April 6, 2011, 2:47 p.m.
posted by unixgeek
Evade Traffic Analysis
Use transparent onion routing to evade traffic analysis and protect your privacy.
Privacy is something most people value, or at least think they do, but in our ever-connected world it's becoming quite a rare commodity. Every packet your computer sends out onto the Internet is ultimately traceable back to you (the Internet wouldn't work properly if it weren't), but that's just the tip of the iceberg. Since all your traffic must flow through your ISP, it's possible for them to build a complete picture of you from the web sites you visit.
One way to guard against traffic analysis is to use The Onion Router, Tor (http://tor.eff.org).
Onion routing is a technique for anonymous communication that involves randomly building a virtual circuit through several routers to obfuscate the connection's source. Thus, someone monitoring your traffic will just see you communicating with the first hop in the circuit, and the final destination will think that it's communicating with the last hop in the circuit.
Before the data is transmitted, though, Tor negotiates encryption keys with each hop in the circuit to protect your data along the way. It then encrypts the packet with the key for the last hop in the circuit, then the next to last, and so on until the packet is encrypted with the key for the first hop in the circuit. This process creates a packet encapsulated in multiple layers of encryption.
This is what makes the onion metaphor apropos for describing this technique. As the packet passes through each hop of the circuit, the outermost encrypted layer is peeled off. This also has the nice side effect of each hop in the circuit not having a complete picture of the circuit. An individual hop knows about only the previous hop and the next hop.
Before compiling Tor, you'll need to have Zlib and OpenSSL installed on your system. (Most systems should have Zlib and OpenSSL already.) Tor also requires libevent (http://monkey.org/~provos/libevent/), which you can install by simply downloading the tarball, unpacking it, and doing the standard ./configure && make and running make install as root. Once those prerequisites are out of the way, you can install Tor.
Before doing anything else, add a user and group to run Tor as. Then, run ./configure and specify the user and group that you created:
$ ./conFigurewith-tor-user=tor --with-tor-group=tor
As the script executes, you might see the following error:
checking whether we need extra options to link libevent... configure: error: Found linkable libevent in (system), but it doesn't run, even with -R. Maybe specify another using --with-libevent-dir?
If you do encounter this, run ./configure again and tell it where to find libevent:
$ ./conFigurewith-tor-user=tor --with-tor-group=tor --with-libevent-dir=/usr/local
Once the configure script completes, run make, become root, and run make install.
You'll now need to create a directory for Tor to store its data in. For example:
# mkdir /var/run/tor && chown tor:tor /var/run/tor
If you plan to use Tor with a web browser, you should also install Privoxy (http://www.privoxy.org). Most web browsers support only SOCKS4 or SOCKS5, which use IP addresses to initiate connections through the proxy. This means that your web browser will have to perform name lookups using your normal DNS server, which can reveal your web-browsing activities to others. Using an HTTP proxy such as Privoxy to browse the Web fixes this problem, by forwarding the DNS requests and traffic through Tor.
To install Privoxy, first unpack the tarball and change into the directory that it creates. Then, run the following command:
$ autoheader && autoconf
You can safely ignore most of the warnings you'll see in the output. Just make sure that the ./configure file exists after autoconf finishes executing.
Now you'll need to create a user and group to run Privoxy under (e.g., privoxy). Then, you can run ./configure:
$ ./conFigurewith-user=privoxy --with-group=privoxy
Once the configure script has finished, run make, become root, and run make install.
Configuring Privoxy for Tor
forward-socks4a / localhost:9050 .
This line tells Privoxy to forward all requests to a SOCKS4a proxy at 127.0.0.1:9050, which Tor has been configured to act as.
logfile logfile jarfile jarfile
Now, start Privoxy and Tor:
# /usr/local/sbin/privoxy --user privoxy privoxy /usr/local/etc/privoxy/config Apr 10 00:26:10 Privoxy(-1208432960) Info: loading configuration file '/usr/local/etc/privoxy/config': Apr 14 00:26:10 Privoxy(-1208432960) Info: Privoxy version 3.0.3 Apr 10 00:26:10 Privoxy(-1208432960) Info: Program name: /usr/local/sbin/privoxy Apr 10 00:26:10 Privoxy(-1208432960) Info: Listening on port 8118 for local connections only # /usr/local/bin/tor --user tor --group tor --datadirectory /var/run/tor Apr 10 00:27:50.023 [notice] Tor v0.1.1.18-rc. This is experimental software. Do not rely on it for strong anonymity. Apr 10 00:27:50.024 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults. Apr 10 00:27:50.027 [notice] Initialized libevent version 1.1a using method epoll. Good. Apr 10 00:27:50.027 [notice] connection_create_listener( ): Opening Socks listener on 127.0.0.1:9050 Apr 10 00:27:56.626 [notice] We now have enough directory information to build circuits. Apr 10 00:28:01.463 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
You can now configure your web browser to use Privoxy as its HTTP proxy. When doing this, specify localhost as the hostname and port 8118. You can then test out your Tor setup by visiting the Tor test page (http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1). If you're connecting to it through Tor, you should see something similar to Figure.
Tor test results
Tor can be used for much more than just anonymizing web browsing, though. You can tunnel SSH through Tor [Hack #38] and use Tor with IRC clients, IM, and anything else that supports SOCKS. However, keep in mind that Tor does not provide end-to-end encryption. Any unencrypted traffic sent through Tor will only be protected until it exits the Tor network.