Azio’s Computer Log

Hi guys, welcome to what you’ve been searching the internet frantically for. Say wa? A no-nonsense guide to anonymous, secure & encrypted port forwarding via SSH tunneling. I will tell you how in just 3 easy steps.

Step 1

Open putty, Goto the Connection-> SSH-> Tunnels and type in 7070 for source port (you can use any port but we use 7070 for this example). Do not enter a destination, but make sure `Dynamic` and `Auto` option buttons are selected like the picture below.

Right once you’ve done the above it should look like:

Notes: `Dynamic` option is set, after clicking add D7070 appears in `forwarded ports`. Thats perfect. Well done. Give yourself a pat on the back. Simple. Isn’t it?

Step 2

After how much of a breeze step 1 is, all that is left is you deciding which linux box you’d like to use to connect to via SSH. For my example I include a fictional machine mybox.reallyrocks.com with the default SSH port of 22. In order to feel special about yourself and save you doing this all again enter in a name to save the session. I’ve put “Spechial SSH tunnelz for webz and ting” just so it is darn clear whats going on there. Ok, see below.

What I didn’t tell you in this guide was howto click the Open button, because to setup an encrypted SSH-2 (SHA-2) connection that tunnels via a secure linux box is already so easy. I figured it’d be an insult mentioning it.

Step 3: Add your proxy settings in firefox and go crazy.

Now maybe i’ll get that job I’ve always wanted. *cough*. As if. I’m going to use firefox as an example on how to use this bloody tunnel you’ve just setup, you’re probably wondering. Not to worry, this is easier than clicking “Open”.

Script `kiddies` may say? wa wa wa whatcha type in though. Well I typed in 127.0.0.1 and the 7070 and selected the option socks v5. comon, simple things. So, Enjoy simplicity. Everybody else is so god damned cryptic about setting up tunnels and the truth of this is, anyone could do it. Yes, thats right now everything you do VIA the WWW is encrypted. The only thing that isnt is the DNS which is the thing that says where the server is. “what is google? google is 68.8.0.3 etc - thats what the DNS does”.

My oh My, Easy.

Peace,
A

As a english patriot my entire life I have enjoyed the peaceful comfort of my own house, and the provisions and the safety that are made for us (and indeed taken for granted). What a lot of my readers don’t know is that privacy is something of the past, and as discussed previously with like minded thinkers, the internet, and telecom network is NOT what we think it is. A lot of it is monitored. What a lot of you do not know is that there is a 5 government alliance that allows a “global” listening/spy network to be installed throughout the world. Unfortunately, this is for our own safety, however in as simple words as I could put it - that much power is terrorism on the greatest scale. Fighting for “liberty” - is not removing them all. And so on. And here I share the FAQ (Frequently Asked Questions that have since been removed from the American Civil Liberties Union Website (Original location: http://www.aclu.org/echelonwatch/echfaq3.htm).

People at the very least should have been made aware of a system to promote their freedom, not to have that knowledge restricted and to be unaware of the truly massive power that governments instil upon themselves. But “why care, unless you have something to hide?” you say; I reply “power corrupts. absolute power, corrupts absolutely - roughly translated to, I care not of the civil liberties removed from me or the people, I care for the absolute `liberty of power` awarded to those who claim to their self indoctrinated wish to create freedom - and that is NOT freedom. That is slavery.”
Q: What is Project ECHELON?

