Tor OR-relay map of Italy
gAtO- wanted to test my map making abilities and so I put this little map of the OR-relays of Tor in ItAlY - gATO oUt
05/9/13
05/5/13
Finding Tor Websites –geo-location
Finding Tor Websites –geo-location
gAtO tHiNkInG- to find Tor-hidden service-website geo-location we must understand Tor and how it works better. Figure 1 shows us how a basic Tor connection is made. Let’s take a closer look, to understand the weak points in Tor and to find the location of the Tor-hidden service-website:
1,2 and 3 are how a Tor-hidden service-websites tells the world that it is available to the world. 4-5 and 6 create the map’s to the location of the meeting between the client and the HS. 7,8 and 9 are the key’s to finding the website…
The HS –hidden service needs to advertise that it’s available thru the IP –introduction points to the DS- Tor-DNS –so other Tor-clients can find them. The workload of data exchange goes on between the RP -Rendezvous Point and the client and the Tor-website.
All Tor connection have 3 relays they must use to connect to the Tor-network.
Client–|> 1.Entry-node 2.Relay-node 3.Exit-node -HS-website
1. Tor weakness :-A hidden service uses 3 IP and/or 3 RP as part of the ”descriptor information“ so the TOR-DNS can find the site.
a}. To find the geo-location we need to find the 3RP for a HS-website and direct our crawlers to crawl from 8 different geo-location– the delay signals from all location should be the [same/different] from the RP to the HS. This data with data from the OR should give us enough information to tag a location to these signals.
B}. –this is part of the information that is kept in the ”descriptor information“ that the Tor-DNS (directory service) uses to find and connect to the hidden service-website.
We will now have 8-Tor servers from different worldwide locations finding these 3 RP for the target hidden service-website. Once we have the geo-location of the RP –using network delay signals that we collect with our cralws. This data can give us triangulation information using data correlation to find the geo-location of the target- Tor hidden 
service-website. At least in threory it works, we have started testing some of these new ideas and will keep you posted. So far we can find the country of the target hidden service-website but we need to come closer and get a pinpoint location without an IP address with our medthod of triangulation and data correlation – gAtO oUt
05/4/13
Mapping Tor
gAtO- been working on Mapping Tor-OR and here is some fun stuff – just got o – https://maps.google.com – google maps – the for location type this in -http://uscyberlabs.com/tormap.kml -
You may need to reload it or hit the return a few times but you should get a big map of the world with Tor OR all over the place -
Biggest Growth Tor Usage Washington-DC
I found a chart from 2011 that shows all 900 OR in Tor at that time. Then I got a hold of some code that get’s me all V3 OR 2013. When I compared them both my biggest shock was the number of OR in Washington, DC area shows the biggest growth of OR on the To network.
So tell me why the US government seems to be the biggest user of Tor???
Last year we where running about 3,000 Tor-OR this year so far we have another 500 more OR bringing us up to 3,500 OR we have also increased the Authority-Directory servers to10 from 8
|
Mapping Tor OR – we will be doing more Tor-mapping project that will make things funs with Google-Maps – gAtO oUt
05/1/13
Tor – Unix Commands
gAtO hAs- been in linux onion-land for too long but I found these unix commands to help me out with my work, so I wanted to share them. – well at least it helps the gAtO.
