Cyber criminals will aim to hide their IP public address – the one that can
identify them on Internet – while they won’t care too much about the local
address, since they will have already wiped their MAC Address, so any data
within the local network will not betray them. As you already know, the local IP
address is assigned by a router and is not enough to identify the computer owner,
unlike the MAC Address.
It’s worth mentioning that experienced cyber criminals will mostly never
work from their home or a nearby network: despite all precautions put in place,
they perfectly know they must hide every single trace or evidence, including the
“borrowed” network connection used for their attacks. Therefore, they will rely
to one of the oldest IT tools: Proxies. Proxies (technically, open proxies) are
servers – called proxy servers – which can perform different operations:
1) Provide anonymous navigation
2)Copy web pages
3) Run software-level filtering,acting like a Firewall
Proxy types
As we mentioned above, there are many types of proxies, according to
different purposes and design specifications. Although it would be useful to
understand how they can be smartly used in server infrastructures, here we will
only explain the differences in the scope of anonymous navigation.
Proxy HTTP/HTTPS
As we can tell, HTTP/HTTPS proxies can filter information within the HTTP
protocol and its secure form, HTTPS. In short (at least, for now) let’s say that
HTTP is a communication protocol designed to parse information at the World
Wide Web level. It’s the most popular protocol and has two forms:
1) HTTP (not encrypted)
2)HTTPS (SSL/TLS encrypted)
When it comes to HTTP proxies, they are the most popular and easy to find,
since servers only have to manage such protocol, and then optimize their
machines for that single task.
Compared to SOCKS (that we will covershortly),
they are usually more responsive but, naturally, restricted to their protocol. In
turn, such types of proxies are broken down into sub-categories according to
their “quality”. Although each agency distributing proxies use their own
evaluation criteria, we conventionally distinguish 3 levels:
- Non anonymous proxies: they don’t mask the original IP and usually add a
single string to headers (data sent in packages) to the recipient se rver.
- Anonymous proxies: they mask the IP address but alternate headers to the
SOCKS4 Proxies
Using a proxy supporting the SOCKS4 protocol instead of HTTP/HTTPS,
you can reroute any TCP-based data, and it is a huge benefit. This essentially
means that you can filter the World Wide Web services – naturally based on TCP
as well –but also the whole range of protocols supporting this kind of service.
You can also find a variant named SOCKS4a.
SOCKS5 Proxies
Quite identical to the previous one, SOCKS5 can also reroute data on the
UDP protocol, making it the safest proxy de facto. Furthermore, SOCKS5
protocol allows the proxy owners to enable an internal authentication system as
well as the IPv6 support.
Then, you can use SOCKS5 proxies with any type of
software that uses an Internet connection, such as mail, chat, p2p programs, etc.
It is the direct evolution of SOCKS4 protocol.