SlideShare a Scribd company logo

Setting Up .Onion Addresses for your Enterprise, v3.5

A
Alec Muffett

Onion networking provides an alternative to traditional IP networking by using self-authenticating onion addresses and circuits through the Tor network. Some key aspects of onion networking include: 1) It establishes circuits between clients and servers to transport TCP connections, similar to how IP uses frames and MAC addresses. 2) Onion addresses resolve to introduction points that introduce circuits to rendezvous points for communication, providing redundancy and avoiding single points of failure. 3) While slower than traditional networking due to additional hops, onion networking provides benefits like built-in anonymity, censorship resistance, and lack of single points of control due to its distributed nature.

1 of 79
Download to read offline
setting up .onion addresses …for your website enterprise v3.5 - @alecmuffett 2018
hi!
BBC Radio 4, circa 2012 <cyber type="ominous"/>
"awesome!"
"dark net" not as scary as advertised
<years n=2/>
Setting Up .Onion Addresses for your Enterprise, v3.5
<years n=2/>
<downshift/>
<bored/>
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5
why .onion? • you have a community, or you have an audience • for some, ability to access content is hampered • for some, risk of fake websites, credential theft,
 or political repercussions for accessing content • for some, privacy, assurance & trust is paramount
social value of .onion? • greater assurance • facebookcorewwwi.onion => genuine facebook • greater availability & privacy • .onion => hard to block/surveil (if sometimes a little flaky) • fewer digital footprints • people using onions are perforce using tor browser • tor browser is generally better at data "hygiene"
tech value of .onion? <see second half of presentation>
desktop? mobile? both? • Mac / Win / Linux • tor browser (integrated tor + custom-tuned firefox) • Android • orbot (tor) + orfox (browser) • iOS • onion browser (integrated) • other iOS in progress
Setting Up .Onion Addresses for your Enterprise, v3.5
what is .onion? "the top level domain name for the onion namespace"
what is a namespace? • namespace is "an address + what it means/looks like" • ipv4 addresses look like: 192.168.1.1 • ipv6 addresses look like: fe80::226:21ff:fed8:fbc2 • dns addresses look like: www.foo.com • onion addresses look like: ylzpg2givhwizoep.onion
how do addresses work? • all these addresses can be typed into a web browser: • http://192.168.1.1/- ipv4, supported everywhere • http://[fe80::226:21ff:fed8:fbc2]/ - ipv6, variable • http://www.foo.com/ - dns, supported everywhere • http://ylzpu2givhwizoep.onion/ - needs a Tor browser • …they all connect you to a remote computer
how is .onion unusual? • "under the bonnet", an onion is a raw network address • …just like 192.168.1.1 or fe80::226:21ff:fed8:fbc2 • but: formatted like a traditional dns domain name • ".onion" looks like ".com" or ".co.uk" • this means browsers treat the addresses equitably • including subdomains: www.facebookcorewwwi.onion
“subdomains”
 on a network address?!? • yes! this would never work with ipv4 … • www.192.168.1.1 would not mean anything sensible • but www.facebookcorewwwi.onion is meaningful to HTTP • …still means facebookcorewwwi.onion • …the "www." bit is transported in the Host: header • thus: standard HTTP/HTML/browser behaviour
how do you
 choose addresses? • ipv4 addresses: you take what you are given (eg: DHCP) • ipv6 addresses: ditto (mostly) • dns addresses: you choose a name, & register it • …unless someone beats you to it… • onion addresses: get a random one, or else "mine" one • more mining => "better quality"
howto: arbitrary traffic? HiddenServiceDir /var/lib/tor/onion-1 # => random onion address in "hostname" file HiddenServicePort 22 127.0.0.1:22 Server: /etc/tor/torrc Host my-onion HostName xxxxxxxxxxxxxxxx.onion ProxyCommand= nc -x localhost:9150 %h %p # 9150 => builtin SOCKS5 in local TorBrowser Client: ~/.ssh/config software-defined listening port number