| Command | Description | |
| • | apropos whatis | Show commands pertinent to string. See also threadsafe |
| • | man -t ascii | ps2pdf – > ascii.pdf | make a pdf of a manual page |
| which command | Show full path name of command | |
| time command | See how long a command takes | |
| • | time cat | Start stopwatch. Ctrl-d to stop. See also sw |
| dir navigation | ||
| • | cd - | Go to previous directory |
| • | cd | Go to $HOME directory |
| (cd dir && command) | Go to dir, execute command and return to current dir | |
| • | pushd . | Put current dir on stack so you can popd back to it |
| file searching | ||
| • | alias l=’ls -l –color=auto’ | quick dir listing |
| • | ls -lrt | List files by date. See also newest and find_mm_yyyy |
| • | ls /usr/bin | pr -T9 -W$COLUMNS | Print in 9 columns to width of terminal |
| find -name ‘*.[ch]‘ | xargs grep -E ‘expr’ | Search ‘expr’ in this dir and below. See also findrepo | |
| find -type f -print0 | xargs -r0 grep -F ‘example’ | Search all regular files for ‘example’ in this dir and below | |
| find -maxdepth 1 -type f | xargs grep -F ‘example’ | Search all regular files for ‘example’ in this dir | |
| find -maxdepth 1 -type d | while read dir; do echo $dir; echo cmd2; done | Process each item with multiple commands (in while loop) | |
| • | find -type f ! -perm -444 | Find files not readable by all (useful for web site) |
| • | find -type d ! -perm -111 | Find dirs not accessible by all (useful for web site) |
| • | locate -r ‘file[^/]*\.txt’ | Search cached index for names. This re is like glob *file*.txt |
| • | look reference | Quickly search (sorted) dictionary for prefix |
| • | grep –color reference /usr/share/dict/words | Highlight occurances of regular expression in dictionary |
| archives and compression | ||
| gpg -c file | Encrypt file | |
| gpg file.gpg | Decrypt file | |
| tar -c dir/ | bzip2 > dir.tar.bz2 | Make compressed archive of dir/ | |
| bzip2 -dc dir.tar.bz2 | tar -x | Extract archive (use gzip instead of bzip2 for tar.gz files) | |
| tar -c dir/ | gzip | gpg -c | ssh user@remote ‘dd of=dir.tar.gz.gpg’ | Make encrypted archive of dir/ on remote machine | |
| find dir/ -name ‘*.txt’ | tar -c –files-from=- | bzip2 > dir_txt.tar.bz2 | Make archive of subset of dir/ and below | |
| find dir/ -name ‘*.txt’ | xargs cp -a –target-directory=dir_txt/ –parents | Make copy of subset of dir/ and below | |
| ( tar -c /dir/to/copy ) | ( cd /where/to/ && tar -x -p ) | Copy (with permissions) copy/ dir to /where/to/ dir | |
| ( cd /dir/to/copy && tar -c . ) | ( cd /where/to/ && tar -x -p ) | Copy (with permissions) contents of copy/ dir to /where/to/ | |
| ( tar -c /dir/to/copy ) | ssh -C user@remote ‘cd /where/to/ && tar -x -p’ | Copy (with permissions) copy/ dir to remote:/where/to/ dir | |
| dd bs=1M if=/dev/sda | gzip | ssh user@remote ‘dd of=sda.gz’ | Backup harddisk to remote machine | |
| rsync (Network efficient file copier: Use the –dry-run option for testing) | ||
| rsync -P rsync://rsync.server.com/path/to/file file | Only get diffs. Do multiple times for troublesome downloads | |
| rsync –bwlimit=1000 fromfile tofile | Locally copy with rate limit. It’s like nice for I/O | |
| rsync -az -e ssh –delete ~/public_html/ remote.com:’~/public_html’ | Mirror web site (using compression and encryption) | |
| rsync -auz -e ssh remote:/dir/ . && rsync -auz -e ssh . remote:/dir/ | Synchronize current directory with remote one | |
| ssh (Secure SHell) | ||
| ssh $USER@$HOST command | Run command on $HOST as $USER (default command=shell) | |
| • | ssh -f -Y $USER@$HOSTNAME xeyes | Run GUI command on $HOSTNAME as $USER |
| scp -p -r $USER@$HOST: file dir/ | Copy with permissions to $USER’s home directory on $HOST | |
| scp -c arcfour $USER@$LANHOST: bigfile | Use faster crypto for local LAN. This might saturate GigE | |
| ssh -g -L 8080:localhost:80 root@$HOST | Forward connections to $HOSTNAME:8080 out to $HOST:80 | |
| ssh -R 1434:imap:143 root@$HOST | Forward connections from $HOST:1434 in to imap:143 | |
| ssh-copy-id $USER@$HOST | Install public key for $USER@$HOST for password-less log in | |
| wget (multi purpose download tool) | ||
| • | (cd dir/ && wget -nd -pHEKk http://www.pixelbeat.org/cmdline.html) | Store local browsable version of a page to the current dir |
