 All right. Hello, everybody. We're going to go ahead and get started. I'm Atlas, not the cool guy from CTF, much lamer than him. So if you missed his talk, I apologize. It was pretty good. And I'd also like to tell everybody I'm really sorry that you couldn't get into Dan Kaminsky's talk, but we'll try to be pretty good, too. We're Chaos Theory. We're Chaos Theory because Shmoo Group was already taken up here on stage with me. We have Dr. Chaos. We have Beth, a little bit out of order on our slide here. We have Fade right here, Digunix and Archon. Also joining us out in the audience there is one of my collaborators, Johnner and Paul Sasquatch, in case you're wondering. Today's special is what are we serving up for you? We've got two projects. First one, what I'm going to be talking a little bit about here is NARC. The whole idea here is we're going to transform the output of your scan data. We're not going to recreate scans. We're not going to be doing scans. We're not sniffing. Instead, we're going to take the output. In this case, we've got Nessus. We're hopefully going to have in-matte for you by the end of the week. The XML, parsing and data normalization, we'll get to that. But tools to produce quantifiable, meaningful, and some hot-looking results. SAMIL, up next, sort of the natural evolution of the product that we released at ShmooCon, which is anonymous. This is a black box gateway. We'll create a secure, anonymizing, transparent firewall. Maybe when you're behind it, nobody will notice all the nasty things you like to do online. So, diving right in with NARC. First of all, I represent only myself. I'm a little bit irresponsible, so I can't take on anything else. So, yeah, work likes this one. Why do we do this? Well, started off a pen test a few months back and was supposed to have about 4,000 hosts involved, normal amount of data. Instead, it ended up being about 92,000. So, a little bit of scope creep and a lot of data to try and analyze. If you guys are familiar, Excel cuts off after 65,000 rows. So, you have to start doing something a little bit more creative in terms of pulling out what you're looking at. What else do we want to do? We wanted to be able to do a little bit of trending and vulnerability analysis quickly. I don't know how many of you work in consulting, pen testing, vulnerability analysis, but very rarely does a client come back and say, you guys just, you don't cost enough. We really wish that you would spend two or three more weeks going through this data. So, we wanted to try and cut down the time there and produce some pretty nice results in terms of reporting format. So, a little bit about security reporting. The things that don't work. Selling on FUD, I think we all know this at this point, but you know, you can't go in and say, oh, we're going to get hacked. Most people don't really respond well to that. Also, you don't want to come in with too much data. Hey, here's 10,000 pages of results that we got out of a scan tool. Mr. VP, please give me some more money. They rarely like that one. Oversimplification. If you're talking to the guy that is in charge of fixing this stuff, you don't want to say, hey, it's good. It's bad. You want to give them a little bit more than that, but you also don't want to walk into the director of IT and explain how the flux capacitor is over-inverting the Jeffreeze tubes and you're going to blow your phase inducing. So what do you got to do here? You got to report to multiple levels. You have your network engineer. He wants some details. He wants remediation steps. He wants something that he can hang his hat on so when he goes and does this thing and there's still a problem later on, he's not getting canned. He doesn't want the graphs charts and all that crap. You guys are probably familiar with this. As you move up the chain a little bit, you have to start summarizing a little bit more. You have to start taking out some of those complicated and hard words like protocol and port. As you go up even further, what you have to start talking about is a thumbs up, thumbs down kind of view. Hey, information security? We're good. No, we're not so good. So what are we going to do to make security reporting better? Well, number one, we need to rely on objective and quantitative data because when you're going in and you're trying to, again, when you're trying to push an information security program from the standpoint of we want to remediate these vulnerabilities, we want to protect these hosts and we have this data that is of this value. You need to do that in a numerically sound and mathematical way, not in the, well, I kind of feel like this host is important and let's spend a little bit of money. We also want some correlated data. You know, you want average number of vulnerabilities by platform. If you're going to decide to move platforms in the future, you may want to have a test program. You may want to see, hey, we're spending half of our time patching Windows boxes. I don't know why that one would come to mind. Maybe we should move to something that doesn't have, you know, Super Tuesday. So what have we got for you here? We're going to have, as I mentioned, we're going to have some import scripts for a few other tools right now. We're able to pull in anything that can output into SQL. And in this case, we've got an SSWX scripts that we can show you. Some canned queries to show you, you know, what type of things you should be looking at. And of course, pretty colors and some really, really slow JavaScript. So if anybody would like to see me after, to help me out with that, that'd be awesome. So, let me see here. I'll switch over. This is our tool. We're going to go ahead and import some data. This data is a result of a quick little scan of the Aladdin this morning. So anybody who's staying there, I apologize. Let's come back around. We're going to run a report. We have a few canned CSS styles here and you can, of course, modify those to match any color schemes that you want and any