howto: password-protect
 onion network interfaces? Server: /etc/tor/torrc …yields: the following hostname file
how to serve .onion websites? 3 options…
1. dedicated server • you have a dedicated web server, and it… • is configured to know about its onion address • essentially runs as a standalone service • perhaps serves duplicate content ?
2. onion-aware CMS • you have a web server, and it… • serves content to .com, .co.uk, .in, … • why not just add yet another domain name? • tag requests arriving from .onion reverse proxy • ensure that tagged requests are consistently responded-to, citing only your onion address(es)
3. onion shim • you have a web server, and it… • primarily serves content as (say) nytimes.com • install a shim between it and the tor reverse proxy… • shim bidirectionally rewrites requests & responses • nytimes.com <=> nytimes3xbfgragh.onion • custom engineering, or EOTK / Enterprise Onion Toolkit
 open-source shim for enterprise onions
examples
 (or: implement a blend…) 1. dedicated onion server (eg: various SecureDrop sites) • use-case dependent, probably involves anonymity 2. onion-aware CMS (eg: Facebook) • excellent for primarily-dynamically-generated content • modest engineering, ongoing commitment, can be 100% solution 3. onion shim EOTK (eg: NYT) • onionifies all content, including static or static/dynamic mix • minimal/zero engineering, some edge cases, 95..99%+ solution
implementation tips • don't forget to onionify your CDNs where possible • try to avoid content-leakage between domains • accidentally wandering-off to the cleartext/.com site • e.g. OAuth redirects, tracker embeds… • use horizontal load-balancing for scale • free solution: OnionBalance (EOTK supports) • onions (even via shim) are generally faster for Tor
nits • you will almost certainly need to buy a special HTTPS cert • cost: probably from mid $$$ to low $$$$ • plus: associated paperwork & faff • if you take payments / subscriptions? • you may want to restrict access to payments over tor? • payment providers often block tor, this can sometimes lead to poor user experiences…
TECH?
Onion Networking
 as a Layer-3 Network
How IP→Ethernet Works • Server: publishes mapping of IP to MAC address • Gratuitous ARP → populate ARP tables • Client: resolves mapping of IP to MAC address • Checks local ARP table (or makes ARP query) • Client: issues Ethernet frames to MAC address • Frames transport packets yielding TCP connections
How Onion→IP Works • Server: publishes mapping of Onion to IP address • Descriptor Publication → populate HSDir DHT Ring • Client: resolves mapping of Onion to IP address • Checks HSDir DHT Ring (source of truth) • Client: issues TCP connection to Tor relay • Connections transport Tor cells yielding Tor circuits
Important Takeaways
1) TCP/IP is the
 L2 "data-link layer" of Onionspace
# OSI Name Internet Onion 7 Application https, ssh, etc… https, ssh, etc… 6 Presentation socket* socks5 proxy 5 Session tcp/udp socket* tcp socket via socks5 4 Transport tcp/udp protocol tcp circuit 3 Network packet to IP addr cell to Onion addr 2 Data Link frames/MAC/LLC cells over tcp 1 Physical bit bit
2) Onionspace is flat
Onion-flattyness • NAT/Firewalls are not an issue • Connections pretend to be direct, local-network TCP. • Services & Ports are published, not ad-hoc/promiscuous • Onionspace port-scanning is restricted to services and ports which are published by the owners: • HiddenServicePort 44422 localhost:22 • "consent-based networking", cf: NSAPs in X.25 ?
(2018 - 1994) + 13 = 37
Returning to the disintermediated
 end-to-end Internet
3) Onionspace is circuit-switched
Circuit-switchyness • Long-term circuits between client/server are established • Traffic tunnels over circuits • A bit like X.25 Networking • sometimes circuits break • but then, so does TCP (i.e.: RST) • Circuits may carry multiple TCP/IP streams, be reused • Presentation: as a SOCKS5 relay
4) Rendezvous,
 not Client-Server
