[guardian-dev] Fwd: [tor-talk] Better testing through filternets
Cédric Jeanneret
guardian at ethack.org
Tue Sep 2 15:33:49 EDT 2014
On September 2, 2014 5:41:42 PM CEST, Nathan of Guardian <nathan at guardianproject.info> wrote:
>
>
>
>-------- Forwarded Message --------
>Subject: [tor-talk] Better testing through filternets
>Date: Tue, 02 Sep 2014 11:40:01 -0400
>From: Nathan Freitas <nathan at freitas.net>
>Reply-To: tor-talk at lists.torproject.org
>To: tor-talk at lists.torproject.org
>
>
>I am working on improving our ability to do more thorough and
>standardized testing of Orbot, etc. As part of this, I am trying to
>come up with a simple filternet configuration based on OpenWRT, running
>on a TP Link MR3020.
>
>Currently, I have this working:
>
>- Use Dnsmasq to block high profile target domains (torproject.org,
>google, facebook, twitter, whatsapp, etc)
>- Block all HTTPS traffic (port 443)
>
>This simulates most of the common DNS poisoning and port blocking types
>attacks, though Tor can still easily connect at this point.
>
>I would like the ability to simulate a more severe environment, where
>for instance, Tor itself is targeted, and bridges are required. Any
>thoughts or experience doing this?
>
>- Block IPs/domains for known Tor Authority nodes
>
>- block based on Tor protocol characteristics: ssl certs, common ports,
>etc
>
>Thanks for any feedback, pointers, links, etc.
>
>+n
>
>
>--
>tor-talk mailing list - tor-talk at lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
>_______________________________________________
>Guardian-dev mailing list
>
>Post: Guardian-dev at lists.mayfirst.org
>List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
>To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
>Or visit:
>https://lists.mayfirst.org/mailman/options/guardian-dev/guardian%40ethack.org
>
>You are subscribed as: guardian at ethack.org
Heya!
I would use some pfsense/m0n0wall instead, as they do offer far more options, and may eat up snort rules (it can be installed and either log or act depending on what you want). Maybe kali on some rpi would also do the whole trick…
Just one question, speaking of testing: what do you use on the other side? Some devices, virtual machines, a mix… ? I'd be interested for my own dev ;).
Cheers,
C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140902/47b0438a/attachment.html>
More information about the Guardian-dev
mailing list