ECHELON is a code word for an automated global interception and relay system operated by the intelligence agencies in five nations — the United States, the United Kingdom, Canada, Australia and New Zealand (it is rumored that different nations have different code words for the project). While the United States National Security Agency (NSA) takes the lead, ECHELON works in conjunction with other intelligence agencies, including the Australian Defence Signals Directorate (DSD). It is believed that ECHELON also works with Britain’s Government Communications Headquarters (GCHQ) and the agencies of other allies of the United States, pursuant to various treaties. ¹

These countries coordinate their activities pursuant to the UKUSA agreement, which dates back to 1947. The original ECHELON dates back to 1971. However, its capabilities and priorities have expanded greatly since its formation. According to reports, it is capable of intercepting and processing many types of transmissions, throughout the globe. In fact, it has been suggested that ECHELON may intercept as many as 3 billion communications everyday, including phone calls, e-mail messages, Internet downloads, satellite transmissions, and so on. ² The ECHELON system gathers all of these transmissions indiscriminately, then distills the information that is most heavily desired through artificial intelligence programs. Some sources have claimed that ECHELON sifts through an estimated 90 percent of all traffic that flows through the Internet. ³

However, the exact capabilities and goals of ECHELON remain unclear. For example, it is unknown whether ECHELON actually targets domestic communications. Also, it is apparently very difficult for ECHELON to intercept certain types of transmissions, particularly fiber communications.

Q: How does ECHELON work?

ECHELON apparently collects data in several ways. Reports suggest it has massive ground based radio antennae to intercept satellite transmissions. In addition, some sites reputedly are tasked with tapping surface traffic. These antennae reportedly are in the United States, Italy, England, Turkey, New Zealand, Canada, Australia, and several other places. ⁴

Similarly, it is believed that ECHELON uses numerous satellites to catch “spillover” data from transmissions between cities. These satellites then beam the information down to processing centers on the ground. The main centers are in the United States (near Denver), England (Menwith Hill), Australia, and Germany. ⁵

According to various sources, ECHELON also routinely intercepts Internet transmissions. The organization allegedly has installed numerous “sniffer” devices. These “sniffers” collect information from data packets as they traverse the Internet via several key junctions. It also uses search software to scan for web sites that may be of interest. ⁶

Furthermore, it is believed that ECHELON has even used special underwater devices which tap into cables that carry phone calls across the seas. According to published reports, American divers, were able to install surveillance devices on to the underwater cables. One of these taps was discovered in 1982, but other devices apparently continued to function undetected. ⁷

It is not known at this point whether ECHELON has been able to tap fiber optic phone cables.

Finally, if the aforementioned methods fail to garner the desired information, there is another alternative. Apparently, the nations that are involved with ECHELON also train special agents to install a variety of special data collection devices. One of these devices is reputed to be an information processing kit that is the size of a suitcase. Another such item is a sophisticated radio receiver that is as small as a credit card. ⁸

After capturing this raw data, ECHELON sifts through them using DICTIONARY. DICTIONARY is actually a special system of computers which find pertinent information by searching for key words, addresses, etc. These search programs help pare down the voluminous quantity of transmissions which pass through the ECHELON network every day. These programs also seem to enable users to focus on any specific subject upon which information is desired. ⁹

Q: If ECHELON is so powerful, why haven’t I heard about it before?

The United States government has gone to extreme lengths to keep ECHELON a secret. To this day, U.S. government refuses to admit that ECHELON even exists. We know it exists because the Australian government (through its Defence Signals Directorate) has admitted to this fact. ¹⁰ However, even with this revelation, U.S. officials have refused to comment.

This “wall of silence” is beginning to erode. The first report on ECHELON was published in 1988. ¹¹ In addition, besides the revelations from Australia, the Scientific and Technical Options Assessment program office (STOA) of the European Parliament commissioned two reports which describe ECHELON’s activities. These reports unearthed a startling amount of evidence, which suggests that ECHELON’s powers may have been underestimated. The first report, entitled “An Appraisal of Technologies of Political Control”, suggested that ECHELON primarily targeted civilians.

This report found that:

“The ECHELON system forms part of the UKUSA system but unlike many of the electronic spy systems developed during the cold war, ECHELON is designed for primarily non-military targets: governments, organisations and businesses in virtually every country. The ECHELON system works by indiscriminately intercepting very large quantities of communications and then siphoning out what is valuable using artificial intelligence aids like Memex to find key words. Five nations share the results with the US as the senior partner under the UKUSA agreement of 1948, Britain, Canada, New Zealand and Australia are very much acting as subordinate information servicers.

