RE: Hiding IP in E-Mail..

[Gedi <gediintheuk () yahoo co uk>]

More information on sending anonymous mail via
remailers:

You can use Mixmaster, a program specially designed to
send anonymous
messages in a very secure way. The software is freely
available from
<ftp://mixmaster.anonymizer.com/>. If you use Windows,
you can use the
remailer client software Jack B. Nymle from
<http://www.bigfoot.com/~potatoware/jbn/>.

Mixmaster uses a message format based on RSA and
Triple-DES
encryption. Messages are multiply encrypted and
formatted so as to
appear identical to other Mixmaster messages. Message
are sent through
chains of remailers. Each remailer removes one layer
of encryption,
and forwards the message. When the final remailer
delivers the
decrypted message to the recipient, it is impossible
to find out where
it came from, even if part of the remailers in the
chain are
dishonest. At the time of this writing, Mixmaster
remailers are
operated independently be individuals in twelve
countries in America,
Asia, Australia and Europe.

                                *


The remailer accepts PGP-encrypted messages. You can
get the public
PGP key by sending mail with Subject: remailer-key to
<remailer () gacracker org>.

If you want to send an anonymous message, first create
a file with two
colons in the first line of your message, and the line
"Anon-To:
address" in the following line. Follow that with a
blank line and
begin your message. For example:

==================================================================
::
Anon-To: beth () example org

This is some anonymous mail.
==================================================================

Then, encrypt it with the PGP key of this remailer.
Finally, send
<remailer () gacracker org> a message that begins with
two colons
and the line "Encrypted: PGP", followed by your
encrypted message:

==================================================================
From: joe () test com
To: remailer () gacracker org

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6.3i

owE1jMsNwjAUBH3gZMk9PClnUoBPUANpwElW2OBPZD8H0gd1UCP2gduuNDNfIcSH
T4zCbQmtlbzGFM9T0jSD7QVvEzaPcUlBSSWHQclbnR9YWJNp5BFSLdR9CijF3NGx
ybry/1Rsqn4la3a0JiIhLvnYGCu9HFtiC8oIxnlkeuIYe+EH
=HgDq
-----END PGP MESSAGE-----
==================================================================

The remailer will decrypt the message and forward it
anonymously. The
following e-mail would be delivered to
<beth () example org>:

==================================================================
From: Georgia Cracker Anonymous Remailer
<remailer () gacracker org>
Comments: This message did not originate from the
Sender address above.
        It was remailed automatically by anonymizing remailer
software.
        Please report problems or inappropriate use to the
        remailer administrator at <remailer () gacracker org>.
To: beth () example org

This is some anonymous mail.
==================================================================


You will often want to include a Subject or other
header lines in your
anonymous mail. You can insert header lines in the
anonymous message
by preceding them with a "##" line in the unencrypted
file:

==================================================================
::
Anon-To: jim () example org

##
Subject: Re: Twofish
In-Reply-To: Your message of "Tue, 12 Jan 1999
22:47:04 EST."
        <199901130247.WAA02761 () example com>

This reply is anonymous.
==================================================================

Even though PGP encryption is very secure, this still
leaves some
information open to attackers. For example, if someone
gets an
anonymous message whenever you have sent an encrypted
message to a
remailer, it is likely that you are the sender of
those messages.
You can instruct the remailer to delay your messages
for some time
or send it empty messages to make such analysis
harder:

If you use the line "Null:" instead of "Anon-To:", the
remailer will
discard your message. The "Latent-Time:" header causes
the remailer
to keep your message for some time before forwarding
it.
"Latent-Time: +2:00" would delay the message for two
hours. You
can use a random delay by adding "r", for example
"Latent-Time: +5:00r" would delay the message for up
to five hours.

You can, of course, use another remailer to send the
message to
<remailer () gacracker org> anonymously. For example,
take the message

==================================================================
::
Anon-To: remailer () gacracker org

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6.3i

owE1jMsNwjAUBH3gZMk9PClnUoBPUANpwElW2OBPZD8H0gd1UCP2gduuNDNfIcSH
T4zCbQmtlbzGFM9T0jSD7QVvEzaPcUlBSSWHQclbnR9YWJNp5BFSLdR9CijF3NGx
ybry/1Rsqn4la3a0JiIhLvnYGCu9HFtiC8oIxnlkeuIYe+EH
=HgDq
-----END PGP MESSAGE-----
==================================================================

encrypt it with the PGP key of the Replay remailer and
send the
double-encrypted message to <remailer () replay com>.

