[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Proposed student project



On Mon, Sep 15, 2008 at 1:25 PM, Roger Dingledine <arma@xxxxxxx> wrote:
>
> On Mon, Sep 15, 2008 at 02:12:12PM -0400, Chris Akins wrote:
> > The basic idea
> > is to build a zero-configuration Tor relay in hardware that sits between the
> > home user's router and their computer. Two plugs: one to the outside world,
> > one to the computer.
>
> Two thoughts come to mind immediately. First, you will want to use
> Tor's transparent proxy interface with iptables / pf:
> https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy
>
> You might like Incognito's firewall rules:
> https://svn.torproject.org/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save
>
> For the software side, you should look at coderman's draft thoughts on
> a self-contained Tor in a VM:
> https://svn.torproject.org/svn/torvm/trunk/doc/design.html
>
> Second, if you want this Tor to be able to act as a relay too (aka a Tor
> server), it will need some non-trivial hardware. Exactly what hardware is
> needed is an open question, and worth exploring more. The Tor software
> development process seems to have cycles where we 1) accidentally cause
> Tor to use too many resources, then 2) fix that, then go back to 1.

> So some versions of Tor are much more friendly, cpu and memory wise,
> than others. The current 0.2.1.5-alpha version is quite good I believe.
>
> > The relay would automatically handle all the configuration details, and
> > render interception almost impossible, barring subversion of the target
> > machine.

Building on Roger, another point, esp. regarding interception; an
automatic (singned) binary update would be a good idea. You (or
whoever maintained the project) could simply test the latest versions
and update it when needed. (Bugs are found, performance is improved,
etc.)

Just my pseudo-developer two cents...

> You may find that some config details, like how much rate limiting the
> user wants to put in place, are hard to guess automatically.
>
> --Roger
>


--
madjon@xxxxxxxxx