“Each of the five centres supply “dictionarie” to the other four of keywords, phrases, people and places to “tag” and the tagged intercept is forwarded straight to the requesting country. Whilst there is much information gathered about potential terrorists, there is a lot of economic intelligence, notably intensive monitoring of all the countries participating in the GATT negotiations. But Hager found that by far the main priorities of this system continued to be military and political intelligence applicable to their wider interests. Hager quotes from a “highly placed intelligence operatives” who spoke to the Observer in London. “We feel we can no longer remain silent regarding that which we regard to be gross malpractice and negligence within the establishment in which we operate.” They gave as examples. GCHQ interception of three charities, including Amnesty International and Christian Aid. “At any time GCHQ is able to home in on their communications for a routine target request,” the GCHQ source said. In the case of phone taps the procedure is known as Mantis. With telexes its called Mayfly. By keying in a code relating to third world aid, the source was able to demonstrate telex “fixes” on the three organisations. With no system of accountability, it is difficult to discover what criteria determine who is not a target.” ¹²

The most recent report, known as “Interception Capabilities 2000”, describes ECHELON capabilities in even more elaborate detail. ¹³

In addition, an Italian government official has begun to investigate Echelon’s intelligence — gathering efforts, based on the belief that the organization may be spying on European citizens in violation of Italian or international law. ¹⁴

The Danish Parliament also has begun an inquiry.

Events in the United States have also indicated that the “wall of silence” might not last much longer. Exercising their Constitutionally created oversight authority, members of the House Select Committee on Intelligence recently started asking questions about the legal basis for NSA’s ECHELON activities. In particular, the Committee wanted to know if the communications of Americans were being intercepted and under what authority, since US law severely limits the ability of the intelligence agencies to engage in domestic surveillance. When asked about its legal authority, NSA invoked the attorney-client privilege and refused to disclose the legal standards by which ECHELON might have conducted its activities. ¹⁵

A funding bill is now making its way through the Congress which would, at a minimum, require the NSA to report on the legal basis for ECHELON and similar activities. ¹⁶

In addition, Rep. Bob Barr (R-GA), who has taken the lead in Congressional efforts to ferret out the truth about ECHELON has arranged for the House Government Reform and Oversight Committee to hold oversight hearings.¹⁷

Q: What is being done with the information that ECHELON collects?

The original purpose of ECHELON was to protect national security. That purpose continues today. For example, we know that ECHELON is gathering information on North Korea. Sources from Australia’s DSD have disclosed this much because Australian officials help operate the facilities there which scan through transmissions, looking for pertinent material. ¹⁸

However, national security is not ECHELON’s only concern. Reports have indicated that industrial espionage has become a part of ECHELON’s activities. While present information seems to suggest that only high- ranking government officials have direct control over ECHELON’s tasks, the information that is gained may be passed along at the discretion of these very same officials. As a result, much of this information has been given to American companies, in apparent attempts to give these companies an edge over their less knowledgeable counterparts. ¹⁹

In addition, there are concerns that ECHELON’s actions may be used to stifle political dissent. Many of these concerns were voiced in a report commissioned by the European Parliament. What is more, there are no known safeguards to prevent such abuses of power. ²⁰

Q: Is there any evidence that ECHELON is doing anything improper or illegal with the spying resources at its disposal?

ECHELON is a highly classified operation, which is conducted with little or not oversight by national parliaments or court. Most of what is known comes from whistleblowers and classified documents. The simple truth is that there is no way to know precisely what ECHELON is being used for.

