topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:20 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Question about setting up a Tor router  (Read 6231 times)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Question about setting up a Tor router
« on: April 12, 2011, 06:35 PM »
So I've been hearing a bunch of stuff about this Tor thing, and I started to get curious. I did a bit of poking around on their site but it seems that it's mainly (or only) a client side type widget. Is there a way of setting up a Tor (Onion Router?) at the border of a network so that all (or rather most) of the client traffic can be sent/routed out through it?

I was thinking of setting this up as a (some flavor of) Linux box on the edge of my home lab. Is this do-able?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #1 on: April 13, 2011, 12:28 AM »
Yes, it's possible, but why would you want to? It will slow down your transfers a lot.

If you could get the TOR client to act as a proxy server, then route everything through that, tada!

If you're looking for anonymity, try www.iPredator.se. It's a VPN with no client records kept. They don't keep payment info, and they don't keep logs. It also slows down though. But it's easy.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #2 on: April 13, 2011, 12:29 AM »
I should add that I've only read about doing that with TOR, and not done it myself.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #3 on: April 13, 2011, 06:51 AM »
Yes, it's possible, but why would you want to?

Primarily curiosity.

It will slow down your transfers a lot.

Anytime encryption is involved, I assume performance will be sacrificed (that's just the nature of making any given workload bigger than it was to start with). Out side of that, is there and additional performance hit?

If you could get the TOR client to act as a proxy server, then route everything through that, tada!

 think I'm missing the distinction. A proxy is/would be at the network edge anyhow ... So why not just make it the router and then let the servers (only) bypass the Onion part?

If you're looking for anonymity, try www.iPredator.se. It's a VPN with no client records kept. They don't keep payment info, and they don't keep logs. It also slows down though. But it's easy.

I don't really have anything specific to hide ... I'm just curious about the technology ... And was thinking of doing some "Live Fire" testing with it.

 I've also been seriously thinking of switching ISPs (to a fiber connection) and a Linux box flavored router solution might be fun when I do it.

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,776
    • View Profile
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #4 on: April 13, 2011, 08:33 AM »
to a fiber connection

I'm green with envy.
[weeping]Locked in to the world's most expensive, yet slow, satellite service here [/weeping]

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #5 on: April 13, 2011, 08:52 AM »
This is such a fun topic that I must grab myself another vodka before starting in on it...

Back! :)

Yes, it's possible, but why would you want to?

Primarily curiosity.

It will slow down your transfers a lot.

Anytime encryption is involved, I assume performance will be sacrificed (that's just the nature of making any given workload bigger than it was to start with). Out side of that, is there and additional performance hit?


Yes. The way the network works is to route traffic through many clients. This slows down traffic much more than a normal connection.


If you could get the TOR client to act as a proxy server, then route everything through that, tada!

 think I'm missing the distinction. A proxy is/would be at the network edge anyhow ... So why not just make it the router and then let the servers (only) bypass the Onion part?


However you work it out, your LAN connects to the WAN. TOR acts to route traffic through its network on the WAN. So no matter what, if you're using it as a proxy from inside the LAN or setting it up as a kind of router, the effect is the same.


If you're looking for anonymity, try www.iPredator.se. It's a VPN with no client records kept. They don't keep payment info, and they don't keep logs. It also slows down though. But it's easy.

I don't really have anything specific to hide ... I'm just curious about the technology ... And was thinking of doing some "Live Fire" testing with it.


It's been a while, but I think you can do what you're looking to, but again, if I remember properly, you'll need some C++. The source is available.

Check out the bottom of the download page:

http://www.torprojec...oad/download.html.en

They have a lot of information there that can provide hints on how it works and insight into what you're looking to do.


I've also been seriously thinking of switching ISPs (to a fiber connection) and a Linux box flavored router solution might be fun when I do it.


I also weep... with jealousy... I used to live in Gangnam Gu in Seoul, with the fastest residential connections on the planet... and I miss them terribly... :( ;-(


Anyways, I hope that helps point in the right direction somewhat.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #6 on: April 13, 2011, 09:00 AM »
ACK~!

In all my excitement and vodka, I forgot to mention a critical fact...