| wget -c http://www.example.com/large.file | Continue downloading a partially downloaded file | |
| wget -r -nd -np -l1 -A ‘*.jpg’ http://www.example.com/dir/ | Download a set of files to the current directory | |
| wget ftp://remote/file[1-9].iso/ | FTP supports globbing directly | |
| • | wget -q -O- http://www.pixelbeat.org/timeline.html | grep ‘a href’ | head | Process output directly |
| echo ‘wget url’ | at 01:00 | Download url at 1AM to current dir | |
| wget –limit-rate=20k url | Do a low priority download (limit to 20KB/s in this case) | |
| wget -nv –spider –force-html -i bookmarks.html | Check links in a file | |
| wget –mirror http://www.example.com/ | Efficiently update a local copy of a site (handy from cron) | |
| networking (Note ifconfig, route, mii-tool, nslookup commands are obsolete) | ||
| ethtool eth0 | Show status of ethernet interface eth0 | |
| ethtool –change eth0 autoneg off speed 100 duplex full | Manually set ethernet interface speed | |
| iwconfig eth1 | Show status of wireless interface eth1 | |
| iwconfig eth1 rate 1Mb/s fixed | Manually set wireless interface speed | |
| • | iwlist scan | List wireless networks in range |
| • | ip link show | List network interfaces |
| ip link set dev eth0 name wan | Rename interface eth0 to wan | |
| ip link set dev eth0 up | Bring interface eth0 up (or down) | |
| • | ip addr show | List addresses for interfaces |
| ip addr add 1.2.3.4/24 brd + dev eth0 | Add (or del) ip and mask (255.255.255.0) | |
| • | ip route show | List routing table |
| ip route add default via 1.2.3.254 | Set default gateway to 1.2.3.254 | |
| • | host pixelbeat.org | Lookup DNS ip address for name or vice versa |
| • | hostname -i | Lookup local ip address (equivalent to host `hostname`) |
| • | whois pixelbeat.org | Lookup whois info for hostname or ip address |
| • | netstat -tupl | List internet services on a system |
| • | netstat -tup | List active connections to/from system |
| windows networking (Note samba is the package that provides all this windows specific networking support) | ||
| • | smbtree | Find windows machines. See also findsmb |
| nmblookup -A 1.2.3.4 | Find the windows (netbios) name associated with ip address | |
| smbclient -L windows_box | List shares on windows machine or samba server | |
| mount -t smbfs -o fmask=666,guest //windows_box/share /mnt/share | Mount a windows share | |
| echo ‘message’ | smbclient -M windows_box | Send popup to windows machine (off by default in XP sp2) | |
| text manipulation (Note sed uses stdin and stdout. Newer versions support inplace editing with the -i option) | ||
| sed ‘s/string1/string2/g’ | Replace string1 with string2 | |
| sed ‘s/\(.*\)1/\12/g’ | Modify anystring1 to anystring2 | |
| sed ‘/^ *#/d; /^ *$/d’ | Remove comments and blank lines | |
| sed ‘:a; /\\$/N; s/\\\n//; ta’ | Concatenate lines with trailing \ | |
| sed ‘s/[ \t]*$//’ | Remove trailing spaces from lines | |
| sed ‘s/\([`"$\]\)/\\\1/g’ | Escape shell metacharacters active within double quotes | |
| • | seq 10 | sed “s/^/ /; s/ *\(.\{7,\}\)/\1/” | Right align numbers |
| • | seq 10 | sed p | paste – - | Duplicate a column |
| sed -n ’1000{p;q}’ | Print 1000th line | |
| sed -n ’10,20p;20q’ | Print lines 10 to 20 | |
| sed -n ‘s/.*<title>\(.*\)<\/title>.*/\1/ip;T;q’ | Extract title from HTML web page | |
| sed -i 42d ~/.ssh/known_hosts | Delete a particular line | |
| sort -t. -k1,1n -k2,2n -k3,3n -k4,4n | Sort IPV4 ip addresses | |
| • | echo ‘Test’ | tr ‘[:lower:]‘ ‘[:upper:]‘ | Case conversion |
| • | tr -dc ‘[:print:]‘ < /dev/urandom | Filter non printable characters |
| • | tr -s ‘[:blank:]‘ ‘\t’ </proc/diskstats | cut -f4 | cut fields separated by blanks |
| • | history | wc -l | Count lines |
| set operations (Note you can export LANG=C for speed. Also these assume no duplicate lines within a file) | ||
| sort file1 file2 | uniq | Union of unsorted files | |
| sort file1 file2 | uniq -d | Intersection of unsorted files | |
| sort file1 file1 file2 | uniq -u | Difference of unsorted files | |
| sort file1 file2 | uniq -u | Symmetric Difference of unsorted files | |
| join -t’\0′ -a1 -a2 file1 file2 | Union of sorted files | |
| join -t’\0′ file1 file2 | Intersection of sorted files | |
