HR Geeks

I have always been a fan of the underlying concepts of TOR. I frequently utilize it in my scripts to simulate traffic from all over the globe. From a programming prospective, I’ve used it for anything from testing a web service to rigging an online poll… OK, I’m just as guilty of using TOR for its unintended purposes as anyone

Recently I decided to try setting up a TOR hidden service. While “anonymous” browsing via TOR is fairly well known, the ability to setup anonymous servers is often overlooked. When you setup a hidden service, you can host applications on a server whose location is completely unknown. All traffic to and from the service is encrypted and comes “anonymously” over the TOR network. Sounds neat! What’s the catch!?

The Catch: If the server hosting your hidden service is ever compromised, so is the IP of the server and most likely its owner. If you setup a anti-scientology forum using PHPBB and it gets exploited (that never happens), any anonymity provided by the TOR hidden service can be stripped away. If this happens, expect to hear from their lawyers

I had the idea to setup an anonymous bittorrent tracker on the TOR network. With all the good trackers getting shut down, why not setup an “untrackable” tracker that couldn’t get shutdown.

VMWare is really handy for setting up a secure hidden service. Without VMWare you would need two dedicated workstations. The diagram below shows my take on setting up a secure hidden node.

The concept of this network is fairly straight forward. Your application server (in this example Apache) needs to be isolated from any networks that have internet connectivity. If your hidden service is exploited, the attacker must not be able to determine where your application server is located.

In this example, my application server (10.0.1.2) can only talk to the TOR proxy node on its secondary address on the 10.0.1.0/24 network. Firewalls running on both servers prevent any traffic that is not HTTP traffic requested from the TOR network. If someone exploits my tracker and runs unauthorized code, they only have access to the local box. They can not originate any traffic that was not requested by the TOR proxy running on 10.0.1.1.

The TOR node has a secondary interface on the SOHO LAN. This interface is used only for encrypted TOR traffic coming to/from the internet. This server should only be permitted to reach the TOR network over its encrypted connection and not have full NAT access to reach the internet. We’re putting a lot of trust in the TOR daemon. If it were exploited, you’re hidden service location would also be visible to the attacker.

I wasn’t super paranoid in my testing and used iptables on the hidden service and TOR node. If you’re really nervous, you’d need hardware firewalls to prevent the box from being exploited and having someone strip down your ruleset.

Is this a lot of work just to setup a hidden service? Yes, yes it is! For those wondering, my experiment was a total failure. While it worked technically, it was so slow no one would ever use it.

If you’re wondering, most hidden services are crap. The good ones are, well, hidden! The only real exception to the public hidden services is WikiLeaks. WikiLeaks is an excellent example of a site that was facing censorship and turned to the TOR network to ensure they could continue to make their information public.