Hi all,
so, I've been browsing the web using Tor for some time now, and I have to say
that, at least with the cir quid I am currently using, I'm quite impressed with
the performance, especially since I'm only connected through a 3g ap at the
moment! So, I've had a look around the Torproject site and reading up on how it
all works and what safeguarding should be performed in order to stay secure.
So, I was thinking, how could I get all the systems that are part of my own
home network to access the web securely and anonymously? Well, I came up with
the following idea, and since some of you guys may have tried this, was
wondering if this would be practicable:
on my network, all devices are behind a hardware firewall that performs NAT and
packet filtering for viruses and other malicious stuff (UTM). The firewall acts
as the DHCP within the network, and its WAN port is connected to my router
which only handles internet connections. So far for my current network
topology. Now, I was thinking of adding another gateway here. My idea was to
take an embedded PC (e.g. a Soekris box) and installing a distribution such as
Debian on its memory. Then, a DHCP could first be set up on this box. Using
iptables, network interface routing could be configured, so that traffic
arriving at the LAN network interfaces would be routed to one exit point, the
WAN interface. So, at this stage, the DHCP on the Debian machine would assign
IPs to clients connected to the LAN ports, and all traffic arriving at these
ports would be redirected to one port which would be the WAN. Now, this box
could, for example, be connected in between the firewall and the route
r. So, the firewall would receive an IP from the Debian box, and all network
clients would still be behind the firewall. So then, when a client wants to
access the internet, it would first go through the firewall, from the firewall
to the Debian box and from there to the router and the web. Now, the Debian box
would have to route all connections through the Tor network. I guess Polipo
could be set up on the Debian box so that it will route all outgoing
connections through the Tor network. In this case, all traffic passing through
the box would be anonymized on the fly. However, some other steps would have to
be taken. For example, I guess it would be wise to implement functionality such
as offered by the SSL Everywhere Firefox extension, so that SSL would
automatically be enabled on as many sites as possible. Also, it probably would
be better to configure Polipo to reject any Cookies, Java Applets, Flash and
anything else that could compromise security. As such limitations w
ould also limit "comfortable" browsing, I guess various modes could be
designed, such as a safe mode (fully anonymized), a restrictive mode (not
everything is blocked, thus potential security risks exist) and a
non-restrictive mode (all traffic is routed through Tor, however no packet
filtering is performed - most convenient but also most insecure). Also, both
safe and restrictive mode could perform things such as browser-header
obfuscation, geo-data obfuscation, etc. Sure, such concepts would probably take
some time and work in order to make everything work. Therefore, I wondered if
someone might be working on such a task already and if not, if this would be a
project which would make sense, and which would be worth putting some effort
into. I guess my idea probably isn't new to most people dealing with Tor and
secure networking, but I'm wondering if such a platform already exists. I
definitely will be working on this once I get back home, as I think such an
undertake would
be quite useful to me personally!
Robin
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