| join -t’\0′ -v2 file1 file2 | Difference of sorted files | |
| join -t’\0′ -v1 -v2 file1 file2 | Symmetric Difference of sorted files | |
| math | ||
| • | echo ‘(1 + sqrt(5))/2′ | bc -l | Quick math (Calculate ?). See also bc |
| • | seq -f ’4/%g’ 1 2 99999 | paste -sd-+ | bc -l | Calculate ? the unix way |
| • | echo ‘pad=20; min=64; (100*10^6)/((pad+min)*8)’ | bc | More complex (int) e.g. This shows max FastE packet rate |
| • | echo ‘pad=20; min=64; print (100E6)/((pad+min)*8)’ | python | Python handles scientific notation |
| • | echo ‘pad=20; plot [64:1518] (100*10**6)/((pad+x)*8)’ | gnuplot -persist | Plot FastE packet rate vs packet size |
| • | echo ‘obase=16; ibase=10; 64206′ | bc | Base conversion (decimal to hexadecimal) |
| • | echo $((0x2dec)) | Base conversion (hex to dec) ((shell arithmetic expansion)) |
| • | units -t ’100m/9.58s‘ ‘miles/hour’ | Unit conversion (metric to imperial) |
| • | units -t ’500GB’ ‘GiB’ | Unit conversion (SI to IEC prefixes) |
| • | units -t ’1 googol’ | Definition lookup |
| • | seq 100 | (tr ‘\n’ +; echo 0) | bc | Add a column of numbers. See also add and funcpy |
| calendar | ||
| • | cal -3 | Display a calendar |
| • | cal 9 1752 | Display a calendar for a particular month year |
| • | date -d fri | What date is it this friday. See also day |
| • | [ $(date -d '12:00 +1 day' +%d) = '01' ] || exit | exit a script unless it’s the last day of the month |
| • | date –date=’25 Dec’ +%A | What day does xmas fall on, this year |
| • | date –date=’@2147483647′ | Convert seconds since the epoch (1970-01-01 UTC) to date |
| • | TZ=’America/Los_Angeles’ date | What time is it on west coast of US (use tzselect to find TZ) |
| • | date –date=’TZ=”America/Los_Angeles” 09:00 next Fri’ | What’s the local time for 9AM next Friday on west coast US |
| locales | ||
| • | printf “%’d\n” 1234 | Print number with thousands grouping appropriate to locale |
| • | BLOCK_SIZE=\’1 ls -l | Use locale thousands grouping in ls. See also l |
| • | echo “I live in `locale territory`” | Extract info from locale database |
| • | LANG=en_IE.utf8 locale int_prefix | Lookup locale info for specific country. See also ccodes |
| • | locale -kc $(locale | sed -n ‘s/\(LC_.\{4,\}\)=.*/\1/p’) | less | List fields available in locale database |
| recode (Obsoletes iconv, dos2unix, unix2dos) | ||
| • | recode -l | less | Show available conversions (aliases on each line) |
| recode windows-1252.. file_to_change.txt | Windows “ansi” to local charset (auto does CRLF conversion) | |
| recode utf-8/CRLF.. file_to_change.txt | Windows utf8 to local charset | |
| recode iso-8859-15..utf8 file_to_change.txt | Latin9 (western europe) to utf8 | |
| recode ../b64 < file.txt > file.b64 | Base64 encode | |
| recode /qp.. < file.qp > file.txt | Quoted printable decode | |
| recode ..HTML < file.txt > file.html | Text to HTML | |
| • | recode -lf windows-1252 | grep euro | Lookup table of characters |
| • | echo -n 0×80 | recode latin-9/x1..dump | Show what a code represents in latin-9 charmap |
| • | echo -n 0x20AC | recode ucs-2/x2..latin-9/x | Show latin-9 encoding |
| • | echo -n 0x20AC | recode ucs-2/x2..utf-8/x | Show utf-8 encoding |
| CDs | ||
| gzip < /dev/cdrom > cdrom.iso.gz | Save copy of data cdrom | |
| mkisofs -V LABEL -r dir | gzip > cdrom.iso.gz | Create cdrom image from contents of dir | |
| mount -o loop cdrom.iso /mnt/dir | Mount the cdrom image at /mnt/dir (read only) | |
| cdrecord -v dev=/dev/cdrom blank=fast | Clear a CDRW | |
| gzip -dc cdrom.iso.gz | cdrecord -v dev=/dev/cdrom - | Burn cdrom image (use dev=ATAPI -scanbus to confirm dev) | |
| cdparanoia -B | Rip audio tracks from CD to wav files in current dir | |
| cdrecord -v dev=/dev/cdrom -audio -pad *.wav | Make audio CD from all wavs in current dir (see also cdrdao) | |
| oggenc –tracknum=$track track.cdda.wav -o track.ogg | Make ogg file from wav file | |
| disk space (See also FSlint) | ||
| • | ls -lSr | Show files by size, biggest last |
| • | du -s * | sort -k1,1rn | head | Show top disk users in current dir. See also dutop |
| • | du -hs /home/* | sort -k1,1h | Sort paths by easy to interpret disk usage |
| • | df -h | Show free space on mounted filesystems |
| • | df -i | Show free inodes on mounted filesystems |