sort of image replacement. Uh-oh. I'm sorry, say again? You know, it came down at the very last minute and it was the one that had to go. But if you want it, see me afterwards and I'll give you the script, just because I like you. So go ahead and grab Citrus, because what style would be complete without one called Citrus? We want to see, let's take a look at everything for any database, because surprisingly there were a few. So here we go. You have a couple of Postgres vulnerabilities. This was, of course, as you'll notice, this was the router, so happily provided by Cox. And then underneath, apparently a client with MySQL running. It's probably MyBox, who knows, right? So you can sort these also. And this is, as I alluded to, the slow running JavaScript. You can sort by, in this case, you know, we only have two criticalities. You can sort by the description, or by the scan date, and in this case, all of the data came from one date. But it'd be fairly simple to correlate between them. Alrighty. So that's the basics. Again, basic stuff right now. Launch back in. As we move forward, what are we working on and what do we have? We have, first of all, some of my development team helped me out with this. It was on PHP 4. We're releasing on PHP 5, so that caused a lot of fun last night. That's why some of these things aren't there right now. For instance, some of the AJAX got pushed off the page. What we're looking at doing is fully customizable queries, where it will provide you a Google Suggest interface. So as you're typing in, it'll go ahead and populate and say, oh, by the way, you know, you've got these other weirdo services that are going to drop down. Extensible import framework. This is a big one. This is one that has given us fits, and we really haven't found anybody we could steal the code from, which was really sad. But data import from XML into SQL statement is kind of a pain based on the hierarchical structure and the data normalization that's required there. If anybody has any experience with that, again, I'd love to hear from you afterwards. We have something that we think, probably by the end of the week, we'll have something out where we can go ahead and pull in your results from NMAP or any other XML tool. Ultimately, what we'd like to have is a web-based front-end for graphically creating regular expressions to parse any sort of tool that you can get data out of. So if you've got a scan tool that, say, does your application layer, but only reports into HTML or only reports into PDF, go ahead and be able to parse that out and, based on regular expressions within the file, pull in the data that we want and then cross-correlate it to your platform vulnerabilities or your operating system identification or your banner grabs, anything like that, and then be able to quickly sort through and limit that data down. So after that, we move right along to SAMIL and Dr. Chaos. Thank you very much, Alice. All right. So without further ado, we will jump into SAMIL, which is our new Secure Anonymizing Megalomaniacal Autonomous Encrypting Legs. Ba-ba-ba-ba-ba. So what I'm going to do I'm going to talk a little bit about the history behind SAMIL. We're going to talk about motivations, why we built it. We'll talk about what it does, how it works, and then show you, as well, a live demo of SAMIL. In the process, we're also going to expose you to Chaos Theory's internal software development life cycle. This begins with phase one, what we call the enthusiasm phase. A little bit of history here. First of all, in earlier this year, we actually introduced AnonymOS and show of hands how many here saw our presentation at Shmukan. A moderate number of hands. How many here have used AnonymOS? Not bad. So, all right. January, we introduced AnonymOS. Our first public release, we believe it's the world's coolest OpenBSD live CD. And then in April, we went to layer one. The intention was to either release a maintenance build or documentation. We opted for documentation. So we exposed the build process for putting together your own AnonymOS. AnonymOS was cool. However, this is DEF CON. And DEF CON goers demand more. We don't do zero days. Therefore, what we brought instead was SAMIL. I'm going to turn the mic over immediately here to Beth, and I'm going to let her talk a little bit about why we did what we did, and why we go through the trouble of building tools to provide anonymity. Tools like AnonymOS, tools like SAMIL. So, with that, I will turn over the mic to Beth. Okay. What motivates us? Well, unfortunately, in today's climate, there's plenty to motivate us. All your base are belong to the NSAT&T, anyone? Internet-facing, small businesses need anonymity and security, but that's pretty hard for them to achieve. And online marketing, profiling, tracking data, they have it. Did they ask for it? I don't know. Okay, for those of you who don't pay attention to current events, I'm just going to go through a brief rundown. I'm going to be a... Suck! Oh, excuse me. She got finger-happy. I do. I got very happy fingers. Did any of you give your permission for your phone company to turn over your records to anyone? Nope. Oh. Why not? Gee. Weirdos. Yeah. Well, you and I are not the only ones who didn't know about this. No judges knew about this either. So, although this doesn't really relate to a secure anonymizing gateway per se, it gives me the idea that maybe there's other things that you, me, and judges don't know about. And this guy. If you don't know who this guy is, this is our attorney general. And he is the one who refers to the Geneva Conventions as quaint. I guess it's his turn to try and figure out a good way to make such data collection legal. And he does a pretty good job. He throws around a lot of words like reasonable. Everybody wants to be reasonable. And a couple of, we have to protect the children's. And that always works. And it works on the legislature. Apparently, a legislative champion was found almost immediately. Mr. Jett of Colorado did this nice