Experiments on The Live Tor Network
Dear Security Professionals,
In This release we focused on the Live Tor Network. You will read an article presenting practical usage of Tor Path Simulator - TorPS quickly simulates path selection in Tor. The code can be obtained with git clone https://github.com/torps/torps.git.
Also, we will show you the features of Shadow - it is a unique discrete-event network simulator that runs real applications like Tor, and distributed systems of thousands of nodes on a single machine. Shadow combines the accuracy of emulation with the efficiency and control of simulation, achieving the best of both approaches.
Moreover, this issue includes a NetCat tutorial to remind you how to use the application that reads and writes data across network connections, using the TCP/IP protocol.
Page 5: THE TOR PATH SIMULATOR
TorPS faithfully mimics the behavior of Tor client software for creating exit circuits, taking into account features significant to path selection, such as: bandwidth weighting; relay hibernation; guard selection and rotation; exit policies; family and /16-subnet conflicts; and DNS resolution. A Tor Metrics consensus and its corresponding descriptors are used as if they were retrieved by the client when the consensus was published. In a slight deviation from Tor’s current operation, we use full server descriptor to evaluate a relay’s exit policy rather than use the microdescriptor format. In addition, we do not consider hidden services or bridges, although our methods could easily be used to evaluate the security of both systems.
Page 12: The Unreleased Vulnerability Report
100% of all systems from a vendor, which are exposed to the internet are affected! The issue lies within hidden default credentials accounts in the system. According to the vendor, accounts can be changed, however, this cannot be done via the web interface. The function, which leaks the credentials, is a pre-production debug in the controllers that should have never been produced. Today’s article – though offering only limited disclosure – will provide you with heavily masked information, detailing how companies release products, which they do no longer maintain, leading to the end user living with unknown risks.
Page 28: NETCAT: FORGOT HOW TO CAT?
Netcat is a terminal application that is similar to the telnet program but has lot more features. Its a “power version” of the traditional telnet program. Apart from basic telnet functionas it can do various other things like creating socket servers to listen for incoming connections on ports, transfer files from the terminal etc. So it is a small tool that is packed with lots of features. Therefore its called the “Swiss-army knife for TCP/IP”.
Page 54: TOR EXPERIMENTATION: THE SHADOW SIMULATOR
Shadow was developed because there was a recognized need for an accurate, efficient, and scalable tool for Tor experimentation: using the PlanetLab platform is undesirable due to management overhead and lack of control; existing emulators are far too inefficient when scaling to thousands of nodes; roll-your-own simulators are often too inaccurate or generic to be useful for multiple projects; and experiments on the live Tor network are often infeasible due to privacy risks.
For more technical articles available on our website, subscribe to Hack Insight and receive:
--> 24 unique magazine editions per one year.
--> Access to all the previous releases from the archives.
--> Access to special publications, workshops and video tutorials.