Definition of anonymity. Determining location by IP address. What can these services find out about you on the Internet?

Checking VPN connection

Checking the VPN connection configuration

A necessary step in working with a VPN connection is to check the configuration to ensure that the system can correctly create channels on the network. Follow the steps below to test your VPN connection.

1. On the client, right-click the Company ABC VPN Connection and select Connect from the context menu.
2. Click the Connect button.
3. Click OK to accept the credentials. After this, the connection will be created.

You can check the connection using the ping command for domain controller.company.com. Because the system has passed health checks, this connection is allowed full access to all intranet resources. Follow these steps to test the connection.

1. Once the Company ABC VPN Connection is established, select All Programs-Accessories-Command Prompt from the Start menu.
2. Enter the command ping company. com and press the key .
3. A response from the IP address should appear.
4. Select Connect To from the Start menu to open the Connections window.
5. Select the Company ABC VPN Connection and click the Disconnect button.
6. Click the Close button.

NPS provides detailed connection information that was missing in previous versions of Windows. With Windows Server 2008.R2, troubleshooting your traditional VPN connections has become a simple task.

Managing unhealthy VPN clients

In the example above, everything went smoothly and there were no performance issues. But if the client does not pass such a test, then the inoperative elements must be restored. The health check you configured earlier checks to see if Windows Firewall is enabled. To check recovery options, turn off the Windows Firewall and connect again.

1. On the VPN client, select Control Panel from the Start menu.
2. Click Security.
3. Click Windows Firewall.
4. Click Change Settings.
5. Select the Off (Not Recommended) radio button and click OK.

Readers of Complitra ru are already familiar from our articles with various VPN services, their purpose and some of the nuances that are now so necessary for safe and somewhat free use of the Internet - without any restrictions or censorship of the web.

Today we will talk about the fact that not all providers (vpn providers) can provide (or ensure) a stable and high level of unconditional security on the Internet.

Let's consider the most important aspects so necessary for a respectable user: let's learn how to check your VPN service for the presence of “cipher voids”; Let’s find out what is important to pay closer attention to: we are only talking about what each user can easily check on their own and understand how reliably they are protected by the VPN service.

Apply - do not use a secure connection via the https - ssl protocol

Text by points:

For those readers who have just wondered about vpn - and this article seems to be something that is not clear, I give the most useful links, by clicking on which you can find out - there, by the way, it discusses in more detail what an SSL connection is... and in general terms below in the text .

I don’t give links to dubious (unscrupulous VPN services), because you yourself, having learned from this article how to check the quality of VPN providers, can easily identify the scoundrels...

secure connection via https - ssl protocol

As sad as it is, I must report that after some tests I carried out, it turned out that several, in general, “not sickly” resources of VPN companies providing advertised services... (don’t be too surprised) still work using the http protocol.

Using an http connection is very good. unsafe(link to article-description just above)! this kind of mess of past technologies makes it possible to easily intercept encryption keys, and, as a sad consequence, to decrypt the Internet traffic of any user of their services.

Today! An important component of the security of the site (and its user) is the indispensable use of the https protocol - “it” uses SSL certificates, which allow you to protect the receipt/transmission of keys... configuration files delivered from the vpn provider to the user.

But for all kinds of protections, there are so-called individual or general encryption keys... More on that below...

individual or shared encryption keys?

Let's call it this - the mistakes - of the VPN providers were like this: many of the services distributed a single key to many servers (and therefore users) - in fact, the user was only protected by the authorization process using a login and password!

Needless to say, in the event of a login and password pair being hacked, the intercepted key (data) allows one to reliably decrypt the client’s (user’s) Internet traffic. Other "Bender" companies simply use different encryption keys for an individual user, but with the same key for all servers. Famously!? ...and you say services/services...)

Only the individuality of the key (for each user) and the server allows for strong protection.

However, the “firms” do not stand still and offer their own branded services!

identified vulnerabilities of “branded” VPN clients

By stipulating the conditions, VPN companies offer their branded VPN clients: no doubt! a branded client is always simpler (in implementing protection) and faster in time, however, it is not always logically safe.

