proper bouncing

[chango]

Would be interesting to know other people's thoughts about the proper way to build and use a bounce chain. I guess most serious people use custom solutions, and probably wont want to disclose details. From the publicly available solutions TOR is pretty good, but it has two problems: it's monitored (exit nodes most certainly), and it's vulnerable to traffic analysis.

Some interesting bibliography about traffic analysis and other related things: http://freehaven.net/anonbib/topic.html

[KenTheFurry]

My idea for a good system would be fairly flow but it would be safe.
Every node in the system generates a key pair every other day then shreds the old ones once all the requests up to the switch to the new key.
Then when ever someone wants some content they generate a key pair and do some onion routing using the distributed node keys and for the packet at the core it attaches its one time public key with its request, no other routing information then that packet is injected into the system and bounced around to a random known node and held for a random amount of time then it forwards to first layer's node and if it does not know the first one it will just bounce it to one of the nodes it does know. Then that is repeated to get the packet back. This would work well with semi large files. But it would need refinement.

[chango]

Yes, a good onion routing system should be something like you describe. Especially introducing random delays and dummy traffic to make it more resistant to traffic analysis. Would be nice to have something like that, or alternatives to TOR. How about I2P? Anyone experimented with it? Any other interesting project on these lines?

Back to bouncing basics, sometimes I see people sshing to a box and then from that box they ssh to a second box. This is not proper bouncing. Someone controlling the first box can see everything you do in the second one, can see the password (if you type one), can own the second box hijacking your second ssh session, etc. When you bounce with ssh, you want to build a tunnel to connect from a hop to the next one (-L or -D), and run all ssh clients in your local box connecting through the tunnels.

Another common mistake is to bounce with a single hop. You need at least 2 hops in your bounce chain, so none of them can see both the target and your ip address at the same time. But if you care you would use much longer chains. Then, once you have a quite long chain you would start caring more about traffic analysis.

[KenTheFurry]

When I need to or feel like it I do use ssh tunnels using systems then at the end I use openVPN and connect to an anon vpn and because it is openVPN I have the vpns public cert on file so if someone tried a mitm that is out, and with the ssh tunnels they each are in separate countries on dedicated hosts that have a knock sequence so the system admins if they have any are unlikely to find them if they do any pen testing or look at any logs because of my rootkit. If one day I get a authorization denied I'll just move on to another node.

[chango]

Right, openvpn on tcp is great at the end of a bounce chain. Is also great at the end of tor to avoid getting sniffed by those germans... hehe

[chango]

Also, TOR+OpenVPN feels much faster than TOR alone, presumably because a lot of the TOR overhead is constantly building circuits and opening streams on those circuits, while OpenVPN over TOR would only use one circuit. Not the same level anonymity, but fast.

[chango]

Also good point about the bounce chain nodes in different countries. Is better if you chose them in such a way that would be harder for the admins to speak to one another (different languages, etc). Also is better if you can read their email and know if they notice anything strange. And better if contiguous nodes run different OS and dont share common vulnerabilities (since some people could attempt to follow your bounce chain owning your nodes one by one).

[KenTheFurry]

And if someone did manage to follow my chain back to the wireless ap I am using... I have a lets say very powerful antenna so they have a semi general location in a densely populated city.

[williamsen786]

HI, I have some interest in hacking but I heard that there are chances of getting caught in illegal surfing; I want to know if using Iphone vpn   is a secure way for hacking purpose. I am not a hardcore hacker but play things around here.