| • | fdisk -l | Show disks partitions sizes and types (run as root) |
| • | rpm -q -a –qf ‘%10{SIZE}\t%{NAME}\n’ | sort -k1,1n | List all packages by installed size (Bytes) on rpm distros |
| • | dpkg-query -W -f=’${Installed-Size;10}\t${Package}\n’ | sort -k1,1n | List all packages by installed size (KBytes) on deb distros |
| • | dd bs=1 seek=2TB if=/dev/null of=ext3.test | Create a large test file (taking no space). See also truncate |
| • | > file | truncate data of file or create an empty file |
| monitoring/debugging | ||
| • | tail -f /var/log/messages | Monitor messages in a log file |
| • | strace -c ls >/dev/null | Summarise/profile system calls made by command |
| • | strace -f -e open ls >/dev/null | List system calls made by command |
| • | strace -f -e trace=write -e write=1,2 ls >/dev/null | Monitor what’s written to stdout and stderr |
| • | ltrace -f -e getenv ls >/dev/null | List library calls made by command |
| • | lsof -p $$ | List paths that process id has open |
| • | lsof ~ | List processes that have specified path open |
| • | tcpdump not port 22 | Show network traffic except ssh. See also tcpdump_not_me |
| • | ps -e -o pid,args –forest | List processes in a hierarchy |
| • | ps -e -o pcpu,cpu,nice,state,cputime,args –sort pcpu | sed ‘/^ 0.0 /d’ | List processes by % cpu usage |
| • | ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS | List processes by mem (KB) usage. See also ps_mem.py |
| • | ps -C firefox-bin -L -o pid,tid,pcpu,state | List all threads for a particular process |
| • | ps -p 1,$$ -o etime= | List elapsed wall time for particular process IDs |
| • | last reboot | Show system reboot history |
| • | free -m | Show amount of (remaining) RAM (-m displays in MB) |
| • | watch -n.1 ‘cat /proc/interrupts’ | Watch changeable data continuously |
| • | udevadm monitor | Monitor udev events to help configure rules |
| system information (see also sysinfo) (‘#’ means root access is required) | ||
| • | uname -a | Show kernel version and system architecture |
| • | head -n1 /etc/issue | Show name and version of distribution |
| • | cat /proc/partitions | Show all partitions registered on the system |
| • | grep MemTotal /proc/meminfo | Show RAM total seen by the system |
| • | grep “model name” /proc/cpuinfo | Show CPU(s) info |
| • | lspci -tv | Show PCI info |
| • | lsusb -tv | Show USB info |
| • | mount | column -t | List mounted filesystems on the system (and align output) |
| • | grep -F capacity: /proc/acpi/battery/BAT0/info | Show state of cells in laptop battery |
| # | dmidecode -q | less | Display SMBIOS/DMI information |
| # | smartctl -A /dev/sda | grep Power_On_Hours | How long has this disk (system) been powered on in total |
| # | hdparm -i /dev/sda | Show info about disk sda |
| # | hdparm -tT /dev/sda | Do a read speed test on disk sda |
| # | badblocks -s /dev/sda | Test for unreadable blocks on disk sda |
| interactive (see also linux keyboard shortcuts) | ||
| • | readline | Line editor used by bash, python, bc, gnuplot, … |
| • | screen | Virtual terminals with detach capability, … |
| • | mc | Powerful file manager that can browse rpm, tar, ftp, ssh, … |
| • | gnuplot | Interactive/scriptable graphing |
| • | links | Web browser |
| • | xdg-open . | open a file or url with the registered desktop application |
04/5/13
Tor Tells It’s Secrets
gAtO pLaYiNg with words in Tor- We just simply counted the number of times a word appeared in our search engine by pages- this is something every search engine does but what it gave us was a picture of what Tor really is. It’s not all crime and ugly but information is number one in Tor. Exactly what it’s supposed to be. Tor was created to share information from the table below we see lot’s of stuff inside Tor.
Tor word data points: We put this report together to see what our word count occurrence was, in our crawled data so far. The chart below gives an interesting picture of the Tor data points that it generates.
We are finding that these are the best categories to put our websites into. The words by site occurrence speaks volumes to understand trends in Tor. For example it shows i2p network in Tor 2 notices above drugs in Tor. Because i2p is fast being intwined with Tor to get better anonymity.