As mentioned, some unscrupulous VPN companies, which still use an unencrypted HTTP connection to the server, recklessly use this negotiation in their branded clients. The whole point of the danger lies in the lack of encryption of the process of receiving/receiving configuration files, etc. - the result is eloquent: keys and configuration files are easily intercepted by third-party scammers and can be used against us - all Internet traffic.

...does “our” client use encryption of data reception/transmission, very easily with the help of various programs - sniffers. They are used by hackers, and as you know - “like with like” - if these programs allow you to intercept traffic, then they will help identify vulnerabilities!.. simply, if you manage to find “configuration secrets” cipher keys, then the service is “rotten” in taste.

Everything is clearly visible in the traffic code that the program provides!

changing the key as security for users

In the process of working on a network (on a computer), with a high degree of probability, various situations arise with the loss of secret keys: either the words of a virus... hacking... or the banal loss of a device - for these reasons, avoiding situations of unintentional “deception” of the user, a decent VPN provider offers the user has the option of changing keys without any loss of the “authorized” subscription.

Moral: as soon as suspicions creep in regarding personal information security, it is definitely recommended to change the VPN keys.

Maintaining and storing logs of Internet work

Keeping and storing logs will provide an information field for the user (to identify errors) of a particular VPN provider.

This should not be forgotten! since maintaining and remembering/storing logs will allow you to observe the client’s actions on the Internet and his real IP address.

Important!

A VPN representative can thoroughly prove that there is no logging on their (??) server only if he provides full root access (to the client as the administrator of his account, let’s say) for its full verification and control of what is called his own.

how to find out if a VPN is used fingerprint (fingerprint) - in other words, using a VPN

Modern IT technologies make it easy to determine whether a user is using a VPN!? or not...

For the most part, VPN providers do not hide the digital fingerprint of the user. All this is easy to test... //2ip.ru/privacy/

Are encryption algorithms secure?

As it turns out from the article (or rather, by testing), the vast majority (I’m not afraid of this word) of unscrupulous providers use unreliable encryption methods, and this saves the resources of their server. And sometimes, though not often, they do not disdain PPTP, and this has a wide range of vulnerabilities.

You should remember and not forget this circumstance - what technology/encryption algorithms does your VPN provider use?

If anything is not clear and you still have questions, share them in the comments...

With similar functionality, which I recently wrote.

The main idea is to determine whether the user is hiding while surfing the Internet or not, and, if possible, find out his real IP address. There are several interesting features that I have never seen anywhere (two-way ping, matching DNS leak/ISP pairs).

I wanted to have a kind of checklist at hand that would answer whether you are “scorched” or not? At the moment, the list consists of 12 verification methods, which will be discussed below, including how not to fall for them, but first, the simplest ones in order.

HTTP proxy headers

Make sure that the proxy server, if it writes anything in the headers listed below, is at least not your address:

HTTP_VIA, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED, HTTP_CLIENT_IP, HTTP_FORWARDED_FOR_IP, VIA, X_FORWARDED_FOR, FORWARDED_FOR, X_FORWARDED, FORWARDED, CLIENT_IP, FORWARDED HTTP_PROX, Y_CONNECTION

Open HTTP proxy ports

The most interesting ports are 3128, 1080, 8123. If you do not use them, then you can completely avoid unfounded suspicions about using 3proxy, SOCKS 5 or Polipo.


Open web proxy ports

Is the web page being given away? Great! At the moment we can detect PHProxy, CGIProxy, Cohula and Glype.

Suspicious hostname

You shouldn't link domain names to your personal VPN, and if you do, you should avoid "speaking" names.

Difference in time zones (browser and IP)

There is a difference? This means the user is probably hiding.

For Russia there is no exact base of latitude and longtitude for regions, and since there are many time zones, in the end result we do not take these addresses into account. With European countries it’s the other way around; they are very good at firing.