But there is evidence, much of which is circumstantial, that ECHELON (along with its British counterpart) has been engaged in significant invasions of privacy. These alleged violations include secret surveillance of political organizations, such as Amnesty International. ²¹ It has also been reported that ECHELON has engaged in industrial espionage on various private companies such as Airbus Industries and Panavia, then has passed along the information to their American competitors. ²² It is unclear just how far ECHELON’s activities have harmed private individuals.

However, the most sensational revelation was that Diana, Princess of Wales may have come under ECHELON surveillance before she died. As reported in the Washington Post, the NSA admitted that they possessed files on the Princess, partly composed of intercepted phone conversations. While one official from the NSA claimed that the Princess was never a direct target, this disclosure seems to indicates the intrusive, yet surreptitious manner by which ECHELON operates. ²³

What is even more disquieting about these allegations is that if proven, may have circumvented countless laws in numerous countries. Many nations have laws in place to prevent such invasions of privacy. However, there are suspicions that ECHELON has engaged in subterfuge to avoid these legal restrictions. For example, it is rumored that nations would not use their own agents to spy on their own citizens, but assign the task to agents from other countries. ²⁴ In addition, as mentioned earlier, it is unclear just what legal standards ECHELON follows, if any actually exist. Thus, it is difficult to say what could prevent ECHELON from abusing its remarkable capabilities.

Q: Is everyone else doing what ECHELON does?

Maybe not everyone else, but there are plenty of other countries that engage in the type of intelligence gathering that ECHELON performs. These countries apparently include Russia, France, Israel, India, Pakistan and many others. ²⁵ Indeed, the excesses of these ECHELON-like operations are rumored to be similar in form to their American equivalents, including digging up information for private companies to give them a commercial advantage.

However, it is also known that ECHELON system is the largest of its kind. What is more, its considerable powers are enhanced through the efforts of America’s allies, including the United Kingdom, Canada, Australia, and New Zealand. Other countries don’t have the resources to engage in the massive garnering of information that the United States is carrying out.

In my short time working in IS and IT I have learnt a multitude of skills and sins; Habbits and Harassments. Good lessons and ones I would rather never have benefited from! You know the ones I mean!

I am happy to announce that I am working on a very-much lucrative consultation firm that should be providing the very greatest expectations of a modern IS customer. From small basement software development firms to Large multinational multi-million corporate framework, Server Management and Internet Service Provision.

It’s nice to finally be on the way to working on yet another type of ISP. There are a number of people involved and there will be an extremely *broad* range of services once it is launched. I’m delighted with the website we have chosen, Welp.co.uk servers. I have valued this domain at approx £10k but it is probably worth significantly more than that.

Wish me luck readers! This is the `business` and we will all be going for it!! A big thanks to the kind people that have helped me get where I have over the years. A lot of you are businesses I have worked with, providers, agents & of course loyal customers, friends and mentors! Thankyou. I’d never have got this far without you, and I won’t be the sort of guy to forget that.

I have been updating the azio.org proxy list a bit more often recently, a lot of you are no doubt online this christmas and want to browse in peace of mind. Remember, use proxies for anonymity, if you want to break the law using them it is really inadvisable, this isn’t a disclaimer, just a small christmas information nugget. At least, in the event you get caught, some of the hosts will be obliged to provide information about connections to them. Then again, you should keep in mind, some of the proxies don’t log (some of the high anonymous) therefore if a proxy is used to commit an illegal act then it may not be possible to trace the user in the event that the proxy is not logging.