- These are real data point based on 3/27/2013-4/3/2013 – this is a live report from our crawls.
- As we crawl and add more data our picture will change as to the landscape of Tor.
- Bitcoins is the fourth most popular word – currency in the Dark Web is number 1
—
| Word | Num. Occurrences |
| blog | 1014 |
| wiki | 985 |
| anonymous | 966 |
| bitcoin | 837 |
| sex | 530 |
| gun | 492 |
| market | 458 |
| I2P | 400 |
| software | 372 |
| drugs | 365 |
| child | 353 |
| pedo | 321 |
| hacking | 314 |
| weapon | 221 |
| politic | 209 |
| books | 157 |
| exploit | 118 |
| anarchism | 105 |
| porno | 88 |
| baby | 87 |
| CP | 83 |
| fraud | 76 |
| piracy | 69 |
- Bitcoins are above SEX tell us volumes in that bit coins are the normal exchange currency in Tor.
- Fraud and piracy are the lowest were we would except it to be much higher, People trust more in Tor.
This map does tell us that crime is everywhere in Tor at a more alarming rate than we though.
We are doing the same in the e-mail we found in Tor. In the email table is a place where we can get a better picture of emails in the Tor network. Not all of them go to tormail.org as we thought. As mentioned more i2p and connections with other anonymous networks seems to be a trend, as the growth rate of Tor users increase so is the technical base and more sophisticated users will come on board.
Hope this gives you a better picture of Tor. -gAtO oUt
03/24/13
Tor is NOT the ONLY Anonymous Network
gAtO fOuNd – this very interesting and wanted to share -
Tor does some things good, but other anonymous networks do other things better. Only when used together do they work best. And of course you want to already know how to use them should something happen to Tor and you are forced to move to another network.
Try them! You may even find something interesting you cannot find on Tor!
These are well known and widely deployed anonymous networks that offer strong anonymity and high security. They are all open source, in active development, have been online for many years and resisted attack attempts. They run on multiple operating systems and are safe to use with default settings. All are well regarded.
- Tor – Fast anonymous internet access, hidden websites, most well known.
- I2P – Hidden websites, anonymous bittorrent, mail, out-proxy to internet, other services.
- Freenet – Static website hosting, distributed file storage for large files, decentralized forums.
Also anonymous networks, but less used and possibly more limited in functionality.
- GnuNet – Anonymous distributed file storage.
- OneSwarm – Bittorrent, has a non-anonymous mode, requires friends for anonymity.
- RetroShare – File-sharing, chat, forums, mail. Requires friends, and not anonymous to those friends, only the rest of the network.
- Omemo – Distributed social storage platform. Uncertain to what extent it is anonymous.
These are anonymous networks, but are not open source. Therefore their security and anonymity properties is hard to impossible to verify, and though the applications are legit, they may have serious weaknesses. Do not rely on them for strong anonymity.
- Osiris – Serverless portal system, does not claim to provide any real anonymity.
- Phantom – Hidden Services, native IPv6 transport.
- GlobaLeaks – Open Source Whistleblowing Framework.
- FreedomBox – Project to create personal servers for distributed social networking, email and audio/video communications.
- Telex – A new way to circumvent Internet censorship.
- Project Byzantium – Bootable live distribution of Linux to set up wireless mesh nodes with commonly available hardware.
- Hyperboria A distributed meshnet built on cjdns.
These are internets overlaid on the internet. They provide security via encryption, but only provides weak to none anonymity on their own. Only standard tools such as OpenVPN and Quagga are required to connect. Responsibility for a sufficiently anonymous setup is placed on the user and their advertised routes. More suited for private groups as things out in the open can be firewalled by other participants. Can be layered above or below other anonymity nets for more security and fun.
- Anonet – AnoNet2, a more open replacement for AnoNet1.
- dn42 – Another highly technical routing community.
- CJDNS, an IPV6 overlay network that provides end to end encryption. It is not anonymous by itself.
- Netsukuku – A project that aims to build a global P2P online network completely independent from the Internet by using Wi-Fi. The software is still in active development, although the site is no longer updated. A new site is in progress of being built.
- Many other wireless communities building mesh networks as an alternative to the Internet, e.g. Freifunk, http://guifi.net and many more around the globe. see also
Alternative domain name systems
- Namecoin – Cryptocurrency with the added ability to support a decentralised domain name system currently as a .bit.
