Onioncat is unique as a package but one could write something that does the same thing if desired Hosting one's website(s) on one or more USB sticks as TOR hidden services is far more secure than on doing it on the hard drive(s) XAMMP is a cross platform version of LAMP
lugh
- Global Moderator
- Foundress Queen
- Posts: 876
Vesp
- Administrator
- Foundress Queen
- Posts: 3,130
Also here: https://hackbloc.org/sites/hackbloc.org/files/hidsec.pdf
Its useful info for noobs, such as myself.
Its useful info for noobs, such as myself.
nigluhS
- Pupae
- Posts: 81
I was thinking outloud about this general idea with a co-worker. He had a good thought. Rather than use a usb stick, use a cd-r. Nothing could be writen to it.
Probably wouldn't even need hard drives.
So it could be "hosted" by the "peers' or "nodes" that are running the cd-r images. There would be a one time upload (from USB then to be totally destryed) of original content into the first node(s) RAM, which would get shared to the other nodes (in their RAM). There would have to be some sort of crypted handshake amounst the nodes to authenticate the latest or largest enum value (representing the latest updates to the source content). As long as one node stayes powered, the content is "alive".
Everythign satys in RAM, or is derived from the unwritable CD-R.
The theory is strong, gettign the peer network engineered would be the hard stuff.
Probably wouldn't even need hard drives.
So it could be "hosted" by the "peers' or "nodes" that are running the cd-r images. There would be a one time upload (from USB then to be totally destryed) of original content into the first node(s) RAM, which would get shared to the other nodes (in their RAM). There would have to be some sort of crypted handshake amounst the nodes to authenticate the latest or largest enum value (representing the latest updates to the source content). As long as one node stayes powered, the content is "alive".
Everythign satys in RAM, or is derived from the unwritable CD-R.
The theory is strong, gettign the peer network engineered would be the hard stuff.
lugh
- Global Moderator
- Foundress Queen
- Posts: 876
Quote
I was thinking outloud about this general idea with a co-worker. He had a good thought. Rather than use a usb stick, use a cd-r. Nothing could be writen to it.
Probably wouldn't even need hard drives.
Any web site hosted on a CD-R would have to be static Posting would be impossible
nigluhS
- Pupae
- Posts: 81
I beleive if the content was low res (stream lined), it could be designed to be pulled in/out of RAM.
that is why at least one node would have to remain active with the content...like I said its theoretical now, but the idea is doable I think.
that is why at least one node would have to remain active with the content...like I said its theoretical now, but the idea is doable I think.
lugh
- Global Moderator
- Foundress Queen
- Posts: 876
A CD-R has a capacity of about 700 MB You probably shouldn't consider quitting your day job
nigluhS
- Pupae
- Posts: 81
come on bro, you don't know me or my day job. If you did, we might not of all had to read that waste of a post. Zero value add ; )... I let you fly on that one.
The cd-r only contains the live OS boot and connection to the peer network. I think that cold be done with 700 mb
The content, as previously theorized, would remain in RAM, on the nodes within thepeer network. My 3 year old machine has 8 GB of RAM in it. Anyone with gaming machine should have plenty of RAM. Plus to make it all work smooth, I dont think one would want any sort of clunky big content bucket. Keeping things txt based would mainting high speed and content authentication between nodes.
Could we harnees the power of GPU's alla bitcoin miners (tangent side thought)?
The cd-r only contains the live OS boot and connection to the peer network. I think that cold be done with 700 mb
The content, as previously theorized, would remain in RAM, on the nodes within thepeer network. My 3 year old machine has 8 GB of RAM in it. Anyone with gaming machine should have plenty of RAM. Plus to make it all work smooth, I dont think one would want any sort of clunky big content bucket. Keeping things txt based would mainting high speed and content authentication between nodes.
Could we harnees the power of GPU's alla bitcoin miners (tangent side thought)?
Dr. Tox
- In Stasis: See You In A Few Years!
- Subordinate Wasp
- Posts: 145
Has anyone actually developed a decent, installable bitcoin miner by now? Back when I was trying out the couple that were available, they were complete shit.
dream0n
- Subordinate Wasp
- Posts: 204
Not completely related...
It depends on what system you are running. There are good interfaces for bitcoin miners on everything but OSX, (Linux - Windows).
-- There are, of course, command-line style programs for any system if you are willing to compile.
It depends on what system you are running. There are good interfaces for bitcoin miners on everything but OSX, (Linux - Windows).
-- There are, of course, command-line style programs for any system if you are willing to compile.
nigluhS
- Pupae
- Posts: 81
mos def not getting at bitcoin mining...was a random thought about using GPU to process any encryption faster...possibly...sorry for that distraction
Vesp
- Administrator
- Foundress Queen
- Posts: 3,130
I am thinking the best thing would be to do...
1. *BSD as main OS for security.
2. Run Ubuntu on VM as Tor Server using above tek... listed here: https://hackbloc.org/sites/hackbloc.org/files/hidsec.pdf (With improvements where possible..)
3. Also run Onion Cat, possibly?
Than turn that into an ISO image, or make it so scripts produce a fully functional *BSD machine, with virtual Ubuntu Machine with Tor Server...
Seems like it would be difficult on our part, but would achieve what I have in mind the best.