When switching to a VPN, you need to remember to change the system time, change the time in the browser, or work with Russian proxies.

IP affiliation with the Tor network

Nothing criminal, but the fact that you are hiding is not very encouraging.

Browser Turbo Mode

As a rule, such services also leak your real address in the headers. As a means of anonymization, you should not rely on traffic compression.

Web proxy definition (JS method)

Web proxies are not reliable in principle, so it is better to bypass such anonymization methods completely.

IP leak via Flash

By running a special daemon that logs all incoming connections with tag keys, you can learn a lot. The best way to avoid revealing your address is to not use Adobe Flash at all, or disable it in your browser settings.

Tunnel detection (two-way ping)

Of course, the routes there and back may differ, or the web server may be a little slow, but overall the accuracy is quite good.

The only way to protect yourself is to deny ICMP traffic to your VPN server.

DNS leak

The next step was to collect statistics on several million users, who uses what DNS. We linked to providers, discarded public DNS and received a list of DNS/ISP pairs.

Now it’s not at all difficult to find out if a user introduces himself as a subscriber of one network, but uses DNS from a completely different one.

The problem is partially solved by using public DNS services, if this can be called a solution.

Leak via VKontakte

More details can be found in the documentation here

Previously, we described a rather smart way to leak your real IP address using the protocol. In addition to this method, there are also other methods for determining your real IP address. Today we will tell you about the basic principles of ensuring your security and anonymity on the Internet.

http://witch.valdikss.org.ru/ - allows you to determine what type of connection you are using and whether you are using a VPN.

http://2ip.ru/privacy/ - allows you to collect a lot of additional information about your browser, connection type and IP address.

https://diafygi.github.io/webrtc-ips/ - determines your IP address using the WebRTC protocol.

We have selected a kind of checklist for you that would answer whether you are “scorched” or not? At the moment, the list consists of 12 verification methods, which will be discussed below, including how not to fall for them, but first, the simplest ones in order.

HTTP proxy headers

Some proxies append their headers to the request that the user's browser initiates. Often this is the user's real IP address.

Make sure that the proxy server, if it writes anything in the headers listed below, is at least not your address:

HTTP_VIA, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED, HTTP_CLIENT_IP, HTTP_FORWARDED_FOR_IP, VIA, X_FORWARDED_FOR, FORWARDED_FOR, X_FORWARDED, FORWARDED, CLIENT_IP, FORWARDED HTTP_PROX, Y_CONNECTION

Open HTTP proxy ports

The IP address from which the request to our page came can say a lot. For example, can you see what ports are open on that side?

The most interesting ports are 3128, 1080, 8123. If you do not use them, then you can completely avoid unfounded suspicions about using 3proxy, SOCKS 5 or Polipo.

Open web proxy ports

As with HTTP, a web proxy can be set to any port, but we wanted the test to work very quickly, so we limited ourselves to the reverse connection to ports 80 and 8080.

Is the web page being given away? Great! At the moment we can detect PHProxy, CGIProxy, Cohula and Glype.

Suspicious hostname

Having an IP address, you can try to resolve the client’s hostname. Stop words that may hint at a tunnel: vpn, hide, hidden, proxy.

You shouldn't link domain names to your personal VPN, and if you do, you should avoid "speaking" names.

Difference in time zones (browser and IP)

Based on GeoIP data, you can find out the country by the user’s IP, and therefore his time zone. Next, you can calculate the time difference between the browser and the time corresponding to the time zone of the VPN server.

There is a difference? This means the user is probably hiding.

For Russia there is no exact base of latitude and longtitude for regions, and since there are many time zones, in the end result we do not take these addresses into account. With European countries it’s the other way around; they are very good at firing.

When switching to a VPN, you need to remember to change the system time, change the time in the browser, or work with Russian proxies.

IP affiliation with the Tor network

If your IP address is a Tor node from the list check.torproject.org/cgi-bin/TorBulkExitList.py, congratulations, you're burned.