- OpenNIC – A user controlled Network Information Center offering a democratic, non-national, alternative to the traditional Top-Level Domain registries.
- Dot-P2P – Another decentralized DNS service without centralized registry operators (at July 18, 2012 page is not accessible and has not known anything about the status of project from February 2011).
- A Radical’s Introduction to Anonymity – Comparison of the different networks, by xcZlZQ
- FreeHaven – Technical whitepapers covering the anon space. Excellent reading material.
- Wikipedia’s anonymous networks
- Wikipedia’s anonymous P2P
03/22/13
China Hackers found in Tor
China Hackers found in Tor
gAtO bEeN crawling - Tor and found China — China, Fujian IP found in Tor but is it really the Chinese or someone else. As I work on the Tor-Directory-Project to map out every URL in Tor. I came to these site
Anonet
http://yaiaqf3te6khr3nd.onion/ – This sites has 3 different sites in one – 3 index front pages-DOORS - fUnNy nO?
http://lw7b7t7n7koyi6tb.onion
Now what’s so weird about these 2 sites 4 IP address on the site for proxies and Tor in CHINA. This ain’t right, China does it’s best to block Tor and keep it’s citizens away from Tor so why would a website in Tor place these explicit IP address and telling you to use them. In Tor you try to hide not give IP out that can be traced, so why is this different???
So I back trace these 4 sites 3 in China 1 is Soul,Korea, then you google “Fujian Providence hacking”
Yeah there are a lot of things happening in that part of China but is it really the Chinese or others. Russians maybe??
These 2 sites are linked to “Anonet” the funny (ha ha) thing is this one person that keeps popping up – (Anonymous Coward ) on both these sites- and he/she leads back to China too mAyBe -Si-nO. The Chinese use the Anonymous Coward to mock Anonymous which are very dangerous in China but this does not look good folks.
We talk about China hacking us and when people like myself find these sites and try to report them – no way- I’m just a nobody that has one of the largest Tor search engines around. Just from these 2 sites I have 56 URL’s – Maybe one of these cyber Professional should check these 2 sites out – I have a subscription service for Tor Search engine any governments or law enforcement out there that need this — talk to gAtO—
They may find one source of China Hacking the US and other places – gAtO oUt
Chinanet Fujian Province Network
http://1.1.7.10/ IP Address:
Chinanet Fujian Province Network
http://1.1.7.7/ IP Address:
Chinanet Fujian Province Network
http://1.234.56.4/ IP Address:
1.234.56.4 ISP: SK Broadband Co Ltd Region:
Seoul (KR)
http://1.56.75.16/ IP Address:
China Unicom Heilongjiang Province Network
1.56.75.16 ISP: Region: Harbin (CN)
03/10/13
Finding the Bad Guy’s in Tor -triangulated irregular network
gAtO ThInKiNg - a car GPS works very simple, It takes the delay time from one geo-positioned satellite and compares is to another geo-positional satellite and estimates the position of the GPS in my CAR – I think they call it satellite triangulation or something cool, it’s been done with radios to guide pilots navigate ever since they developed radios. We do it with satellite and we can use networks too.
triangulated irregular network -So now apply this to the Tor bad guy’s websites- a hidden service!
With a simple command you can get the time it takes to crawl a website, so you have one server in the U.S one is South America, one in Europe and one in Asia and we run the same command getting the delays from each location. I bet with a little math and some basic network tools we could figure out the geo-location of any given website in Tor. One of my good mentors told me that in my crawls I was capturing timing information, we all see timing information with a simple ping command in the clear web but in Tor – UDP is unsupported so it does not work -//- we must take into account the Tor network thru-put and utilization bit that’s easy to get from a number of Tor tools.
Reverse triangulation of a network server should be easy to find with a little math, just take a good sample and the longer you wait the more data you collect and the better the chance you can find a geo-location of a website. We do this in the clear web all the time we can see bad areas of the world that are bad spammers, and other like mail from Africa Prince Scams offering you millions if you send them some money to cover the transfer, or Russian and Chinese phishing attacks. So we know geo-location and some IP are more prime to bad actors and we can draw a profile, a geo-location of a place and/or country or an ISP so not having the IP of a Tor server may not be neededto find them we could use network triangulation. “triangulated irregular network ” So the same thing can be done with networks and timing delays of data back and forth from a // client <–> Tor OR <–>server.
