Tor

Tor is an anonymity network using onion routing.

Privacy Risks[edit | edit source]

While Tor is designed to protect your privacy and provide anonymity, there are certain risks that should be understood before using Tor. Some of which are:

1. Compromised Exit Nodes: Anything you fetch from the internet via Tor that isn't encrypted will be visible to the exit node that is serving your request. The exit node can therefore see any HTTP requests or SMTP traffic. A 2016 article found that 1 in 9 exit nodes may be compromised. Treat Tor like a public WiFi network and assume anyone else can eavesdrop on your internet traffic. Traffic to a hidden service isn't affected by this as it doesn't go through exit nodes, but that leads to the next issue.
2. Compromised Guard Nodes: The first node you connect to knows your real IP address. Because your Tor connection might refresh its circuit and use a different guard node, eventually someone running a compromised guard node will know that you from your IP address connected to Tor. Combined with timing attacks and this may be enough to pinpoint an individual user.
3. Traffic Shaping and Timing Attacks: Your ISP can see Tor traffic and know that you are connected to the Tor network. Again, with timing attacks, it may be possible to determine your circuit configuration and determine what your destinations are.
4. Your Activities and Behavior: What you do on Tor matters and doing something silly such as posting your email address, name, a previously used bitcoin address, or any other identifiable information will leak your identity. Your browsing behavior such as what you view, at what time, and browsing patterns might also be identifiable. The longer you are on Tor, the higher this exposure becomes.
5. Tor Browser: Running Tor browser with javascript enabled will leak additional information about you. An unpatched version of Tor could be a vector for an attack resulting in the leakage of your real IP address.

Installation[edit | edit source]

Linux[edit | edit source]

Download and compile the Tor source. Alternatively, use the Docker image at https://git.steamr.com/docker/tor.

FreeBSD[edit | edit source]

cd /usr/ports/security/tor
make config-recursive
make install clean

echo 'enable_tor="YES"' >> /etc/rc.conf
vi /usr/local/etc/tor/torrc

Put the following in your torrc file:

#
# Refer to https://www.torproject.org/docs/tor-manual.html.en
#

# Listen on localhost, using the default port of 9051
SocksPort 9051
SocksListenAddress 127.0.0.1

ORPort 9001

# Do not be an exit node
ExitPolicy reject *:* 

BandwidthRate 10 MB
BandwidthBurst 100 MB

RunAsDaemon 1

ContactInfo tor@steamr.com

To start tor, run

# /usr/local/etc/rc.d/tor start

Usage[edit | edit source]

As a Transparent Proxy[edit | edit source]

For detailed instructions on setting up a transparent proxy, see Tor Transparent Proxy.

Setup a Hidden Service[edit | edit source]

See: https://www.torproject.org/docs/tor-hidden-service.html.en

With Tor set up, add the following lines to the torrc configuration file:

HiddenServiceDir /srv/tor/hidden_services/
HiddenServicePort 80 192.168.192.10:8881

The HiddenServiceDir will contain the hidden service hostname and private key. All subsequent HiddenServicePort directives after will define the ports available from that hostname and to which IP data should be forwarded to.

The Dark Net[edit | edit source]

The dark net isn't really that special. It's like the regular internet. Be amazed by how many scams there are and stay away from some very vile stuff.

Sites[edit | edit source]

• Hidden Wiki - http://zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion/wiki/index.php/Main_Page
• Not evil search engine - hss3uro2hsxfogfq.onion
• Intel exchange - rrcc5xgpiuf3xe6p.onion
• 0day.in - qzbkwswfv5k2oj5d.onion
• abraxas (online store) - abraxasdegupusel.onion
• Readers against DRM - c3jemx2ube5v5zpg.onion

Hosting[edit | edit source]

• VPS Hosting - kowloon5aibdbege.onion
• Freedom Hosting 2 - http://fhostingesps6bly.onion/

Other[edit | edit source]

Blocking Tor Exit Nodes[edit | edit source]

While it is recommended to not outright block Tor traffic because there are legitimate uses, sometimes Tor exit nodes really do exhibit really undesirable behavior and you need to block them all for a reprieve. To block all Tor exit nodes that can reach your server, use the TorBulkExitList.py script at https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=xxx

#/bin/sh

# create a new set for individual IP addresses
ipset -N tor iphash

# get a list of Tor exit nodes that can access $YOUR_IP, skip the comments and read line by line
wget -q https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$YOUR_IP -O - | sed '/^#/d' | while read IP
do
  # add each IP address to the new set, silencing the warnings for IPs that have already been added
  ipset -q -A tor $IP
done

# filter our new set in iptables
iptables -A INPUT -m set --match-set tor src -j DROP

Script above copied from: https://github.com/scriptzteam/BlockTor/blob/master/block.sh