/etc/hosts and hosts.deny question

ilan1 · 03-02-2006, 12:22 PM

Sometimes, when I am surfing the web, I will use an anonymous proxy but
I can tell that the site I am visiting knows my IP through various javascript
and other tricks.

Is there an easy way to use /etc/hosts and/or hosts.deny so that ALL the
traffic on my machine is forced to go through the proxy?

Thank you.

Ilan

uteck · 03-02-2006, 01:11 PM

/etc/hosts just lets you assign a name to an IP, and using hosts.deny will not work since the javascript is running over port 80, so would have to block it which means no web access to that site.
Your best bet would be to turn off javascript.

win32sux · 03-02-2006, 06:22 PM

if you use the firefox web browser, then the noscript extension might come in handy for this kinda thing: http://www.noscript.net/

however, keep in mind that sometimes javascript can give the appearance that a site knows your IP, when in reality it doesn't - it's just the script running locally on your box which is printing your IP...

ilan1 · 03-04-2006, 03:04 PM

Quote:

Originally Posted by win32sux

if you use the firefox web browser, then the noscript extension might come in handy for this kinda thing: http://www.noscript.net/

however, keep in mind that sometimes javascript can give the appearance that a site knows your IP, when in reality it doesn't - it's just the script running locally on your box which is printing your IP...

No, I had disabled all cookies and booted using a Knoppix
live CD (i.e. a completely fresh O/S) and the site actually
was able to query a DB on the back end which proved to me
that they were able to see my IP despite the proxy.

I checked with www.stayinvisible.com and there were no extraneous
HTTP headers which sent my real IP. I was thinking that maybe
I could use iptables to drop all the traffic except those
going to the proxy?

I had asked about this in another thread, but the iptables
rule just slowed my system down like crazy. I did not understand
why, probably because of timeouts?

Ilan

win32sux · 03-04-2006, 05:28 PM

Quote:

Originally Posted by ilan1

No, I had disabled all cookies and booted using a Knoppix
live CD (i.e. a completely fresh O/S) and the site actually
was able to query a DB on the back end which proved to me
that they were able to see my IP despite the proxy.

okay, but i'm not sure why you had to use knoppix, though...

Quote:

I checked with www.stayinvisible.com and there were no extraneous
HTTP headers which sent my real IP.

you mean directly or through the proxy?? cuz this kinda sounds like the proxy might be sending the X-FORWARDED-FOR header instead of omitting or spoofing it... unless you have control over the proxy i don't think you can do anything about that...

Quote:

I was thinking that maybe
I could use iptables to drop all the traffic except those
going to the proxy?

yes, this can be done...

Quote:

I had asked about this in another thread, but the iptables
rule just slowed my system down like crazy. I did not understand
why, probably because of timeouts?

well, i'm not sure... anyways, here's what your OUTPUT rules might look like if you wanted traffic to only go out to the proxy:

Code:

iptables -F OUTPUT

iptables -P OUTPUT DROP

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -p TCP -o $WAN_INTERFACE -d $PROXY_IP \
--dport $PROXY_PORT -m state --state NEW -j ACCEPT

i think you wouldn't need to use any DNS since your are using the proxy, right?? well, if you do need to be able to query your ISP's DNS servers then just append a rule for that:

Code:

iptables -A OUTPUT -p UDP -o $WAN_INTERFACE -d $DNS_IP \
--dport 53 -m state --state NEW -j ACCEPT

oh, and BTW: if you wanna see which connection attempts are being made by your box when you go into the website, just append a LOG rule to the end of the OUTPUT chain... this way you'll know for sure if the website was indeed getting your IP by triggering a connection:

Code:

iptables -A OUTPUT -j LOG --log-prefix "OUTPUT DROP: "