piece of legislation, which requires your ISP to keep your identifying data as a subscriber for at least one year after you cease to be their customer. Between me and my ISP, we don't think that's very reasonable. The FBI wants to get in on the act. The FBI legislating? Yes, they draft legislation. Although that's not their gig, they had to find a proxy, Senator Mike DeWine from Ohio. Anybody from Ohio? Did you vote? Did you vote for a senator? If you didn't, now's the time to start doing your research. Yeah, the FBI just isn't interested in retention, though. The FBI wants to have ISPs give them real-time access to the network created by ISPs. And they also want manufacturers of net gear to build in backdoors for them. The last time I heard about a piece of legislation that made my life easier or forced industry to do something that helped me to get my job done, I don't know, I'm not that young, but I still can't remember one. So the FBI must have a lot of pull there. And, of course, it's not just here in the States. Europe, the great bastion of privacy is also caving to the pressure. And then there's marketing. That, I think, is the next frontier for data mining for the government and other people that we don't really want to have our information. Marketing information. They know where you're going online, what you're buying, they know what you're searching for, what you're curious about, and who you are. They all say that they don't correlate this information and keep identifying info together with aggregate info about anonymous browsing. I don't know if that's really the case all the time. They have all the info, they store it, and it can be mined by marketers. It's sold to the highest bidder, and ultimately it can be subpoenaed by your government. Geolocation is also very interesting with wireless, mini wireless networks. They can now actually market to you based on where you're physically standing. If you're by Fishman's Wharf, they'll market to you, you know, ads for seafood restaurant. If you're not by Fishman's Wharf or you're in Chinatown, you know, they'll give you ads for something else. But they know where you're standing, not just what you're looking up on the net, not just what you bought three years ago. It's all information that they have, and they store onto the underworld. I love this Fox News headline, cybercrime, more widespread, skillful, and dangerous than ever. It's like new improved cybercrime with fresh clean scent. And they're right, it is improved because now they're organized. Speaking of organized crime, card cartels, mafia, everybody likes to talk about the Russian mafia. And the bottom line is they're commoditizing hacking. There's always been a little bit of that, but now it's on a broader scale. And it's continuing to evolve with our defenses and our technology evolution. And there's that old Chinese curse, I think, I hope you live in interesting times. For the commoditizing of hacking, I think the next 10 years will be very interesting times. Is it hopeless? Absolutely not. There's great folks like the EFF who are ever vigilant and actually looking out for your interests and my interests. You know, they could give a good lesson to our public servants. And they're not alone. They're not the only group. There's tons of them out there, here in the states, online, broad groups, country-specific groups. If you look for them, you'll find them and they're all doing really good work and you should support them. There's also alternatives to the status quo. They've been around for a long time. They're not new, anonymous e-mailers, tools like we're incorporating in our secure anonymizing, encrypting Linux. You know, if you haven't heard of an anonymous e-mailer, by the way, if you're that young, go ahead, find out about them and build something better. The alternatives are out there and it's worth it to check them out. Oh, I like this, too. The reason why Google Analytics, for example, has two different privacy policies, one for Europe and one for the United States is because in Europe, they elected representatives who looked after their interests. And California is very smart, as well, because they're doing similar things and we could all learn a lesson from them. This one's so good, I'm just going to read it straight to you. This is in addition to the California State Constitution with explicit privacy language. They quoted someone here, the right of privacy is the right to be left alone. I believe that was Brandis. It is a fundamental and compelling interest. It protects our homes, our families, our thoughts, our emotions, our expressions, our personalities, our freedom of communion and our freedom to associate with the people that we choose. It prevents government and business interests from collecting and stockpiling unnecessary information about us and from misusing information gathered for one purpose in order to serve other purposes or to embarrass us. I think they got it right. I'm going to turn it over to Dr. Chaos. Okay, so this begins, Chaos Theory, Software Development, Lifecycle Phase 2. This is what we call Disillusionment. We've identified a premise and we said, holy shit, everything's really fucked up. Now we've got to go out and fix it. What are we going to do? Here began the design goals. Here's where we started with SAMIL. We had a lot of ideas and a lot of these ideas come straight from what we did with anonymous. We got a lot of requests after folks got anonymous in their hands and they started using it. One of the biggest requests we got was, hey, how can I run this in a context where I can have machines behind my anonymous box and be seeing the internet anonymously. So this is what we set out to build. So the drawing board, again, as per anonymous, our first incarnation, we wanted to design a system that was secure from the ground up. Again, if the box itself is not inherently secure, it's going to be hard to remain anonymous when people are rooting your box. We also want transparent anonymity and transparency is key here because we want ease of use. Although SAMIL may not be something your grandmother is going to use, we'd like to know that, hey, anybody who wants to can power up a box, pop in the CD, boot up, and essentially have the ability to hide what they're doing from anybody they don't feel should be privy to it. With that, we set out to architect this solution. Now, many of you may know we built Anonymous on OpenBSD. There were a couple of reasons we opted not to go OpenBSD for SAMIL. One of the most important reasons had to do with the final bullet point here. We wanted to make sure that we did not continue to put a significant burden on the tour network. We released Anonymous in January. We honestly expected, hey, we're going to have a couple hundred people in the room if everybody tells three friends. We'll get, I don't know, 1,000 and 1,500 downloads shortly after we release. Within two to three days, I think within two days we were up to 170,000 downloads of Anonymous, and we're currently sitting at around 300,000 downloads. Now, I don't know how many people are actually out there using Anonymous on a day-to-day basis, but the bottom line is giving that many people access to the tour onion routing network without requiring them to operate tour servers potentially creates a problem. So we said, hey, if we're going to do this and we're going to do it right, we need to run a tour server as well. This was one of the primary justifications in using Linux, specifically Gen2 Linux, in that OpenBSD has issues that essentially prevent us from really operating a tour server in the manner we'd want to. And I'll be happy to provide more information and links as to why towards the end of the presentation. So, here's what we did. We said, hey, we're going to take a Linux box and a little bit of IP tables and net filter magic. We decided we wanted to use Squid for local caching. Those of you that have used tour know that it is not always the fastest means to browse, check your mail and chat with your friends. We're using Privoxy primarily for business in depth. Privoxy and tour really gained a relationship because of tools that leaked DNS requests. We don't or won't have that problem in SAMIL because of the design of the OS, but nonetheless Privoxy provides a few things that we wouldn't otherwise get if we weren't using it. And again, I'll go into more detail shortly. We're using a tool called TransproxyTour. We actually started with a tool called Transsox and after a little bit of testing opted to go with a newer albeit slightly lesser tested tool, TransproxyTour which is handling essentially transparently anonymizing or more appropriately transparently socksifying all of the traffic that would not normally go through our tour socks proxy. Tour again is providing all of our anonymity and encryption and I should be careful in saying this although traffic is encrypted between tour nodes this does not necessarily mean that all of your traffic which might normally be in the clear is going to be safe from prying eyes on the local side as well as on the far remote side if you're running clear text traffic it's still clear text traffic but the traffic is at least encrypted amongst tour nodes and again we opted to start a tour server automatically. So here begins phase 3 Phase 3 of the software development life cycle of chaos theory is panic. Oh my god we put all these design goals together how the hell are we actually going to do this? So here's what we did. I'm going to go into a little bit of detail here and then I'm going to let one of my other guys give you a little bit more detail about how we made all this work but the 50,000 foot overview we opted to use Gen2 as a base. Most of us use Gen2 on the Linux boxes we have in our own networks it is an excellent base it's highly customizable because it is based on source or because it is built from source it tends to provide higher performance than we might get out of a stock binary build it's easily maintainable and most of us are pretty big fans of the portage package management system show of hands. Gen2 users in the audience alright so again there are issues with running tour servers on either open BSD or versions of free BSD we eliminated our tour server issues. In theory it should work on Intel Max although I will be honest and tell you up front we have not really done any testing here so this certainly deserves a little bit more examination. This also means it's easy to install on your local hard drive USB stick, compact flash or really whatever you want. Again with Anonymous we didn't provide a mechanism for installing it to your own box automatically we wanted to overcome that with Samuel. Again we use IP tables and net filter default firewalling mechanisms in Linux this provides not only our firewall functionality again bearing in mind that this is an anonymizing gateway it's potentially going to sit at the front of your network in front of all of the other devices so it needs to function like any other good solid enterprise firewall would so we're handling firewalling functionality we're also using net filter to force traffic into our transparent proxies or into our soxifying proxies. In this case we're doing it with essentially three components, squid you'll see more in a moment DNS proxy tour and trans proxy tour and finally net filter is widely used and understood it's also easy to customize extend or update so you can take our rules and play with them to your hearts content add remove delete as you see fit squid there was a little bit of an internal debate about using squid and we decided to go ahead and do it because the bottom line you don't want it you can turn it off. Squid does provide transparent web proxying that's the first piece so that's nice we don't have to worry about configuring any of the clients behind SAMIL we want to plug them into the network let them get an IP and go about their business without having to set browser proxy settings or sox proxies and their game clients etc so we get transparent proxying through squid we also get caching both good and bad from a performance perspective caching is good how much it will help with your browsing really depends on your individual network and what your users are doing however in addition to improving performance it also stands to reduce overall anonymity because there is no anonymity when we are retaining cached data locally the SAMIL box itself will potentially become a source of information about what your users are doing you might want to consider turning off the cache turning down the cache or disabling squid entirely if this concerns you and essentially system will work perfectly without squid if you disable it and then modify your firewall rules appropriately so firewall is not trying to force traffic into it from here privoxy privoxy is an only but a goodie again is really more defense in depth than anything else designed to or not designed implemented in conjunction with tour to overcome limitations old versions of firefox other tools that leak DNS requests however even though in our case we are manually grabbing all of the DNS and ensuring it goes out the right place there are a few things that privoxy provided albeit squid could provide them on its own privoxy does a pretty good job out of the box at doing things like hiding personal browser settings hiding browsing history stopping referrers trade changing user agents so we kept privoxy in the chain and as well it also blocks ads web bugs and other tracking mechanisms that Beth was talking about marketers and data collection so again privoxy is there the system will work perfectly fine without it so long as you modify your firewall rules by default the chain will include both squid and privoxy from there we go to trans proxy tour trans proxy tour again is the tool that we decided to use as an alternative to transox trans proxy tour is a bit of a newer development it has a few potential advantages and a few differences in the way it's written the way it works primarily it number one it's written in pearl number two it has multiplexed IO so we should potentially see some performance improvements using trans proxy tour instead of transox ultimately though what trans proxy tour does is it takes information that is not designed to go through a sox proxy it soxifies it and hands it off to tour so the tour is going to be able to take it and anonymize it appropriately the other cool thing about trans proxy tour is that it works in both linux and bsd so the way we look at it is for future iterations of either sam yl or anonymous we have a single component that will allow us to transparently anonymize without going through some of the machinations that we went through anonymous to accomplish that goal and of course tour I am not going to go into significant detail on tour mainly because we've done it before we're on a limited timeline and I expect that most of you know and understand what tour does at least at a basic level how it works tour essentially provides ubiquitous anonymity for any soxified service and again hence our use of trans proxy tour to ensure that services that don't recognize sox are still going to be able to pass through the tour proxy without knowledge of the way it works bear in mind that tour is a tool that is useful both for personal privacy we're trying to protect ourselves against nasty legislation that's going to allow people to collect all of our personal data and sell it to marketing agencies or give it to government agencies that might think you're a terrorist because you come to DEF CON but bear in mind it's also very useful to those same agencies when FBI is out trying to investigate child porn it's pretty important in fact it's pretty critical that they can do so without you know a lab full of guys coming from an FBI.gov address granted there are other means and mechanisms by which to investigate things like child porn and gain some level of anonymity but the bottom line is this provides all of us all of the good guys so to speak with a means for anonymity that we haven't really otherwise had that is essentially the list of components that make up SAMIEL in terms of what it does with that I am going to turn this over and pass the mic to ARKON. ARKON is going to take all of these bits and pieces now and tell you how it works hell yeah so everyone wants to know how it works well right here you can see we've got four simple lines to explain exactly how it works one as we all know Senator Stevens has told us that the internet works through tubes so of course our service also uses tubes they also take advantage of the fact that as I'll explain a little bit later there are holes like onions and trolls and onions play an important part of how this whole thing works and you want to be careful that when your data gets mungled you don't get your name translated from title into mungle because otherwise you're going to have to file for a 26 B-stroke 6 and Deagledyne is going to hate you and we're not going to listen to unless we get the right forms and I guess not enough people have seen Brazil to get that one so alright tubes so we have tubes we need tubes to get the internet to work things like ARP and IPE and you know layer one, two and three we're all wrong it's tubes so we have our tubes from the client boxes they come into our fancy smancy gateway and then we take the these tube packets and if we see a web packet we actually take that transparently push it into squid squid takes the data does its own little caching when it gets the data back on the receiving side but in the meantime pushes it into Pryvoxy Pryvoxy takes it tries to scrub it again need to be careful that we don't mistakenly mis scrub your data but basically we're just trying to cut out things that might easily identify you on a higher layer higher layer than the IP layer for anonymity and anonymity sake it then directly pushes that into tour bypassing the tour the trans proxy process when you when you're using your web traffic all your other traffic however is magically taken through IP tables pushed into this wonderful utility trans proxy tour which then pushes it directly into tour using the SOX protocol basically trans proxy tour is a wrapper that takes the raw packet data and turns it into soxified traffic for tour to understand there's also a second utility that comes with trans proxy tour it's called DNS proxy tour and it basically does the same thing except that it initiates a SOX DHCP request one of the great things about the SOX DHCP request is that it is blindingly fast no matter how slow tour is next is to why torels and onions are important this is how we explain why tours slow basically at the end of every one of these little tubes that grows all over the internet we have trolls and trolls as everyone knows really like onions so all of our traffic appearing as large onions being pushed through these tubes sometimes they get distracted and the trolls will take our packets and they'll hold on to them they'll keep them they'll put them on their shelves and do whatever they want sell them on ebay you know whatever they want to do with it traffic gets lost things get slow and you know we have warcraft to blame for it so here's a nice graphical explanation of what I'm trying to describe to you here and so basically excuse me the the magic that happens is all through transproxytory I have to confess that is our secret really that in some IP chains IP tables rules is where the good stuff comes in it's off the chain man it's off the chain we have you know I can't really think of anything else described as far as how the back end works other than magic and trolls so to cover a little bit of the front end we tried to come up with a nice d-link styled web interface for you to configure your box with you're going to get a little demo of it here in a minute but in the meantime we basically have the ability to configure your internal or external interface you can set up any wireless settings that you need because we ran into some serious problems with virtually all cards not being able to accept AP mode you can remove support for that from the web interface basically only if you have something that host AP can support can you set up that mode so you really only have the ability from the wireless front inside to join a managed AP and then from there you can have the traffic right up through your box we have tested that it does work and that is how our demo is going to work we got a little python in the back end we took advantage of a little typo here cheetah is being used but more importantly is where we use our web framework from we've got some little bit of JavaScript in there for helping you configuring your wireless and DHCP options and we've got the necessary tour options in there to be able to provide your email address for Deagledyne to hit you up if he's got a problem give it a name and set any bandwidth limitations you want on the external tour server side and that's about it I think we're about ready for a demo that's me we're going to be ready this is a Mac so I didn't hear anybody laugh to the a little python in your back end what's up with that are y'all awake python in your back end I'm not into it maybe some people are it's all good we're cool developers developers developers rails in your back end rails with trails skid marks are not good no matter what anybody tells you alright yay alright I just want to thank everybody up here these fuckers worked their ass off and we've been up all night long all week straight for that let's actually see if this works this is going to be awesome and this is the whole point of me being up here is just to pull up a web page and go fuck yeah so what would people like to see who's here sausage smookon raise your hand so nobody understands granny trainees did you read the wired article I don't know we'll see if it comes up oh yeah this is my awesome web page wait do you see this is disgusting yeah look at that granny plus tranny equals granny trainees and that's my awesome html so let's go into how you're going to set this up no we did not let him design our web interface actually okay if you click on the lady right here I'll bring you to the setup page chill man don't chill the fuck out this is my part was I speaking during yours hell no motherfucker and then we hit enter alright we have our own self sign certificate we're going to accept that and the username is admin and the password we're not going to tell it to you you have to figure it out yourself we're only $49,000 short of the verisign actually and admin admin whenever you have to go in but we've changed that just so you can get in okay yay so what you do is it starts out as our status page it basically gives you all the network interfaces and their current state along with the output from rcstatus and there's just a lot of shit there I'm not going to go into that so the first thing that you're going to do is you want to go and configure your external and your internal network interfaces being seen that this is wireless you just go over here and you drop down the box and pick your interface add in the IP address or when you use wireless add in the SSID web and what mode do you need to set it into and if you want to change the MAC address so it adds to your anonymity you can set up the internal network interface here basically this the box works in two ways it can work as a standalone proxy or it can add as your actual gateway so if you're acting if you want it to be your gateway we have a DHCP server built in and you can serve up IP addresses to everybody under general this is where you would change your admin password you can set your time zone NTP is not run not run not running by default so if you need to run it this is where you would check it oh it is now okay sweet we're awesome you can turn on SSH if you need to get to the box from the internal interface and export logs we had a serious debate about this but if you haven't specified your internal network you won't be able to set that and you will only be able to do it based on the network for your internal network you will not be able to push it over Tor yeah okay so now we click on Tor and this is where you would put the Tor virtual network basically we have it set up default and this is basically where IP chains actually I didn't think about that basically what happens is if anyone's used Tor before they're familiar that there's these dot onion addresses that have anonymized services running in order for that to work what Tor does by default is it assigns the DNS lookup for any dot onion address to a 127 IP that doesn't work when you're working through a gateway mode so you have the option to specify your own network range for it to pick IPs from four dot onion addresses we thought would be a fairly unused default but we also gave you the ability to change it in case that happens to conflict with either your internal network or any other network in your routing path sweet so this is where you configure anything based on Tor and that's the that's how our interface works so what cool stuff you know one of the thing we should probably point out is that not only is SAMIL installable as a gateway on to you know essentially any box within your network SAMIL like anonymous is a live CD so should you desire this is basically an instant gateway drop the CD in any x86 box or potentially a new Intel Mac even at reboot and you've got a gateway device that's going to provide transparent anonymization and a good external firewall you do okay so one of the big things with anonymous that we had a lot of problems that the shit just wouldn't work is you can't flash wasn't there you can't look at any type of streaming media so basically you could just take your whole machine and whatever you can do on your machine we're going to push this shit through the gateway and you can use it you know what I'm saying minus ICMP and UDP so no playing games tough shit yeah that's whatever fuck that okay this guy's coming out of the closet and he can't believe it so we're going to click on that flash games there was this one cool one that I saw earlier uh man fuck where's it at yeah fuck show us a damn IP chicken y'all use that raise hand IP chicken's awesome so basically what this is going to do is it's going to tell you your external IP since we are going through tour it's going to give us something that is totally not us it's an exit node on the tour network so it's saying that we're coming out of some university .pl where does anybody know Poland so we're using a Polish University we mask all browsers to make the user agent looks like it's a windows XP box running Firefox 1.5.0.2 so all completely customizable through Privaxi's default config engine so if you used Privaxi before you can change your user agent and your browser for strings etc directly from the Privaxi interface yeah if you need to change anything that we didn't give you an interface for man that shit and figure it out yourself you know this yeah seriously read the fucking manual do something we did most of the damn work come on so all right so YouTube what is this fucking doing it's probably not playing yet flash games what's that we're at google.au addicting games I'm addicted uh this is some bullshit I haven't tested this I've got 10 minutes that's what he's telling me what did you say kitten can't I don't even know what that is how to that looks good has this guy started loading it very slow oh yeah you can't hear him I can hear him he's saying look at me look at my lip I go a good dude again go back what's happening pull a toothpick out of my mouth stick it in my lip all right so anyway man you guys get the gist this shit works it's awesome hey how do I go back to presentation mode press view slideshow I think view slideshow start we can't do slideshow hey dude where slideshow let me haul us through this real quick alright so you've seen all this alright so uh the fourth is this the final phase we have five we have five so this is the fourth hence IV search for the guilty that is us dr. chaos fade myself archon bet we all worked our ass off we hope you enjoy it you know shit doesn't work pipe it to death no we don't fucking care okay in the final stage is punishment of the innocent we would like to thank trans proxy tour go to this website that's the dot onion site you can only reach it through using tour and that's fabian keel thank you the tour guys roger dingle dean I forgot the other two dingle dean roger are you here he's not here don't stand up don't stand up who are the other two guys paul cyberson hell yeah can I get a round of applause for those guys those guys weren't their ass off so you could say anonymous thank you to the EFF without them some of us will be fucked right now and uh I'm doing alright these are the people at the EFF fuck yeah what should we do or what should you do you need to run a fast tour server otherwise that shit slow as you already saw call your representative vote support tour support the EFF they'll take volunteering they'll take money don't take Jesus five dollars I even saw a youtube video earlier some dude just walking up and punching the shit fuck that go up and pay your money damn jump in look we need help seriously do you want swag give me a question fuck yeah yeah this is the time questions and I think we might even have a box of goodies back here so yeah I guess do we have a any questions I don't care stand up start yelling right here right here junk house yes it is by default okay so we have the internet made of pipes a squid and the squid reaches down with its tentacle and tries to grab the onion from a troll now if the troll chops its tentacle off trolls don't I mean sorry we don't have bones so so can I be tracked from the tentacle that gets talked chopped off and will that make the squid toss its cookies what depends what is uh what's your taco what size shirt what size awesome question alright go ahead if you want to ask a question come up