Meh, back to the proxies! Please enjoy ths proxy list!
67.192.37.34: 80 anonymous proxy server Dec-24, 19:40 United States
70.86.151.66: 80 anonymous server Dec-24, 19:52 United States
202.115.130.23: 8080 anonymous server Dec-24, 19:52 China
202.138.139.163: 3128 anonymous server Dec-24, 19:54 Philippines
203.88.192.104: 8080 anonymous proxy server Dec-24, 19:42 China
80.87.131.100: 80 anonymous server Dec-24, 19:42 United Kingdom
80.156.84.38: 80 anonymous server Dec-24, 19:09 Germany
201.218.14.180: 80 anonymous server Dec-24, 19:53 Ecuador
219.240.36.175: 4480 high-anonymous server Dec-24, 20:00 Korea,
218.249.128.62: 808 high-anonymous proxy server Dec-24, 19:55 China
128.135.11.149: 3128 high-anonymous proxy server Dec-24, 20:00 United
221.193.193.246: 1080 high-anonymous proxy server Dec-24, 19:52 China
193.203.241.124: 80 high-anonymous proxy server Dec-24, 19:46 United
168.243.199.228: 80 high-anonymous proxy server Dec-24, 19:52 El
202.159.221.22: 8080 high-anonymous proxy server Dec-24, 19:02 India
203.177.21.70: 80 high-anonymous server Dec-24, 19:43 Philippines
194.65.138.109: 80 high-anonymous server Dec-24, 19:12 Portugal
217.133.12.165: 80 high-anonymous proxy server Dec-24, 19:12 Italy
131.247.2.242: 3128 high-anonymous proxy server Dec-24, 19:13 United
80.237.140.233: 8888 high-anonymous server Dec-24, 19:41 Germany
190.2.61.161: 80 high-anonymous server Dec-24, 19:16 Argentina
128.252.19.20: 3128 high-anonymous server Dec-24, 18:08 United States
193.200.193.200: 82 high-anonymous proxy server Dec-24, 19:58 Germany
217.172.56.130: 23 high-anonymous proxy server Dec-24, 19:01 Germany
213.137.132.136: 8080 high-anonymous server Dec-24, 19:20 Monaco
219.128.102.194: 80 high-anonymous proxy server Dec-24, 19:30 China
194.179.85.15: 80 high-anonymous proxy server Dec-24, 14:14 Spain
207.234.145.43: 80 high-anonymous proxy server Dec-24, 15:04 United
221.13.66.161: 80 high-anonymous proxy server Dec-24, 15:37 China
218.22.128.243: 808 high-anonymous server Dec-24, 19:58 China
128.59.20.227: 3124 high-anonymous proxy server Dec-23, 19:24 United
140.247.60.126: 3128 high-anonymous server Dec-24, 19:12 United States
128.2.223.63: 3124 high-anonymous proxy server Dec-24, 19:51 United
128.2.223.63: 3128 high-anonymous server Dec-24, 19:51 United States
128.112.139.78: 3124 high-anonymous proxy server Dec-24, 18:09 United
193.167.182.130: 3124 high-anonymous proxy server Dec-24, 19:51
198.82.160.221: 3128 high-anonymous proxy server Dec-24, 19:14 United
198.133.224.145: 3124 high-anonymous server Dec-24, 18:09 United
129.24.211.26: 3124 high-anonymous proxy server Dec-24, 19:51 United
195.116.60.1: 3124 high-anonymous server Dec-24, 19:14 Poland
128.238.88.64: 3127 high-anonymous proxy server Dec-24, 17:05 United
198.133.224.146: 3127 high-anonymous proxy server Dec-23, 20:00 United
132.252.152.193: 3127 high-anonymous server Dec-24, 18:08 Germany
132.252.152.194: 3127 high-anonymous server Dec-24, 17:07 Germany
128.31.1.17: 3124 high-anonymous server Dec-24, 18:49 United States
129.242.19.196: 3124 high-anonymous server Dec-24, 01:01 Norway
130.75.87.84: 3124 high-anonymous proxy server Dec-24, 19:08 Germany
136.145.115.196: 3127 high-anonymous proxy server Dec-24, 19:48 Puerto
128.112.139.71: 3128 high-anonymous server Dec-24, 18:46 United States
195.116.60.34: 3128 high-anonymous proxy server Dec-24, 17:47 Poland
169.229.50.5: 3127 high-anonymous server Dec-24, 19:12 United States
169.229.50.3: 3128 high-anonymous server Dec-24, 18:12 United States
128.151.65.101: 3127 high-anonymous proxy server Dec-24, 18:10 United
203.178.133.11: 3128 high-anonymous proxy server Dec-24, 13:16 Japan
163.221.11.73: 3124 high-anonymous server Dec-24, 12:19 Japan
195.116.60.49: 3124 high-anonymous server Dec-24, 12:19 Poland
195.37.16.97: 3124 high-anonymous proxy server Dec-24, 18:10 Germany
165.91.83.23: 3127 high-anonymous server Dec-24, 18:08 United States
128.223.8.112: 3127 high-anonymous server Dec-24, 18:09 United States
58.85.219.194: 8080 high-anonymous server Dec-24, 13:55 Japan
193.167.187.188: 3128 high-anonymous proxy server Dec-24, 19:49
128.59.20.228: 3128 high-anonymous proxy server Dec-24, 19:14 United
138.100.12.149: 3128 high-anonymous server Dec-24, 08:31 Spain