1 server sets up introduction point 2 server publishes descriptor 3 client looks-up descriptor / intro-point 4a client sets up rendez-point 4b client tells server "meet me at rendez-point" 5 data exchanged via circuit via rendez "Rendezvous",
 a safer "Client-Server" Server HSDir DHT Ring Client Introduction Point Tor "Cloud" 2 1 4b 3 4a5 Rendezvous Point nb: all connections established 
 "outbound" through the firewall(s); server can live in "enclave" firewallfirewall
"Rendezvous" at L7? • All this is hidden behind SOCKS5 for app presentation • Your app thinks that it is talking to a TCP/IP stream • Truth = more complex
5) Introduction points have redundancy, transience and migrate globally, leading to…
high-availabilityness (H/A) • DDoS Resistance • Harder to hit a moving target, key resources "at 1+ remove" • Built-in "GSLB" (global server load balancing) • You have little control of where Introduction, or Rendezvous Points are created, but they are distributed globally • Servers can be replicated globally, too; flatness = simpler • "DNSRR" equivalent (DNS Round Robin) • "OnionBalance" enables recombination of descriptors, shares load over servers like DSR (direct server return); or full H/A replicas
6) self-authentication
self-authenticatingness • Onion addresses are literally cryptographically-trustable layer-3 network addresses • If you type the address correctly, you are guaranteed to be communicating with someone who has the private key • Built-in IPsec ESP and AH • No PSK hassle • No CA hassle • No revocation, no X.509, no OpenSSL, no faff…
7) …and finally…
BGP-Hijack Resistance • Tor is an over-the-top meta-network • It doesn't much care what's happening at the IP layer
If you remember one thing: • Tor "treats censorship as damage, and routes around it" • literally its raison d'être… • …with all these hostile actors it's actually pretty good at (eventually) routing around damage of any kind. • Wasn't the Internet supposed to do this anyway? • Maybe we just got too used to reliable networks?
The Downsides?
Downside 1:
 latency, lag, circuit drops
"good enough for the right kinds of workload"
Four Major Types Of
 Established Tor Connection Rendezvous Rendezvous TorBrowser MiddleGuard WebsiteExit Rendezvous TorBrowser MiddleGuard Middle1 Guard Onion OnionMiddle1 GuardBrowser Tor2web TorBrowser MiddleGuard Onion Browsing Normal Web Over Tor Browsing Onion Site Over Tor Browsing Onion Site From Normal Client Using Tor2web (bad idea) Browsing Single-Hop Onion Site (Facebook, NYT, …) single hop single hophttp Protected only by HTTPS, if that... Middle2 Middle2 Chosen by Client Chosen by Server nb:TorBrowser is simply
 a normal browser with 
 embedded Tor software nb: Onion site is simply
 a normal website with 
 bonded Tor software
Tor as Web CDN: Normal vs Onion TorBrowser MiddleGuard WebsiteExit RendezvousTorBrowser MiddleGuard Onion CDN Normal Web Over Tor CDN Single-Hop Onion Site Chosen by Client Chosen by Server Website X: exit node to webserver Y: onion to rendezvous Z: link to webserver → congestion shim / revproxyfast Generally: (Y+Z) < X (less is better)
Downside 2:
 Learning New Stuff
Learning New Stuff • Tor is not TCP/IP (but feels similar) • Tor is not an in-kernel network • userspace daemons • config files, not ifconfig • Tor is evolving • Just like TCP/IP was in 1992
Example: Wikipedia
Setting Up .Onion Addresses for your Enterprise, v3.5
entire config file:
eotk config file
resulting tor config
resulting nginx config
resulting nginx config
experiment works!
then: DoS Attack!
<code/>
Setting Up .Onion Addresses for your Enterprise, v3.5
fixed (enough)
Wikipedia Experiment • Why? • Short-term test to prove the concept • Cheap, low resource-usage, borrowed hardware • Was DoS'd by <some asshole with bots> • Sustained few-hundreds of hits per second • Hardly noticeable impact on single quad-core server
video:
 performance test
tip: long video, questions welcome…
onion Tor vs: plain Tor
for deck PDF,
 twitter search: from:alecmuffett "nluug slides" ...will be posted later today
Ad

