WinGates and other proxy-like servers JohnSmith wintermute98@yahoo.com wingate, proxy, cache, gateway, spoof, spoofing, riding, ip, internet protocol This article is about Wingates and IP Riding. What is WinGate? A WinGate a popular Internet product created by a New Zealand software manufacturer, called Firefly, Ltd. What the program essentially is, is an inexpensive, fully-featured Firewall/Proxy server. It runs on any PC with windows 95/98 or NT (there is a similar program for Macs called Vicom Internet Gateway). It makes a connection to the Internet and can give all other machines access to the Internet in your LAN. There-in lies it's popularity. Any small business can get Internet access services for all the machines on its LAN with no more of an investment than a WinGate, a cheap Pentium, a 56k modem, a 100/baseT card, and an Internet account. How how can this WinGate let us "ride"? Well besides being a proxy server, it has other facilities like: * SOCKS V5 Server * WWW Proxy * HTTP Caching * Accounting * Auditing / Logging * Policies and Rights * FTP Gateway * Telnet Gateway * VDOLive Proxy * POP3 Proxy * Real Audio Proxy * Mappped Links * Dial On Demand Now notice that there is a Telnet Gateway. There lies our potencial "ride" because it allows telnet clients to connect to remote servers (all you have to do is telnet to port 23 of the wingate's server and it will give you a prompt such as 'WinGate>'. You can then use it to bounce yourself across the net. The difference between using a WinGate and telneting from a personal shell, is that the WinGate doesn't need to set the Telnet Gateway with an access password so anyone can access a WinGate by doing nothing more than telnetting in. And from there you can telnet back out from the site to any other location and it will appear as if all comunications are originating from the WinGate host rather than your own. Isn't it cute? So if you find a WinGate and its configuration is left at default then you can telnet in and telnet back out. What is the bad side to WinGates? The first problem is that a WinGate can be configured to log the IPs (or locations) of incoming users (that means that everything you do at the WinGate will be saved in a file, as well as your personal Internet Protocol Address). But, this option is off by default and the LIFE version of this package doesn't even have a logging function. You might be asking yourself, "Why should I use a WinGate, especially if by nature Wingates are lagged and quite slow? well the dumbest reason would be if you want to get onto a server you have been banned from, for example: IRC. On the other hand, if you have brains I'm sure you will find some more useful reasons to hide you IP. remember that if you are traced back to your ISP, then their logs will be able to tell the victim who you are, where you live and when you are taking a shower (of course you can avoid it by using someone else's account. But if you are NOT too lucky they can catch you by using caller-id. There are some ways of hiding your number but that depends on the country / area you live in). Resuming, the two simplest ways of IP-riding are: Using a Wingate or shell account. There are other ways: One of these is the Blind spoofing which involves sending specially altered packets to the target computer. The packets will appear to have originated from the spoofed source. This is extremely difficult. You are blind, so you can't see what response the server sends out as it will be sent to the spoofed address. Also raw access to the network ports is needed for this and can only be done on a Unix machine.