128.114.63.16: 3128 high-anonymous server Dec-24, 19:49 United States
152.3.138.1: 3127 high-anonymous server Dec-24, 18:07 United States
143.205.172.11: 3127 high-anonymous server Dec-24, 17:23 Austria
192.42.43.23: 3124 high-anonymous server Dec-24, 17:07 Switzerland
193.167.182.132: 3124 high-anonymous server Dec-24, 18:44 Finland
128.8.126.111: 3127 high-anonymous proxy server Dec-24, 18:46 United
195.113.161.82: 3127 high-anonymous proxy server Dec-24, 18:45 Czech
160.94.220.241: 3127 high-anonymous server Dec-24, 19:46 United States
128.8.126.111: 3128 high-anonymous server Dec-24, 18:19 United States
136.145.115.194: 3124 high-anonymous server Dec-24, 18:43 Puerto Rico
194.36.10.156: 3124 high-anonymous proxy server Dec-24, 18:18 United
203.178.133.10: 3127 high-anonymous proxy server Dec-24, 19:08 Japan
129.108.202.11: 3124 high-anonymous server Dec-24, 19:46 United States
129.108.202.10: 3128 high-anonymous proxy server Dec-24, 18:15 United
152.3.138.5: 3127 high-anonymous proxy server Dec-24, 18:16 United
129.240.67.16: 3128 high-anonymous server Dec-24, 17:11 Norway
129.240.67.16: 3124 high-anonymous server Dec-24, 18:15 Norway
128.227.56.81: 3124 high-anonymous server Dec-24, 19:17 United States
193.6.20.5: 3124 high-anonymous proxy server Dec-24, 19:42 Hungary
192.33.90.67: 3128 high-anonymous server Dec-24, 19:41 Switzerland
152.3.138.4: 3128 high-anonymous server Dec-23, 19:08 United States
193.167.187.188: 3124 high-anonymous proxy server Dec-24, 19:41
138.246.99.249: 3128 high-anonymous server Dec-24, 19:08 Germany
128.59.20.227: 3127 high-anonymous proxy server Dec-23, 19:44 United
206.117.37.5: 3127 high-anonymous proxy server Dec-24, 17:06 United
142.150.238.12: 3124 high-anonymous server Dec-23, 18:09 Canada
144.216.2.53: 3127 high-anonymous proxy server Dec-23, 19:41 United
132.239.17.225: 3128 high-anonymous server Dec-24, 18:40 United States
216.165.109.79: 3128 high-anonymous server Dec-24, 19:25 United States
169.229.50.4: 3127 high-anonymous server Dec-24, 18:39 United States
128.31.1.16: 3128 high-anonymous server Dec-24, 18:39 United States
129.170.214.191: 3124 high-anonymous proxy server Dec-24, 19:24 United
141.24.249.129: 3128 high-anonymous server Dec-24, 19:08 Germany
141.24.249.129: 3124 high-anonymous proxy server Dec-24, 18:27 Germany
128.208.4.99: 3124 high-anonymous proxy server Dec-24, 19:08 United
128.208.4.198: 3128 high-anonymous proxy server Dec-24, 18:38 United
138.23.204.133: 3124 high-anonymous server Dec-24, 18:20 United States
210.125.84.15: 3128 high-anonymous proxy server Dec-24, 19:21 Korea,
129.130.252.138: 3124 high-anonymous server Dec-24, 19:21 United
130.245.145.153: 3127 high-anonymous server Dec-24, 19:38 United
144.216.2.53: 3124 high-anonymous proxy server Dec-24, 19:32 United
169.229.50.15: 3124 high-anonymous proxy server Dec-24, 18:37 United
129.186.205.77: 3128 high-anonymous proxy server Dec-23, 19:31 United
155.98.35.6: 3127 high-anonymous server Dec-24, 18:37 United States
129.10.120.193: 3124 high-anonymous proxy server Dec-24, 19:39 United
155.98.35.6: 3124 high-anonymous server Dec-24, 19:08 United States
129.130.252.138: 3127 high-anonymous proxy server Dec-24, 19:21 United
152.3.138.2: 3124 high-anonymous proxy server Dec-24, 19:37 United
192.33.90.68: 3127 high-anonymous proxy server Dec-24, 18:35
152.3.138.3: 3127 high-anonymous proxy server Dec-24, 19:23 United
169.229.50.9: 3124 high-anonymous server Dec-24, 18:22 United States
150.65.32.66: 3128 high-anonymous server Dec-24, 19:35 Japan
143.205.172.12: 3127 high-anonymous proxy server Dec-24, 19:37 Austria
138.23.204.133: 3128 high-anonymous server Dec-24, 19:08 United States
198.133.224.145: 3128 high-anonymous server Dec-24, 18:35 United
133.11.240.56: 3128 high-anonymous proxy server Dec-24, 19:24 Japan
143.205.172.12: 3128 high-anonymous server Dec-24, 19:37 Austria
129.137.253.253: 3127 high-anonymous server Dec-24, 19:23 United
198.82.160.221: 3124 high-anonymous server Dec-24, 19:38 United States
193.167.182.132: 3128 high-anonymous server Dec-24, 19:08 Finland
130.37.198.244: 3127 high-anonymous server Dec-24, 19:35 Netherlands
150.65.32.66: 3127 high-anonymous proxy server Dec-24, 19:30 Japan
155.98.35.4: 3124 high-anonymous server Dec-24, 18:32 United States