Recommended

Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018
Alec Muffett
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
Dan Kaminsky
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Web
amiable_indian
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
Andrew Morris
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Dan Kaminsky
 
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip HopFlaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop
Andrew Morris
 
Cloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big DataCloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big Data
Christopher Grayson
 
HTTP/2: What's new?
HTTP/2: What's new? HTTP/2: What's new?
HTTP/2: What's new?
Piet van Dongen
 
CableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home NetworkCableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home Network
Christopher Grayson
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
Christopher Grayson
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat Security Conference
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
Dan Kaminsky
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
Dan Kaminsky
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Rob Fuller
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 ccc
Dan Kaminsky
 
Confidence web
Confidence webConfidence web
Confidence web
Dan Kaminsky
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
Dan Kaminsky
 
DNS Cache White Paper
DNS Cache White PaperDNS Cache White Paper
DNS Cache White Paper
Ryan Ellingson
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege Escalation
Sunny Neo
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
Novell
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
CNIT 124: Ch 7: Capturing Traffic
CNIT 124: Ch 7: Capturing TrafficCNIT 124: Ch 7: Capturing Traffic
CNIT 124: Ch 7: Capturing Traffic
Sam Bowne
 
I See You
I See YouI See You
I See You
Andrew Beard
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
antitree
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Dan Kaminsky
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
Andrew McNicol
 
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
APNIC
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Sam Bowne
 
Setting-up a .Onion address for your Website, v1.5
Setting-up a .Onion address for your Website, v1.5Setting-up a .Onion address for your Website, v1.5
Setting-up a .Onion address for your Website, v1.5
Alec Muffett
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat Security Conference
 
Ad

More Related Content

What's hot (20)

CableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home NetworkCableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home Network
Christopher Grayson
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
Christopher Grayson
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat Security Conference
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
Dan Kaminsky
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
Dan Kaminsky
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Rob Fuller
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 ccc
Dan Kaminsky
 
Confidence web
Confidence webConfidence web
Confidence web
Dan Kaminsky
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
Dan Kaminsky
 
DNS Cache White Paper
DNS Cache White PaperDNS Cache White Paper
DNS Cache White Paper
Ryan Ellingson
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege Escalation
Sunny Neo
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
Novell
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
CNIT 124: Ch 7: Capturing Traffic
CNIT 124: Ch 7: Capturing TrafficCNIT 124: Ch 7: Capturing Traffic
CNIT 124: Ch 7: Capturing Traffic
Sam Bowne
 
I See You
I See YouI See You
I See You
Andrew Beard
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
antitree
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Dan Kaminsky
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
Andrew McNicol
 
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
APNIC
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Sam Bowne
 
CableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home NetworkCableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home Network
Christopher Grayson
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
Christopher Grayson
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat Security Conference
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
Dan Kaminsky
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
Dan Kaminsky
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Rob Fuller
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 ccc
Dan Kaminsky
 
Confidence web
Confidence webConfidence web
Confidence web
Dan Kaminsky
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
Dan Kaminsky
 
DNS Cache White Paper
DNS Cache White PaperDNS Cache White Paper
DNS Cache White Paper
Ryan Ellingson
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege Escalation
Sunny Neo
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
Novell
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
CNIT 124: Ch 7: Capturing Traffic
CNIT 124: Ch 7: Capturing TrafficCNIT 124: Ch 7: Capturing Traffic
CNIT 124: Ch 7: Capturing Traffic
Sam Bowne
 
I See You
I See YouI See You
I See You
Andrew Beard
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
antitree
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Dan Kaminsky
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
Andrew McNicol
 
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
APNIC
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Sam Bowne
 

Similar to Setting Up .Onion Addresses for your Enterprise, v3.5 (20)

Setting-up a .Onion address for your Website, v1.5
Setting-up a .Onion address for your Website, v1.5Setting-up a .Onion address for your Website, v1.5
Setting-up a .Onion address for your Website, v1.5
Alec Muffett
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat Security Conference
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
APNIC
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the Internet
Andrew Morris
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
Chris Gates
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
antitree
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
royans
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
Introduction to Computer Networking
Introduction to Computer NetworkingIntroduction to Computer Networking
Introduction to Computer Networking
Amit Saha
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applications
Olivier Bonaventure
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
UC San Diego
 
P2P Lecture.ppt
P2P Lecture.pptP2P Lecture.ppt
P2P Lecture.ppt
JohnRebenRequinto1
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The Things
Balazs Bucsay
 
Basic computers for DIU laptop project students
Basic computers for DIU laptop project studentsBasic computers for DIU laptop project students
Basic computers for DIU laptop project students
Alauddin Azad
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
Felipe Prado
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
 
Distributed "Web Scale" Systems
Distributed "Web Scale" SystemsDistributed "Web Scale" Systems
Distributed "Web Scale" Systems
Ricardo Vice Santos
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
Balazs Bucsay
 