Nothing criminal, but the fact that you are hiding is not very encouraging.

Browser Turbo Mode

By collecting the IP address ranges of Google, Yandex and Opera, and comparing them with the user address, we can assume the use of traffic compression services in the browsers of the corresponding companies.

As a rule, such services also leak your real address in the headers. As a means of anonymization, you should not rely on traffic compression.

Web proxy definition (JS method)

By comparing window.location.hostname with the host of the requested page, you can determine whether a web proxy is being used.

Web proxies are not reliable in principle, so it is better to bypass such anonymization methods completely.

IP leak via Flash

Adobe Flash works very well past custom proxies. By initiating a connection to our server, you can find out the user’s IP.

By running a special daemon that logs all incoming connections with tag keys, you can learn a lot. The best way to avoid revealing your address is to not use Adobe Flash at all, or disable it in your browser settings.

Tunnel detection (two-way ping)

By running a ping to the client IP from our server, you can find out the approximate length of the route. The same can be done from the browser side, XMLHTTPRequest pulls an empty page of our nginx. The resulting loop difference of more than 30 ms can be interpreted as a tunnel.

Of course, the routes there and back may differ, or the web server may be a little slow, but overall the accuracy is quite good.

The only way to protect yourself is to deny ICMP traffic to your VPN server.

DNS leak

Finding out which DNS the user uses is not a problem; we wrote our own DNS server, which records all calls to our uniquely generated subdomains.

The next step was to collect statistics on several million users, who uses what DNS. We linked to providers, discarded public DNS and received a list of DNS/ISP pairs.

Now it’s not at all difficult to find out if a user introduces himself as a subscriber of one network, but uses DNS from a completely different one.

The problem is partially solved by using public DNS services, if this can be called a solution.

Leak via VKontakte

This is not a leak of an IP address, but we still believe that by giving away the names of authorized users to everyone left and right, VK is leaking private data that undermines the anonymity of surfing.

More details can be found in the documentation here

Do you want to find out as much information as possible about your Internet provider and Internet network settings? Don't know how to determine your IP? Then you should visit the online anonymity verification service whoer.net. With its help, you can find out all the information that your computer transmits to the Internet.

Using this service, you can find out not only your IP address, but also the name of the provider company, system and language settings of your personal computer, information about the browser, included scripts and add-ons.

In order to find out this information, just go to the website www.whoer.net and view the automatically generated report about your system. Note that the resource has two versions - light and advanced.

In addition, you can view data not only on your computer, but also on the computer of another user by entering his IP address in a special line.

Easy version

As already mentioned, the service has two versions. When you go to the site, information collected by the light version of the program is displayed. Using it, you can find out information such as:

• IP address;
• country (region, city, zip code) where this address is registered;
• host used;
• provider and organization providing communication services;
• DNS address;
• Finding an address on blacklists;
• using a proxy;
• time settings. This includes local and system time, time zone.
• The browser currently used, its settings such as language and JavaScript

extended version

You can find out more detailed information about your device by selecting the advanced version. After this, you will have access to information such as:

• IP address;
• host used;
• provider mail server;
• name of the organization and provider company;
• presence of IP in blacklists;
• using a proxy;
• use of anonymizers.

In addition, the interactive definition column will offer you information such as:

• using Java;
• use of Flash;
• Browser DNS;
• information about the computer's OS.

The location block offers you to familiarize yourself with the following data:

• the country in which the IP is registered (this also includes clarifying information - continent, city, region and even zip code);
• wide and long;
• indication of the place of registration on the map;
• system time (local and system);
• Timezone.

In addition, information about the screen is displayed - color depth, height and width.

Additional information:

• use of plugins;
• navigation tools.

Other options

You can also check any existing address by entering it in the line. This will make available the following data:

• country (region, city, index);
• host;
• name of provider and organization;
• presence on black lists;
• Timezone.

As you can see, with the help of this program you can quickly find out basic information not only about your PC and provider, but also find out information on other IP addresses.