It’s actually possible to intercept files on a network, unencrypted ones at the very least. However it is likely you will also be able to retrieve the encrypted information also, and given you have access to the cipher type or the authorisation key for the encryption you will be able to gain access to it.

This is a handy tool for any responsible admin, and of course the tool of choice for the hacker. It’s the network admins job to watch out for odd files & identify them, as much as it is the crackers/hackers choice to seruptiously wait for a *given* type of information, intercept it, log it and access it.

It’s as simple as

tcpdump -i eth1 -s0 -w rawdump host picard

Packets of course will often arrive to the interface out of order, or duplicated. Also there’s the problem of packets from one file transfer arriving inter-mixed with packets from another data transfer. Many other problems also exist to make files harder to find, so I use tcpflow to order the data.

tcpflow -r ../rawdump

You can use tcpflow to break the data down into each flow file and extract data from it, use find to accomplish this without

find ./ -exec cat ‘{}’ \; > dump

Now that everything is nicely ordered together, just run foremost and wait for it to extract the data. I could have just run foremost on the rawdump file, but that would result in incomplete and corrupted data.

Any suggestions or improvements are welcome!

Wouldn’t it be nice to make a nice little shell script out of this? Oh the joys…

Original Article Source: http://www.debian-administration.org
Many thanks for thomasl of debian-administration for this article!