If you send your messages through a chain of several
independent
remailers, it will be hard to trace the anonymous
message back to
you. A much more secure solution, however, is to use
Mixmaster for
sending anonymous mail.

PGP encryption can also be used to receive mail at an
anonymous
address. Please see
<http://www.publius.net/n.a.n.html>, the home page
of the nym.alias.net pseudonym server, for more
information.

Abuse Policy:
============

I consider the following to be inappropriate use of
this anonymous
remailer, and will take steps to prevent anyone from
doing any of the
following:

- Sending messages intended primarily to be harassing
or annoying.
- Use of the remailer for any illegal purpose.


If you do not want to receive anonymous mail, send a
message
containing the line

DESTINATION-BLOCK

to <remailer () gacracker org>.

To get the remailer's public keys, send mail with
Subject: remailer-key
or see <http://anon.efga.org/Remailers/Settings> to
get the keys
of all active remailers.

You can get a list of statistics on remailer usage by
sending mail to
<remailer () gacracker org> with Subject: remailer-stats

For a copy of these instructions, send mail with
Subject: remailer-help
to <remailer () gacracker org>.

To reach the operator, direct your mail to
<remailer-admin () gacracker org>.


 --- Gedi <gediintheuk () yahoo co uk> wrote: 
> Hi,
>
> Bit late with the answer, but you can hide your IP
> when sending emails by using anonymous remailers.
> These work in a similar way to anon proxies in that
> the proxy IP will be displayed instead of yours.
> Simple server side scripts strip all headers and
> replace them.
>
> You can also chain the remailers for further
> anominity
> by giving instructions at the start of the mail.
>
> Here is a quick link I found related to the
> mastermix
> remailers.
http://www.obscura.com/~loki/remailer/remailer-essay.html
> Be careful, although this will make you anonymous to
> the general public, the authorities can still trace
> you by tracing your tracks via logs.
>
> I do have better links at work as I did some
> research
> on these. If I remember I'll forward them tomorrow.
>
> HTH
>
> Gedi
>
>
> -----Original Message-----
> From: Mark Sargent
> [mailto:powderkeg () snow email ne jp]
>
> Sent: 30 August 2003 00:04
> To: security-basics () securityfocus com
> Subject: RE: Hiding IP in E-Mail..
>
> Hi All,
>
> no, I'm not training to be a spammer. I just wish to
> hide my IP address from
> people I mail to. I don't have access to my ISP's
> mail
> server. I don't care
> about the person I'm mailing to knowing who I am,
> just
> don't want my IP
> showing, that's all. When my OE connects to a lists
> server, I don't want
> then knowing who I am. I'm just extra paranoid, I
> guess. I've just
> re-installed my OS after a lot of weird goings on,
> and
> am lookin' to tie
> down the hatch a little more. Am already using
> proxies
> for browsing and a
> good soft firewall. Am studying up on TCP/IP and am
> now looking at packet
> filtering apps and network traffic monitors
> etc..guess
> I'm also starting to
> enjoy the security side of it, as I had almost 10yrs
> in the security
> business, non PC. Anyway, thanx to all for your
> suggestions etc. Cheers.
>
> Mark Sargent.
________________________________________________________________________
> Want to chat instantly with your online friends? 
> Get the FREE Yahoo!
> Messenger http://uk.messenger.yahoo.com/
---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal,
> September 29-30 (Training), 
> October 1-2 (Briefings) in Tysons Corner, VA; the
> world's premier 
> technical IT security event.  Modeled after the
> famous Black Hat event in 
> Las Vegas! 6 tracks, 12 training sessions, top
> speakers and sponsors.  
> Symantec is the Diamond sponsor.  Early-bird
> registration ends September 6.Visit us:
> www.blackhat.com
----------------------------------------------------------------------------
>  

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------