Edit: I am going to try to set some of this stuff up on my old computer when I get a damn mouse and keyboard for it (any idea how hard it is to do computer stuff without those? lol )
1. *BSD as main OS for security.
2. Run Ubuntu on VM as Tor Server using above tek... listed here: https://hackbloc.org/sites/hackbloc.org/files/hidsec.pdf (With improvements where possible..)
3. Also run Onion Cat, possibly?
Than turn that into an ISO image, or make it so scripts produce a fully functional *BSD machine, with virtual Ubuntu Machine with Tor Server...
Seems like it would be difficult on our part, but would achieve what I have in mind the best.
Edit: I am going to try to set some of this stuff up on my old computer when I get a damn mouse and keyboard for it (any idea how hard it is to do computer stuff without those? lol )
Vesp
- Administrator
- Foundress Queen
- Posts: 3,130
Check this out...
http://opensource.dyc.edu/tor-ramdisk
"Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM."
Not the best or what is wanted.. but related.
http://opensource.dyc.edu/tor-ramdisk
"Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM."
Not the best or what is wanted.. but related.
Wizard X
- Lord of the Realms
- Foundress Queen
- Posts: 1,224
I am thinking the best thing would be to do...
1. *BSD as main OS for security.
2. Run Ubuntu on VM as Tor Server using above tek... listed here: https://hackbloc.org/sites/hackbloc.org/files/hidsec.pdf (With improvements where possible..)
3. Also run Onion Cat, possibly?
Than turn that into an ISO image, or make it so scripts produce a fully functional *BSD machine, with virtual Ubuntu Machine with Tor Server...
Seems like it would be difficult on our part, but would achieve what I have in mind the best.
stuff without those? lol )
I would advise AGAINST IT: http://tails.boum.org/doc/advanced_topics/virtualization/index.en.html
nigluhS
- Pupae
- Posts: 81
I would advise AGAINST IT: http://tails.boum.org/doc/advanced_topics/virtualization/index.en.html
nice thing is tails warns you whern you fire it up on a vbox.
Vesp
- Administrator
- Foundress Queen
- Posts: 3,130
Well this for the Tor server -- putting it in a virtual machine makes it safer because if they hack into the first virtual machine it doesn't allow them to reveal important information that would lead to the owner such as the real IP address?
At least, that was the impression I am under?
Or perhaps I am misunderstanding something?
At least, that was the impression I am under?
Quote
A virtual machine is a complete operating system that runs inside another operating system. We will
use this to protect your identity. This way, even if somebody hacks into your hidden service, they won't
be able to find out your IP address, what's on your hard drive, or any other sensitive information.
Instead, they'll just land in an empty sandbox that has ONLY hidden service things. It's important that
you only use your virtual machine for your hidden service and NOTHING ELSE. Tor will run on the
host machine. Tor needs to access the internet, but your hidden service only needs to access Tor. In this
way, Tor can access the internet, connect to tor servers, etc. but the machine with your actual hiddenservice can only communicate through Tor. This removes the risk that an attacker can force your server
to divulge its IP address and therefore it's location/operator by requesting external files.
Or perhaps I am misunderstanding something?
lugh
- Global Moderator
- Foundress Queen
- Posts: 876
Quote
Well this for the Tor server -- putting it in a virtual machine makes it safer because if they hack into the first virtual machine it doesn't allow them to reveal important information that would lead to the owner such as the real IP address?
A TOR hidden service run in a virtual machine on a USB drive is the most secure way to host a web site
Vesp
- Administrator
- Foundress Queen
- Posts: 3,130
What added security does the USB drive add to it?
Any links or references/reason why?
Any links or references/reason why?
lugh
- Global Moderator
- Foundress Queen
- Posts: 876
There was a web page explaining that IP address detection via DNS leakage is minimized by this method of operation, but since all of those pages were eliminated last year it seems to be offline since it didn't get archived by the Wayback Machine
Wizard X
- Lord of the Realms
- Foundress Queen
- Posts: 1,224
Vesp: Read this http://g7pz322wcy6jnn4r.onion/opensource/II/Anonymity.html
Try Tails in a VirtualBox http://tails.boum.org/doc/advanced_topics/virtualization/tips/index.en.html
If the attacker HAS COMPROMISED YOUR WEB SERVER - It's more that likely further code uploading and execution can compromise the VirtualBox & Host OS.
Try Tails in a VirtualBox http://tails.boum.org/doc/advanced_topics/virtualization/tips/index.en.html
Quote
Tor will run on the host machine. Tor needs to access the internet, but your hidden service only needs to access Tor. In this way, Tor can access the internet, connect to tor servers, etc. but the machine with your actual hiddenservice can only communicate through Tor. This removes the risk that an attacker can force your server to divulge its IP address and therefore it's location/operator by requesting external files.
If the attacker HAS COMPROMISED YOUR WEB SERVER - It's more that likely further code uploading and execution can compromise the VirtualBox & Host OS.
Vesp
- Administrator
- Foundress Queen
- Posts: 3,130
I see.
Thank you very much.
It looks like I just need to read a lot more about this. I'm just starting to get oriented about all the implications involved.
Thank you very much.
It looks like I just need to read a lot more about this. I'm just starting to get oriented about all the implications involved.