Burp suite
Burp suiteBurp suite
Burp suite
Yashar Shahinzadeh
 
Setting-up a .Onion address for your Website, v1.5
Setting-up a .Onion address for your Website, v1.5Setting-up a .Onion address for your Website, v1.5
Setting-up a .Onion address for your Website, v1.5
Alec Muffett
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat Security Conference
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
APNIC
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the Internet
Andrew Morris
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
Chris Gates
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
antitree
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
royans
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
Introduction to Computer Networking
Introduction to Computer NetworkingIntroduction to Computer Networking
Introduction to Computer Networking
Amit Saha
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applications
Olivier Bonaventure
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
UC San Diego
 
P2P Lecture.ppt
P2P Lecture.pptP2P Lecture.ppt
P2P Lecture.ppt
JohnRebenRequinto1
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The Things
Balazs Bucsay
 
Basic computers for DIU laptop project students
Basic computers for DIU laptop project studentsBasic computers for DIU laptop project students
Basic computers for DIU laptop project students
Alauddin Azad
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
Felipe Prado
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
 
Distributed "Web Scale" Systems
Distributed "Web Scale" SystemsDistributed "Web Scale" Systems
Distributed "Web Scale" Systems
Ricardo Vice Santos
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
Balazs Bucsay
 
Burp suite
Burp suiteBurp suite
Burp suite
Yashar Shahinzadeh
 
Ad

More from Alec Muffett (6)

How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2
Alec Muffett
 
Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3
Alec Muffett
 
You and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the NetYou and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the Net
Alec Muffett
 
Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2
Alec Muffett
 
How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1
Alec Muffett
 
Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1
Alec Muffett
 
How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2
Alec Muffett
 
Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3
Alec Muffett
 
You and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the NetYou and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the Net
Alec Muffett
 
Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2
Alec Muffett
 
How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1
Alec Muffett
 
Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1
Alec Muffett
 
Ad

Recently uploaded (20)

Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 

Setting Up .Onion Addresses for your Enterprise, v3.5

  • 1. setting up .onion addresses …for your website enterprise v3.5 - @alecmuffett 2018
  • 2. hi!
  • 3. BBC Radio 4, circa 2012 <cyber type="ominous"/>
  • 5. "dark net" not as scary as advertised
  • 13. why .onion? • you have a community, or you have an audience • for some, ability to access content is hampered • for some, risk of fake websites, credential theft,
 or political repercussions for accessing content • for some, privacy, assurance & trust is paramount
  • 14. social value of .onion? • greater assurance • facebookcorewwwi.onion => genuine facebook • greater availability & privacy • .onion => hard to block/surveil (if sometimes a little flaky) • fewer digital footprints • people using onions are perforce using tor browser • tor browser is generally better at data "hygiene"
  • 15. tech value of .onion? <see second half of presentation>
  • 16. desktop? mobile? both? • Mac / Win / Linux • tor browser (integrated tor + custom-tuned firefox) • Android • orbot (tor) + orfox (browser) • iOS • onion browser (integrated) • other iOS in progress
  • 18. what is .onion? "the top level domain name for the onion namespace"
  • 19. what is a namespace? • namespace is "an address + what it means/looks like" • ipv4 addresses look like: 192.168.1.1 • ipv6 addresses look like: fe80::226:21ff:fed8:fbc2 • dns addresses look like: www.foo.com • onion addresses look like: ylzpg2givhwizoep.onion
  • 20. how do addresses work? • all these addresses can be typed into a web browser: • http://192.168.1.1/- ipv4, supported everywhere • http://[fe80::226:21ff:fed8:fbc2]/ - ipv6, variable • http://www.foo.com/ - dns, supported everywhere • http://ylzpu2givhwizoep.onion/ - needs a Tor browser • …they all connect you to a remote computer
  • 21. how is .onion unusual? • "under the bonnet", an onion is a raw network address • …just like 192.168.1.1 or fe80::226:21ff:fed8:fbc2 • but: formatted like a traditional dns domain name • ".onion" looks like ".com" or ".co.uk" • this means browsers treat the addresses equitably • including subdomains: www.facebookcorewwwi.onion
  • 22. “subdomains”
 on a network address?!? • yes! this would never work with ipv4 … • www.192.168.1.1 would not mean anything sensible • but www.facebookcorewwwi.onion is meaningful to HTTP • …still means facebookcorewwwi.onion • …the "www." bit is transported in the Host: header • thus: standard HTTP/HTML/browser behaviour
  • 23. how do you
 choose addresses? • ipv4 addresses: you take what you are given (eg: DHCP) • ipv6 addresses: ditto (mostly) • dns addresses: you choose a name, & register it • …unless someone beats you to it… • onion addresses: get a random one, or else "mine" one • more mining => "better quality"
  • 24. howto: arbitrary traffic? HiddenServiceDir /var/lib/tor/onion-1 # => random onion address in "hostname" file HiddenServicePort 22 127.0.0.1:22 Server: /etc/tor/torrc Host my-onion HostName xxxxxxxxxxxxxxxx.onion ProxyCommand= nc -x localhost:9150 %h %p # 9150 => builtin SOCKS5 in local TorBrowser Client: ~/.ssh/config software-defined listening port number
  • 25. howto: password-protect
 onion network interfaces? Server: /etc/tor/torrc …yields: the following hostname file
  • 26. how to serve .onion websites? 3 options…
  • 27. 1. dedicated server • you have a dedicated web server, and it… • is configured to know about its onion address • essentially runs as a standalone service • perhaps serves duplicate content ?
  • 28. 2. onion-aware CMS • you have a web server, and it… • serves content to .com, .co.uk, .in, … • why not just add yet another domain name? • tag requests arriving from .onion reverse proxy • ensure that tagged requests are consistently responded-to, citing only your onion address(es)
  • 29. 3. onion shim • you have a web server, and it… • primarily serves content as (say) nytimes.com • install a shim between it and the tor reverse proxy… • shim bidirectionally rewrites requests & responses • nytimes.com <=> nytimes3xbfgragh.onion • custom engineering, or EOTK / Enterprise Onion Toolkit
 open-source shim for enterprise onions
  • 30. examples
 (or: implement a blend…) 1. dedicated onion server (eg: various SecureDrop sites) • use-case dependent, probably involves anonymity 2. onion-aware CMS (eg: Facebook) • excellent for primarily-dynamically-generated content • modest engineering, ongoing commitment, can be 100% solution 3. onion shim EOTK (eg: NYT) • onionifies all content, including static or static/dynamic mix • minimal/zero engineering, some edge cases, 95..99%+ solution
  • 31. implementation tips • don't forget to onionify your CDNs where possible • try to avoid content-leakage between domains • accidentally wandering-off to the cleartext/.com site • e.g. OAuth redirects, tracker embeds… • use horizontal load-balancing for scale • free solution: OnionBalance (EOTK supports) • onions (even via shim) are generally faster for Tor
  • 32. nits • you will almost certainly need to buy a special HTTPS cert • cost: probably from mid $$$ to low $$$$ • plus: associated paperwork & faff • if you take payments / subscriptions? • you may want to restrict access to payments over tor? • payment providers often block tor, this can sometimes lead to poor user experiences…
  • 33. TECH?
  • 34. Onion Networking
