Results 1 to 6 of 6

Thread: Tor- The Onion Router

  1. #1

    Default {Staying anonymous}Tor- The Onion Router

    Code:
    torproject.org/
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

    Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going.

    To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.

    Once a circuit has been established, many kinds of data can be exchanged and several different sorts of software applications can be deployed over the Tor network. Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination. Tor only works for TCP streams and can be used by any application with SOCKS support.

    For efficiency, the Tor software uses the same circuit for connections that happen within the same ten minutes or so. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.

    Hidden services

    Tor also makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using Tor "rendezvous points," other Tor users can connect to these hidden services, each without knowing the other's network identity. This hidden service functionality could allow Tor users to set up a website where people publish material without worrying about censorship. Nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it. Learn more about configuring hidden services and how the hidden service protocol works.

  2. #2
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    If you have the time to watch this video, the author of sslstrip talked briefly
    about how he sniffed information of the tor users by acting as a tor exit
    node. It is quite scary how ignorant some of the tor users are, and how easily sniffing tor is actually done. Start a Tor Relay, Open Ettercap. 2 simple steps which will guarantee a heck lot of passwords. Not that I tried...

    Always remember that Tor is secure for the purpose it was made for. In protecting your anonymity by encrypting all the traffic between the TOR nodes and masking your ip address for the final destination. Nothing else!
    - Poul Wittig

  3. #3
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Peeling Onion and more was originally a research made by FortConsult.

    Though recently a lot of security issues has been found as well. Such a shame.
    I used to like Tor when it wasn't slow once, but yeah the problem are the exit nodes unfortunately.
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  4. #4

    Default

    It would be more helpfull to keep someone on the local lan or your ISP from knowing what sites you are visiting. Anyone with any common sense should know not to access anything sensitive over tor...
    "You can get more with a kind word and a gun than you can with a kind word alone."
    - Al Capone

  5. #5
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    DNS:
    - Use OpenDNS or your own recursive nameserver locally or install one on an external server of yours.

    IP / Data Traffic:
    - Get access to a VPN and tunnel your traffic through this OR
    - Get your own VPS, f.ex. at VPSLink or whatever site that offers cheap shells and tunnel your traffic through SSH. (this encrypts the traffic).
    - Last but not least, you can also go through hacked targets, however i cannot advice this of course :-)

    There is of course even more ways, such as spoofing information sent by your
    programs including your browser. F.ex. changing user-agent and so fourth is just
    a tiny step towards on being more anonymous.

    Of course if the above VPN or VPS can be linked directly to you then it isn't much anonymity you get.

    Encrypting your harddrive and all your traffic including emails (thus using bs-ssl) can be a good idea as well.
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  6. #6
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    I'd love to hear more about some of your techniques MaXe as ive devoted almost a full week now to just ssh.

    A few webhosts bought with prepaid credit cards and ssh tunnels is more than you will ever need.

    Honestly tho i really don't see the need .. there is not a thing i do that is illegal, however it is something thats nice to know.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •