our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in...
Transcript of our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in...
![Page 1: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/1.jpg)
building connections for spaces and people
our darknet and its bright spots
Tuesday, December 29, 2009
![Page 2: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/2.jpg)
Overview
Who are we?
What are we talking about?
Why should you care?
Where are we going with this?
When can I join?
Tuesday, December 29, 2009
![Page 3: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/3.jpg)
Who are we?
• Eric Michaud - TOOOL US, HacDC, PS:One, hackerspaces.org
• aestetix - OpenAMD/Sputnik, Noisebridge
• mc.fly - ChaosVPN, CCCHH
• equinox - dn42, sublab
Tuesday, December 29, 2009
![Page 4: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/4.jpg)
The Usual Suspects
• Who do we have here in the audience?
Tuesday, December 29, 2009
![Page 5: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/5.jpg)
What are we talking about?
• Double fudge cookies?
Tuesday, December 29, 2009
![Page 6: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/6.jpg)
What are we talking about?
• Double fudge cookies?
• Long walks in the rain?
Tuesday, December 29, 2009
![Page 7: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/7.jpg)
What are we talking about?
• Double fudge cookies?
• Long walks in the rain?
• Raiding the Saturn with TV-B-Gones?
Tuesday, December 29, 2009
![Page 8: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/8.jpg)
What are we talking about?
• Double fudge cookies?
• Long walks in the rain?
• Raiding the Saturn with TV-B-Gones?
• Oh right!?! Networks!
Tuesday, December 29, 2009
![Page 9: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/9.jpg)
What are we talking about?
• NETWORKS!
Tuesday, December 29, 2009
![Page 10: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/10.jpg)
Why should you care?
• Do you find it hard to connect your friends?
• Test new protocols?
• Your bandwidth being squeezed?
• Just have fun? CTFs?
• Basic Research?
Tuesday, December 29, 2009
![Page 11: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/11.jpg)
Community is just good.
It’s great to share, it’s how we all grow.
We also stand on the shoulders of giants.
Tuesday, December 29, 2009
![Page 12: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/12.jpg)
So to sum it up
We need a way to share with each other.
Networks are a great way to do this.
Very little setup and maintenance.
Free collaboration for everyone involved.
Tuesday, December 29, 2009
![Page 13: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/13.jpg)
So let’s get technical!
Tuesday, December 29, 2009
![Page 14: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/14.jpg)
Networks Involved
dn42
ChaosVPN
Agora Link (Beta)
Tuesday, December 29, 2009
![Page 15: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/15.jpg)
Targets and requirements
Our project has several goals:
Privacy – no one looking in our traffic
Community – connect with friends
Availability – solid uptime
Speed – as fast as possible
Easy to use – maintenance is simple
Neighborly – join our friends, block our enemies
Tuesday, December 29, 2009
![Page 16: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/16.jpg)
Privacy
Some projects aren’t ready yet, research takes time!
Tuesday, December 29, 2009
![Page 17: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/17.jpg)
Community
We want to be able to share ideas and projects with our friends.
Tuesday, December 29, 2009
![Page 18: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/18.jpg)
Availability
•The network needs to be available.
•The best way to reach that is to avoid single points of failure.
•That means if a node fails not the whole network shall fail.
Tuesday, December 29, 2009
![Page 19: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/19.jpg)
Speed
A fast paced society demands a fast paced network.
Fast in network terms can be
Bandwidth
Multimedia requires high bandwidth
Latency
Voice communication and games require low latency
→ everyone talks to everyone → mesh
Tuesday, December 29, 2009
![Page 20: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/20.jpg)
Easy to Use
•The network should be easy to configure.
•Nodes should be able to join or leave the network without a sysadmin
•This requires an automated update solution.
Tuesday, December 29, 2009
![Page 21: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/21.jpg)
Neighborly
•To be with our friends, we need to connect
•Targets are hackerspaces, community zones, clubs, shared apartments...
•Abstracted they can be seen as networks of different sizes.
Tuesday, December 29, 2009
![Page 22: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/22.jpg)
An idea about solutions
•So we want a mesh based encrypted and authenticated private network that administrates itself.
•Easy right?!?!
Tuesday, December 29, 2009
![Page 23: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/23.jpg)
Solutions that won’t work
OpenVPN Classical client/server model
Centralized
Tuesday, December 29, 2009
![Page 24: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/24.jpg)
Solutions that won’t work
Tor - The Onion Router Too slow, encryption/decryption at every hop
We are not concerned with anonymity within the darknet, as we already trust everyone
Tuesday, December 29, 2009
![Page 25: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/25.jpg)
Freenet – Decentralized network mainly focused on anonymity and filesharing
Good for filesharing, but what about irc, skype, and new protocols we want to integrate?
Solutions that won’t work
Tuesday, December 29, 2009
![Page 26: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/26.jpg)
MRN VPN OpenVPN Server Mode
SPOFs, sub-optimal routing
unrelieable
down
Solutions that won’t work
Tuesday, December 29, 2009
![Page 27: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/27.jpg)
the dn42 approach
“Started as a BGP playground, now it’s being used to connect people”
• use point to point links
• openvpn, IPSec, ...
• put BGP on them, do dynamic routing
Tuesday, December 29, 2009
![Page 28: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/28.jpg)
shaken, not stirred
• ca. 55 entities on the list
• that’s people and spaces
• 70 IPv4 prefixes, 40 IPv6 prefixes
• around 140 tunnels
Tuesday, December 29, 2009
![Page 29: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/29.jpg)
Tuesday, December 29, 2009
![Page 30: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/30.jpg)
participants grab
• an IP subnet from 172.22.0.0/15
• an IPv6 network from anywhere
• a private BGP ASN
• Some people have official numbers...
• also, the wiki is t3h rulez
Tuesday, December 29, 2009
![Page 31: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/31.jpg)
peerings are made
• whenever two people agree to peer
• and they agree on the parameters
• and they set it up
most people follow a common scheme-but why should anyone restrict anyone’s choices?
Tuesday, December 29, 2009
![Page 32: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/32.jpg)
we can haz network
• quite social network (take that, facebook)
• ask your peers for services
• bring you friends to the network
Tuesday, December 29, 2009
![Page 33: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/33.jpg)
we can haz network
• quite social network (take that, facebook)
• ask your peers for services
• bring you friends to the network
damn, I forgot to embed a Ponzi scheme
Tuesday, December 29, 2009
![Page 34: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/34.jpg)
we can really HAZ network
• founder dropped for half a year, nothing happened
• boxes went down and weren’t rebuilt, nothing happened
• friends nag you to fix your connection
Tuesday, December 29, 2009
![Page 35: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/35.jpg)
semantics
• a bit like IRC:
• servers form links
• participating servers agree on rules
• servers tend not to die, but netsplits are possible
Tuesday, December 29, 2009
![Page 36: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/36.jpg)
chaosvpn
first setup by haegar @ hamburg . ccc . de
used tinc
mostly ccc based
haegar wrote perl based update script
works mostly fine
perl not available on most routers
→ many nodes did not update → problems
Tuesday, December 29, 2009
![Page 37: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/37.jpg)
update.pl
download a configuration file from vpn.hamburg.ccc.de
decode
sanity checks
generate tinc configs
(re)start tinc
Tuesday, December 29, 2009
![Page 38: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/38.jpg)
chaosvpn 2.0
Rewrite of the perl update code in c with some improvements so it fits on routers
Few requirements, dependency to keep lightweight
Mostly done by ryd, hc and Haegar with more help from the USA, namely Cinus, Cheryl, John Doe
Tuesday, December 29, 2009
![Page 39: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/39.jpg)
and further
Road map
better authentication, certificate handling
more pull nodes
OpenWRT package
one network on every of the 4 ports
Tuesday, December 29, 2009
![Page 40: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/40.jpg)
Current Projects
freifunk
no automatic updates
leading to network issues
Agora Link / ChaosVPN
hackerspaces network
warzone
research network between research groups
enter at your own riskTuesday, December 29, 2009
![Page 41: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/41.jpg)
freifunk
• Used to connect the clouds inter-city like
• Usually runs on small routers
• The perl issue
• No automatic updates, leading to issues like netsplits
• Partly working
Tuesday, December 29, 2009
![Page 42: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/42.jpg)
Agora
North American hackerspaces involved:
NYC Resistor (NYC)
Noisebridge (San Francisco)
PS:One (Chicago)
CCCKC (Kansas City)
People / Academia
More to come
Tuesday, December 29, 2009
![Page 43: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/43.jpg)
chaosvpn
CCC Hamburg
CCC Hanover
Links to CCC Koeln and Berlin
t42
Used to transport Chaos Phone earlier
hackint irc node
people
Tuesday, December 29, 2009
![Page 44: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/44.jpg)
Use Cases
VOIP (Chaosphone)
media broadcasting,
talk streaming
making HPC Accesseable
cloud computing
Internal Sites/Services/Webpages
Tuesday, December 29, 2009
![Page 45: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/45.jpg)
Warzone
Playground for security groups:
CTFs!!1!
University groups
Security groups
Hackerspaces who want to play
Next generation research platform
Tuesday, December 29, 2009
![Page 46: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/46.jpg)
Ubermensch Recap
• We found a problem to communicate and we tackled it!
• The network IS UP!
•We need you!
•Have resources to share? Contact us!
Tuesday, December 29, 2009
![Page 47: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/47.jpg)
Outro
Projects in the future:
• Global VoIP
• HPC Computing
• Media Multicasting
• CTFs
Tuesday, December 29, 2009
![Page 48: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/48.jpg)
THXMany thanks to:
haegar, ryd, hc, winni, OpenWRT
helios, jchome, ichdasich, frapzzt, wintix, Crest
Tuesday, December 29, 2009
![Page 49: our darknet and its bright spots - CCC Event Blog...chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to](https://reader033.fdocuments.net/reader033/viewer/2022042113/5e90103bed0a2c60ca2f965b/html5/thumbnails/49.jpg)
Where to Join
• www.agora-link.org - (BETA)North America
• dn42.net
• ChaosVPN - wiki.hamburg.ccc.de
Tuesday, December 29, 2009