 as a Layer-3 Network
  • 35. How IP→Ethernet Works • Server: publishes mapping of IP to MAC address • Gratuitous ARP → populate ARP tables • Client: resolves mapping of IP to MAC address • Checks local ARP table (or makes ARP query) • Client: issues Ethernet frames to MAC address • Frames transport packets yielding TCP connections
  • 36. How Onion→IP Works • Server: publishes mapping of Onion to IP address • Descriptor Publication → populate HSDir DHT Ring • Client: resolves mapping of Onion to IP address • Checks HSDir DHT Ring (source of truth) • Client: issues TCP connection to Tor relay • Connections transport Tor cells yielding Tor circuits
  • 38. 1) TCP/IP is the
 L2 "data-link layer" of Onionspace
  • 39. # OSI Name Internet Onion 7 Application https, ssh, etc… https, ssh, etc… 6 Presentation socket* socks5 proxy 5 Session tcp/udp socket* tcp socket via socks5 4 Transport tcp/udp protocol tcp circuit 3 Network packet to IP addr cell to Onion addr 2 Data Link frames/MAC/LLC cells over tcp 1 Physical bit bit
  • 41. Onion-flattyness • NAT/Firewalls are not an issue • Connections pretend to be direct, local-network TCP. • Services & Ports are published, not ad-hoc/promiscuous • Onionspace port-scanning is restricted to services and ports which are published by the owners: • HiddenServicePort 44422 localhost:22 • "consent-based networking", cf: NSAPs in X.25 ?
  • 42. (2018 - 1994) + 13 = 37
  • 45. Circuit-switchyness • Long-term circuits between client/server are established • Traffic tunnels over circuits • A bit like X.25 Networking • sometimes circuits break • but then, so does TCP (i.e.: RST) • Circuits may carry multiple TCP/IP streams, be reused • Presentation: as a SOCKS5 relay
  • 47. 1 server sets up introduction point 2 server publishes descriptor 3 client looks-up descriptor / intro-point 4a client sets up rendez-point 4b client tells server "meet me at rendez-point" 5 data exchanged via circuit via rendez "Rendezvous",
 a safer "Client-Server" Server HSDir DHT Ring Client Introduction Point Tor "Cloud" 2 1 4b 3 4a5 Rendezvous Point nb: all connections established 
 "outbound" through the firewall(s); server can live in "enclave" firewallfirewall
  • 48. "Rendezvous" at L7? • All this is hidden behind SOCKS5 for app presentation • Your app thinks that it is talking to a TCP/IP stream • Truth = more complex
  • 49. 5) Introduction points have redundancy, transience and migrate globally, leading to…
  • 50. high-availabilityness (H/A) • DDoS Resistance • Harder to hit a moving target, key resources "at 1+ remove" • Built-in "GSLB" (global server load balancing) • You have little control of where Introduction, or Rendezvous Points are created, but they are distributed globally • Servers can be replicated globally, too; flatness = simpler • "DNSRR" equivalent (DNS Round Robin) • "OnionBalance" enables recombination of descriptors, shares load over servers like DSR (direct server return); or full H/A replicas
  • 52. self-authenticatingness • Onion addresses are literally cryptographically-trustable layer-3 network addresses • If you type the address correctly, you are guaranteed to be communicating with someone who has the private key • Built-in IPsec ESP and AH • No PSK hassle • No CA hassle • No revocation, no X.509, no OpenSSL, no faff…
  • 54. BGP-Hijack Resistance • Tor is an over-the-top meta-network • It doesn't much care what's happening at the IP layer
  • 55. If you remember one thing: • Tor "treats censorship as damage, and routes around it" • literally its raison d'être… • …with all these hostile actors it's actually pretty good at (eventually) routing around damage of any kind. • Wasn't the Internet supposed to do this anyway? • Maybe we just got too used to reliable networks?
  • 58. "good enough for the right kinds of workload"
  • 59. Four Major Types Of
 Established Tor Connection Rendezvous Rendezvous TorBrowser MiddleGuard WebsiteExit Rendezvous TorBrowser MiddleGuard Middle1 Guard Onion OnionMiddle1 GuardBrowser Tor2web TorBrowser MiddleGuard Onion Browsing Normal Web Over Tor Browsing Onion Site Over Tor Browsing Onion Site From Normal Client Using Tor2web (bad idea) Browsing Single-Hop Onion Site (Facebook, NYT, …) single hop single hophttp Protected only by HTTPS, if that... Middle2 Middle2 Chosen by Client Chosen by Server nb:TorBrowser is simply
 a normal browser with 
 embedded Tor software nb: Onion site is simply
 a normal website with 
 bonded Tor software
  • 60. Tor as Web CDN: Normal vs Onion TorBrowser MiddleGuard WebsiteExit RendezvousTorBrowser MiddleGuard Onion CDN Normal Web Over Tor CDN Single-Hop Onion Site Chosen by Client Chosen by Server Website X: exit node to webserver Y: onion to rendezvous Z: link to webserver → congestion shim / revproxyfast Generally: (Y+Z) < X (less is better)
  • 62. Learning New Stuff • Tor is not TCP/IP (but feels similar) • Tor is not an in-kernel network • userspace daemons • config files, not ifconfig • Tor is evolving • Just like TCP/IP was in 1992
  • 75. Wikipedia Experiment • Why? • Short-term test to prove the concept • Cheap, low resource-usage, borrowed hardware • Was DoS'd by <some asshole with bots> • Sustained few-hundreds of hits per second • Hardly noticeable impact on single quad-core server
  • 78. onion Tor vs: plain Tor
  • 79. for deck PDF,
 twitter search: from:alecmuffett "nluug slides" ...will be posted later today