[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Cloak Tor Router
From: Aymeric Vitte <vitteaymeric@xxxxxxxxx>
Date: Fri, 07 Nov 2014 17:29:23 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Nov 2014 11:29:37 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=tGX/klXwVh5OJIah2CvbBbAqGqB72kRij5pLVAY0ts8=; b=olXV/aIpwp/PbFyjBqzigDLe2GvjwDWGLGdrxQR39hZLhwTrXmmi2ccnRqhfn9kilO rRRlszeac7IAL7P0BM6qZ1upZ2vDZLqK6Sk0FjKZDci4NRzX1mmh90A3AzYLRSwiZz+F q721CnTVLLIiNdf+esfzrOUQnpqVZISRAZ+Xyygp/Rg0qXRPICByO4jvrI0iR86gifDI rU/A3wMHuTXMPlLpY4RBtCNW/RZ+Jld8ki4Y7Fkdqnu9l4ja8WBoKW8B6WvFuDl5TVbx /5AzNsrLpq2WOmMwjIO+Fq40fzHeXVNMqUlwGoPWzdZpskWWV29gyJHu6wtRjZZAbHZ3 byrA==
In-reply-to: <3413830.AxW13VOK2Y@ncpws04>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <7488606.2oxgLGVBPl@ncpws04> <8791008.gPgc6LIrom@ncpws04> <CAJVRA1THJ5urkXWVe7UgKVy5gA=1a6yQ4F1_=1v3m4Yu-pgxJw@xxxxxxxxxxxxxx> <3413830.AxW13VOK2Y@ncpws04>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

And 5 "do not send anything outside", no? Usually you can restrict withyour ISP box but can you trust it?


What happens if you connect directly your PC to the Cloak with a cable?

Maybe the concept of several wifis is good but I don't see it veryusable, not sure what would be the security requirements for this butassuming that I am trusting my local network why not a simple webinterface where you can configure the same for any device connected tothe box:


- do not allow anything outside
- allow all traffic outside Tor
- force everything through Tor (warning: close your bittorrent clients)
option: the Cloak could detect the bittorrent traffic
- force eveything through Tor except torrents
- force ssl through Tor, non ssl outside
...

Regards,


Le 05/11/2014 05:19, Lars Boegild Thomsen a écrit :

On Sunday 02 November 2014 00:47:40 coderman wrote:

even a simple one time, "You are about to route your traffic over the
Tor network. Turn off your torrents and don't upgrade poorly written
applications".

the zero guidance to unsuspecting is what i am most concerned about;
even basic captive portal warning would be a benefit.

I will definitely look into this one.  This should be quite easy to implement by messing a bit with the firewall tables :)

Only problem I see is that to make it useful I think it would have to time out at some point.  One example I have bought up a few times is my cheap and rather chatty media player.  I have not dug into the details exactly but I _know_ it "phones home" regularly and it is definitely a use case where the Tor browser bundle would be impossible.  Problem is that one is unattended so if I were to do a captive portal kind of page and that would require a positive acceptance, the Cloak would be useless for this scenario.

Number of wireless networks are not an issue so I _am_ beginning to think that more than two is necessary.  For example:

1. Open - Open network - no Tor
2. Transparent proxy - all tcp traffic allowed - forced through Tor - everything on separate circuits  - captive warning
3. Transparent proxy as 2 minus captive portal (for gadgets or someone who know what they are doing)
4. Isolating proxy - only https allowed - forced through Tor - everything on separate circuits and everything else blocked

It is not really a problem to make more than two so if this makes the Cloak more flexible I'd say it's the way to go.


--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Cloak Tor Router
  - From: hellekin
- Re: [tor-talk] Cloak Tor Router
  - From: Lars Boegild Thomsen

References:
- [tor-talk] Cloak Tor Router
  - From: Lars Boegild Thomsen
- Re: [tor-talk] Cloak Tor Router
  - From: Lars Boegild Thomsen
- Re: [tor-talk] Cloak Tor Router
  - From: coderman
- Re: [tor-talk] Cloak Tor Router
  - From: Lars Boegild Thomsen

Prev by Author: Re: [tor-talk] Cloak Tor Router
Next by Author: Re: [tor-talk] Cloak Tor Router
Previous by thread: Re: [tor-talk] Cloak Tor Router
Next by thread: Re: [tor-talk] Cloak Tor Router
Index(es):
- Author
- Thread