Today I was browsing my favourite search engine and find a neat (and almost easy) way to configure, iptable and filter p2p network traffic with a nice little application called ipp2p (linux of course!).

Large and medium size corporate institutional networks suffer now a days from “smart” users who try to get their latest Movie/soft/Music/TVShow downloaded in their office.

Beside the moral/legal dispute these activities present the network admins with some troubles. To begin with a considerable downgrade in the network performance, and the need to comply with local policy and legal restrictions, and of course the admins needs to have full band with for they own downloads.

ipp2p is a reasonable stable product, I ‘ve use it for 2 years in a large network 4 class C networks in an university environment. Users were use to abuse the network for personal downloads, and after chasing and punishing them for some time we chose to block the traffic once and for all.

ipp2p works by recognizing patterns in the payload of packages, thus allowing the admin, to restrict, prioritize or even block, as we did, the traffic.

It has 2 components a kernel module ipt_ipp2p.o (for v2.4.x) or ipt_ipp2p.ko (for 2.6.x) and an iptables module libipt_ipp2p.so, both must be compiled from source package downloaded from the ipp2p site. (There are no packages for debian stable, testing or unstable.)

There are some thing you must take into consideration, when compiling this program under Debian since, there are some requirements involved..

The headers package for your kernel must be installed, and so must the source code of the kernel and the iptables package. (It should be able to compile with the iptables-dev package but I haven’t tried that so far.)


apt-get intall linux-kernel-header
apt-get install linux-source-(kernel version)
apt-get source iptables


(Remember to add a source repository to your /etc/apt/source.list if you’ve not already got them present.)

For the kernel there is not much trouble if you are running the standard debian kernel. If you are not doing so, you will need to ensure that the headers are accessible to the Makefile. You can either make a symlink to the kernel source directory or edit the Makefile, with your favourite editor, I’ll use joe, go to line 6 and set the appropriate path for it.

For iptables

ln -s (path_to_iptables_source)/iptables-1.3.6.0debian1/iptables /usr/src/iptables-1.3.6

For the kernel

ln -s /usr/src/linux-source-(you_kernel_version) /usr/src/linux


With these links in place you should be able to compile the ipp2p without trouble, well almost.

The first time I install this package it took some work, the second was almost impossible. As I later discovered googling around to have the Makefile working you need to change line 67 from this:

ld -shared -o libipt_ipp2p.so libipt_ipp2p.o

to this:

$(CC) -shared -o libipt_ipp2p.so libipt_ipp2p.o

Yes it is almost the same line no I dont know why, but it works..

Now you only have to install the kernel module and the iptables lib in the corresponding way.

For iptables

cp libipt_ipp2p.so /lib/iptables

Test iptables

iptables -m ipp2p --help

This should retune lots of info about ipp2p and an example ending line as follows:

iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP

For your kernel

insmod ipt_ipp2p.o
insmod ipt_ipp2p.ko [ depending on version ]
depmod -a


You should test the module by running:

lsmod | grep ipp2p

This should return:


ipt_ipp2p 6592 6
x_tables 12676 7 xt_mac,ipt_ipp2p,xt_tcpudp,ip_tables,ipt_owner,ipt_REJECT,ipt_LOG


Or something similar, depending on your kernel configuration, what matter is that the ipt_ipp2p module is present.

So now you are set to go, the only thing left is setting up your firewall rules a simple drop everything rule would be like this:

iptables -A FORWARD -m ipp2p --bit -j DROP

Taken from the README example, more complex rules may be necessary according the firewall setup.

An admin friendly rule would be like:

iptables -I FORWARD -d admin_ip -m ipp2p --ipp2p -j ACCEPT


Original Article Source: Debian-Administration
A sincere thanks to rak of debian-administration.org for such a well written article about a topic that all network admins have to think about.