to the mic hey Nick here I'm one of the tour guys before you put this to bed I want to really beg you for a feature and if you say no I want to do it in public so the next people to do something like this put in the same feature okay I want to beg you for an auto tour update because in one year the version of tour you ship with this thing is going to be obsolete and dead and it won't work anymore that is why we've provided you with a stage 3 tar ball that you can install yourself lovely but you can install and we have included so far any portage overlay ebuilds that we had to supply ourselves so working with that and then future ebuild updates that either we or ginti would provide hopefully you can get that done as far as updating the live CD we'll just have to see what happens and so on that basis for instance we were actually using the the very latest security update for tours so for instance despite the fact that one dot two two is what's stable in the tour portage tree we're actually using the one one one two three one one two three that was recently released to correct server issues client issues etc so with a custom ebuild and with portage at your disposal you should be able to we're hoping to facilitate keeping tour up to date so it doesn't become obsolete the one thing that we did do is we did an overlay and we did our own tour to the latest update that didn't have a fucking ebuild yet and that was a pain in the fucking ass but we got it all right we got five minutes come up here thank you very much for fucking when you guys ask a question give us your shirt size if you want some some cool shirts they're really cool so I had a question for you guys you have done a lot of anonymizing proxy work that kind of thing what are your guys opinions on the actual legal risks you take being a tour exit node for other people's traffic so I am not a fucking problem you can use a size 12 rope for the noose if you want we we personally believe that it shouldn't be a legal issue and so we therefore take the stance that we're going to assume that it's not a legal issue and you're going to have to catch us there's actually a great answer for that that's addressed very well it's a live cd run at the tour site and by the EFF as well in the bottom line is there certainly are risks in being a tour exit node depending on how the nodes themselves are used one of the the biggest things that we can do to stop that is make sure that all of us aren't doing things that are going to a ruin the tour network and B cause legal problems for others so don't fucking run bit bit torrent through your tour onion routers it's not good for anybody it's going to cause somebody like Archon to get a notice from the RIAA claiming that he's downloading new Britney Spears albums and at the same time it's also going to slow down the tour network a whole hell of a lot so I mean there's certainly no way to avoid all potential issues but again I think I think it's probably better addressed or best addressed by the EFF and by tour and a lot of the information that's at their page describing how and why they did what they did to answer period sure size come on up all right go ahead so I'm wondering about running it off like a usb thumb drive what's the total size the actual cd minus the stage 4 tar ball we're probably going to have two releases out there you're probably looking I think we're like at 90 megs 111 megs sorry when you add in the stage 4 tar ball so you can install to the hard drive it basically doubles so you're looking at 200 to 240 megs cool so it's way smaller than the 700 meg bullshit that we gave you last time so awesome all right next person so what's next what's next we're not fucking gonna do any more of this anonymous shit because I think we pretty much toured a new butthole and we're fucking up tour but at least now we now your box acts as a tour server so hopefully that will put more boxes on the net makes the shit a little bit faster for you what's the future it's whatever our pot smoking adventures take us you never know just a comment on the squid you can set it to not cash to delete the cash whenever you want turn cash off fuck it turn it off if you don't want it and in addition to that as we've recently found out for people who run squid there are actually a lot of websites that don't work well because of squid and there could be other motivations for not you know for just disabling squid yourself such as I got to get my fucking hotmail but that being said it really does improve the performance of tour dude I'm a fucking bad ass at hotmail.com fucking try it's all good just a quick question did you include nark on the live CD for same IO uh no nark is not included it's it's a source forage project so yes I need somebody to fucking stump me give us a stump I did something at layer one that seemed to go over real well what happened is I ran out of money and didn't have the ability to go out and buy t-shirts for swag so at layer one I went out and picked up a six-pack of Guinness and gave away Guinness for questions everybody seemed to like that in fact they liked it more than our fucking shirts but we got fucking jack we're all in from Atlanta so dirty south we need a quick question stop us has anyone running toward or exit point to the peanut for whatever information on the service Roger and them have lots of information on their site that's not our gig we just implement the shit I'm sure they have and I'm sure that they couldn't possibly comply what Nick Mathewson said a moment ago was if anybody does get threatened with legal action for using tour as an exit node the EFF is looking for test cases they want information they want to work with folks that are being threatened with legal action to help avoid this in the future so all right cool we gotta get off the stage we're gonna be out at the bar we need help if you're a developer fucking come talk to us if you have ideas fucking come talk to us cause we want to make this shit fucking right thank you very much