all the traffic between your computer and the Internet.

Internet structure
Traceroute counts the hops between you and your destination (and all the web servers inbetween) on the Internet. Go to
http://www.washington.edu/networking/tools/traceroute to see a web-based version of traceroute.

Example:
I want to trace the route from that website, as mentioned above, to overgrow.com

1 zinc-V13.cac.washington.edu (140.142.3.33) 1 ms 1 ms 1 ms
2 uwbr2-GE2-0.cac.washington.edu (140.142.153.24) 0 ms 0 ms 1 ms
3 prs1-wes-ge-0-0-0-0.pnw-gigapop.net (198.107.150.30) 1 ms 1 ms 1 ms
4 Peer1-PWAVE.pnw-gigapop.net (198.32.170.49) 1 ms 1 ms 1 ms
5 OC12POS3-0.van-gsr-a.peer1.net (64.69.67.157) 4 ms 10 ms 10 ms
6 r2-72-fe1-1-core-van.netnation.com (64.69.67.214) 11 ms 10 ms 10 ms
7 ip2.overgrow.com (64.40.108.190) 5 ms 5 ms 5 ms

As you can see, there are 5 routers/servers/hubs where LEO could possibly intercept my internet traffic. 5 possible people to pressure with a subpeona.

NOTE: for each person, a trace route will be different. one of the nicest things about the Internet is that it finds the fastest pipe available.

Packet Sniffing
Packet sniffing is the ability to grab packets of information over the network. It can be compared to a "network wire tap". Packet sniffers capture binary data passing through the network, most decent sniffers (usually found on the Unix/Linux platforms for free) decode this data into a readable form for a system administrator. To make it even easier, another step can occur - known as "protocol analysis". There is a varying degree analysis that takes place, some are simple, just breaking down the "packet" information. Others are more complex, giving "detailed" information about what it sees on the packet (i.e., highlights a password for a service).

How can I prevent my packets from being sniffed?
Many services on the Internet send data in plain-text. By default, POP mail, SMTP (for sending mail) send data in clear-text. The same applies for FTP, Telnet and News clients. ICQ, IRC, MSN and AOL Instant messengers send passwords in clear-text. In fact most services send passwords this way.

Start encrypting that password data! Many mail services offer encrypted logins. Ask your system administrator about secure mail. If you login securely, your data is still sent in clear-text. Install PGP from www.pgpi.org and send your e-mail securely. Also, try and login via SSL when you are making transactions via the Internet

(Note: always look for https in the location bar of your web browser, like http://www.example.com, or a lock at the bottom of your web browser).

A free packet sniffer: Ethereal
Find Ethereal at: http://www.ethereal.com/distribution/win32

Ethereal is a free network protocol analyzer for Unix
and Windows. It allows you to examine data from a live network
or from a capture file on disk. You can interactively browse the
capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

I'm going to sniff a session between a web browser and a website. This is a common procedure in tracking down an individual's Internet usage. In this example, we are a system administrator snooping on an employee. We believe he is abusing his privileges of Internet usage and violating our rules that say that no employee shall be in a chatroom.

We click "Capture". The Capture options come up. Everything that is chosen will work, only change things if you know what you are doing. We captured a 2 minute session where a user