Filter Anonymous Internet Requests
Following on from my previous post on how countries (and indeed companies, schools etc) filter your internet access – we’ll move to the next general method – TCP/IP header filtering. This method is actually the simplest, cheapest and the easiest to implement.
The concept relies on the fact that an IP packet consists of two distinct parts – the header and the data carried by the packet. IP is actually an a connectionless protocol which means that it does not contain any information on the state of a connection. Each datagram is independent and as such must contain all the information in the header for it to be delivered independently.
So without getting too technical, the header in each individual IP segment contains the source and destination IP addresses required for the packet to be delivered. The devices which most rely on this header are the routers and switches which relay information across the internet and internal networks. A router will inspect each header for every packet that passes through it in order to send it onwards to its destination.
What’s in an IP Address Header?
An IP address header contains a variety of important information, including the source and destination IP addresses, the protocol type, the packet size, and the IP version number. It also includes a checksum for verifying the integrity of the data, and the TTL (time-to-live) value. Additionally, the IP address header may also contain additional headers for options, like Quality of Service (QoS) or security.
Packet Analysis
These packets contain you web requests and surfing data and so can be used to control your access to the internet. So, a very simple method of internet filtering, is to merely instruct gateway routers to drop all packets destined for a specific IP address. So, for instance if your only concern was to block access to Facebook, then all you would have had to do is find out all the IP addresses of Facebook servers and add these to a blacklist on the router.
This actually works very well, but it can also cause problems in some cases as all services will be blocked on that IP address. For instance if you want to send an email which was directed to that server it would also be blocked. This rather blunt method can be refined slightly by specifying a port as well as an IP address (normally the default port for most web servers – 80).
There are other issues as many countries have also discovered if you block IP addresses like this. The problem is that it’s not quite so simple that one web site will have one IP address. In fact in these days of distributed computing you’ll find that services and web sites will be spread across multiple IP addresses and servers. So if you try and block an IP address related to YouTube for instance, you’ll also end up breaking other Google applications such as analytics, webmaster tools which was exactly happened earlier this year in Turkey.
The other major problem of course is that IP addresses change, they are not always going to stay associated with the same web sites. One minute you can be blocking one web site, but a week later you might find you’re blocking something completely different on that IP address (whilst unblocking the original website).
How to Filter Anonymous Internet Requests?
- Configure the firewall to block requests from anonymous proxies: Firewalls can be configured to block requests from anonymous proxies. This can help reduce the amount of anonymous requests that reach your network.
- Use web application firewalls: Web application firewalls (WAFs) can be used to block requests from anonymous IP addresses. WAFs can also detect and block malicious requests, such as SQL injection attempts.
- Implement IP reputation services: IP reputation services can help determine which IP addresses are associated with malicious activity. This can help you identify and block malicious requests from anonymous IP addresses.
- Implement rate-limiting policies: Rate-limiting policies can help reduce the number of requests from anonymous IP addresses by limiting the number of requests that can be made in a given time period.
- Utilize honeypots: Honeypots can be used to detect and monitor malicious activity from anonymous IP addresses. Honeypots can also be used to track an attacker’s movements and activities.
Remember if you block anonymous internet requests automatically this reduces the amount of time and minimizes risk.
So how can you bypass this particular mode of internet filtering?
Well, it’s actually quite easy, depending on how it’s set up. The key is that the destination IP address is the only thing that is being checked so if you change this then the packet will be allowed through. This is one of the only circumstances where you can use a standard proxy to beat internet filtering, because if you connect to a proxy server that will be the destination in the TCP/IP header. So, unless the proxy server IP address is in the blocked list on the router it will actually be allowed through. So, if you find a free web proxy online and just surf through that then your web surfing should be unfiltered.
There is one other thing to remember when using this method and why you’ll probably be restricted to surfing using a web proxy in a frame or window. Most companies and education networks will add another setting to further reject all traffic on port 80 unless it is directed through the approved proxy server. This adds another layer of defence to stop people just routinely using an alternative proxy server and ensuring they can also filter URLs on their own proxies. This will be configured on a gateway router or the firewall protecting the internal network from the internet. To bypass this, you either have to surf out through another port or tunnel through the approved proxy as Identity Cloaker is able to do.
If you’re setting up your own external British proxy or VPN then consider using Port 443 which will rarely be blocked completely as it is needed for HTTPS sessions.