I got a crazy Idea that may or may-not work, but it sounds good—// so— Now if I can only find a government grant and a good math major to help out and we have a big business model to find the bad guy’s geo-location even in Tor - gAtO oUt…
03/9/13
Tor Website 36% are Criminals Sites
gAtO iS CrAwLliNg websites-We just completed our new crawl of Tor URL that we found. We started with 2,000 URL’s and we got about 550 positives from this first run. This will change since some sites go up and down for no rhyme or reason. I went back to verify one site that my crawl picked up with all kinds of good information but later when I went back it would not come up. So this is an ongoing thing in order to map out all of Tor’s hidden service websites. From the preliminary data Pedo sites are about 18% of the sites we discovered another 4-6% guns and assassins and another 14-16% of different criminal type’s of sites or scams. So that is over 36% of the sites we found were criminal type, that is not good for anyone.
Crawling Tor Hidden Service – websites
Tor is an excellent software for being private and having some level of safety but this new light is not good for the people that want to use Tor and the Dark Web to do good things and positive things. Now we see that the bad guys are all over Tor-Dark Web we hope this list will help it become better.
This list is only available to Law enforcement, governments and selected security companies, you must be verified first before you can get a hold of this list of Onion websites in Tor. This is not a free list (we have to recover our cost of r&d) and this is only the first steps we have gained over 12,000 new URL in Tor from this crawl and will be doing more crawls and adding more information to the list.
What really freaked us out was the undocumented website that are not in any hidden wiki in Tor and the number of them being put out by criminals. Now some of the other information that we collected see list below will give us a baseline like — Last-Modified: — will give us an indication of how active they are. The —Server: & Web Application:— will give us the web app they use and from the looks of things some are vulnerable to all kinds of hacking attacks. Tor websites are the same as any site and if you don’t update your website, well your vulnerable to hacking from anyone and in Tor you don’t have a clue because they are protected just like the site.
This will be an ongoing crawl for the next year or so, so expect the list to grow and as new data is collected more will be revealed about the how, and the use of Tor and who uses Tor will become not just theories but facts that we can verify - gAtO OuT
Internal URL’s -
[url]
[content_type]
[http_code]
[header_size]
[request_size]
[filetime]
[ssl_verify_result]
[redirect_count]
[total_time]
[namelookup_time]
[connect_time]
[pretransfer_time]
[size_upload] => 0
[size_download] => 124
[speed_download] => 7
[speed_upload]
[download_content_length]
[upload_content_length]
[starttransfer_time]
[redirect_time]
[certinfo]
Cache-Control
Expires:
Pragma:
HTTP
Server:
Crawl Date:
Content-Type:
Content-Length:
Last-Modified:
Connection:
Accept-Ranges:
Proxy-Connection:
Set-Cookie:
Content-Length:
Accept-Ranges:
Web Application:
03/7/13
Mapping Tor Websites
gATo and fRiEnDs- are am now working on the Tor-Directory Project crawling about 2000 Tor-url and getting some new information about Tor and the sites that reside in the Dark Web. Example I got a good crawl from a site and I went to double check it and now it was down, so are the sites going up and down and online just for a period of time? Are the site not available because of the browser I am using -vs- my crawler. These are some of the answers I will find out.
I expected due to the slowness of Tor to spend a lot of time running these crawls. I have now a script that I can run in about 20hr or less and scrape about 2000 sites. I thought that the slowness of Tor-Dark Web would make this a real time eater but I am wrong. Another thing is the secret Tor sites I found, I now have a fingerprint on them and these sites that hide in secret on top of being in Tor are a real interest to me and others.
The main issue is Tor is not socks-http friendly so setting up the infrastructure was a real learning curve and now I can replicate the installation so as I get more servers online this will become a little easier. Right now I am mapping the sites so I can crawl every page, the good part and bad is I am finding more and more URL that I never thought existed, so the discovery of new URL is a good thing but once again the collection becomes a real bear.
I am putting this into a db to make the search of the collected data a little easier but finding that db programing on the web is well not very user friendly but I have a good partner that is fixing all my mistakes. We will house this new Tor-only website search engine in the clear web so we can keep the speed up and well people are scared to go into Tor, so why not keep everything in the clearWeb for now.
I expect the crawls to get much longer since I now have the urls to crawl every site a little better but the information and mapping out Tor will be and invaluable tool for us. You say how about the hidden wiki, and all those sites that have Tor directory wiki sites. Well they are OK for basic stuff but I am finding new sites I never heard of and the pedophiles are all over Tor so you best beware I am putting a light on your websites and the next part will be to stop you from using Tor as a play ground for your sick crap. Tor is meant for real needs of privacy and protection and I hope my work in this will get these sick bastards to run somewhere else — gATO is watching you in Tor so beware!!!