TOR is not encryption. It is anonymous. You need to provide your own encryption over the network. This is really important and a common point of confusion with TOR.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #7 on: April 13, 2011, 01:16 PM »
Hm, isn't there any encryption going on between the TOR nodes? Thought there was. Nevertheless, you do need SSL/whatever, otherwise some nodes inbetween could be sniffing traffic. Also, google around a bit, there's various attacks against TOR - it's not 100% security.

TL;DR: if you're doing anything risky (whistleblowing, hacking, or just about anything in China) you'll need to combine TOR with access from "somewhere not home" - preferably public or "borrowed" WiFi with a cloned MAC.

As for encryption overhead, it wouldn't be noticeable unless you had sick bandwidth - more than a saturated 100mbit link. And since TOR goes through a lot of little-guy home links, you'll be lucky to see 100kbyte/s.
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #8 on: April 13, 2011, 06:40 PM »
This is such a fun topic that I must grab myself another vodka before starting in on it...

Back! :)

Vodka! Uh oh...  :D


Yes, it's possible, but why would you want to?

Primarily curiosity.

It will slow down your transfers a lot.

Anytime encryption is involved, I assume performance will be sacrificed (that's just the nature of making any given workload bigger than it was to start with). Out side of that, is there and additional performance hit?


Yes. The way the network works is to route traffic through many clients. This slows down traffic much more than a normal connection.

So we get traffic shaping backwards, and all the messangers are on tricycles. Well that sucks.


If you could get the TOR client to act as a proxy server, then route everything through that, tada!

 think I'm missing the distinction. A proxy is/would be at the network edge anyhow ... So why not just make it the router and then let the servers (only) bypass the Onion part?


However you work it out, your LAN connects to the WAN. TOR acts to route traffic through its network on the WAN. So no matter what, if you're using it as a proxy from inside the LAN or setting it up as a kind of router, the effect is the same.

So... Either way it still sucks the same - Which is where I was at before. You threw me with the Tada ... But I'm guessing that's a because you can shut it off Tada...Yes?


I also weep... with jealousy... I used to live in Gangnam Gu in Seoul, with the fastest residential connections on the planet... and I miss them terribly... :( ;-(

I set up a client's network on it, selected a workstation at random, ran a speed test, got 35Mbps, aaannd almost shit myself.

Anyways, I hope that helps point in the right direction somewhat.

Yes, you talked me out of it. Thank you.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #9 on: April 13, 2011, 06:52 PM »
Hm, isn't there any encryption going on between the TOR nodes? Thought there was. Nevertheless, you do need SSL/whatever, otherwise some nodes inbetween could be sniffing traffic.

That's the impression I had also. The SSL/VPN is/was only for the last mile when traffic hits the Tor exit point.

Also, google around a bit, there's various attacks against TOR - it's not 100% security.

hehe What is these days...  :D

TL;DR: if you're doing anything risky (whistleblowing, hacking, or just about anything in China) you'll need to combine TOR with access from "somewhere not home" - preferably public or "borrowed" WiFi with a cloned MAC.

I keep my hacking activities restricted to networks I've been authorized to penetrate. ;)

As for encryption overhead, it wouldn't be noticeable unless you had sick bandwidth - more than a saturated 100mbit link. And since TOR goes through a lot of little-guy home links, you'll be lucky to see 100kbyte/s.

To be fair I am reflexively a bit harsh regarding encryption. But it just irks me when it keeps being pitched as a security magic bullet. Seen too many $3,000+ C2G VPN setups that took the (4 digit) street address (or worse) as a pass key.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #10 on: April 13, 2011, 10:27 PM »
Looks like TOR has been updated significantly:

https://www.torproje...tml.en#KeyManagement

Encryption: first, all connections in Tor use TLS link encryption, so observers can't look inside to see which circuit a given cell is intended for. Further, the Tor client establishes an ephemeral encryption key with each relay in the circuit, so only the exit relay can read the cells. Both sides discard the circuit key when the circuit ends, so logging traffic and then breaking into the relay to discover the key won't work.

My information about TOR not being encrypted is no longer applicable. If you're using a very old version, then it's right. I recall some government agency somewhere had passwords stolen because of that. I forget the details though.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Question about setting up a Tor router
« Reply #11 on: April 14, 2011, 12:00 AM »
Are you sure that hasn't been because whoever have been able to snoop at the endpoints?
- carpe noctem