1 our darknet and its bright spots building connections for spaces and people
2 Overview Who are we? What are we talking about? Why should you care? Where are we going with this? When can I join?
3 Who are we? Eric Michaud - TOOOL US, HacDC, PS:One, hackerspaces.org aestetix - OpenAMD/Sputnik, Noisebridge mc.fly - ChaosVPN, CCCHH equinox - dn42, sublab
4 The Usual Suspects Who do we have here in the audience?
5 What are we talking about? Double fudge cookies?
6 What are we talking about? Double fudge cookies? Long walks in the rain?
7 What are we talking about? Double fudge cookies? Long walks in the rain? Raiding the Saturn with TV-B-Gones?
8 What are we talking about? Double fudge cookies? Long walks in the rain? Oh right!?! Networks! Raiding the Saturn with TV-B-Gones?
9 What are we talking about? NETWORKS!
10 Why should you care? Do you find it hard to connect your friends? Test new protocols? Your bandwidth being squeezed? Just have fun? CTFs? Basic Research?
11 Community is just good. It s great to share, it s how we all grow. We also stand on the shoulders of giants.
12 So to sum it up We need a way to share with each other. Networks are a great way to do this. Very little setup and maintenance. Free collaboration for everyone involved.
13 So let s get technical!
14 Networks Involved dn42 ChaosVPN ( Beta ) Agora Link
15 Targets and requirements Our project has several goals: Privacy no one looking in our traffic Community connect with friends Availability solid uptime Speed as fast as possible Easy to use maintenance is simple Neighborly join our friends, block our enemies
16 Privacy Some projects aren t ready yet, research takes time!
17 Community We want to be able to share ideas and projects with our friends.
18 Availability The network needs to be available. The best way to reach that is to avoid single points of failure. That means if a node fails not the whole network shall fail.
19 Speed A fast paced society demands a fast paced network. Fast in network terms can be Bandwidth Multimedia requires high bandwidth Latency Voice communication and games require low latency everyone talks to everyone mesh
20 Easy to Use The network should be easy to configure. Nodes should be able to join or leave the network without a sysadmin This requires an automated update solution.
21 Neighborly To be with our friends, we need to connect Targets are hackerspaces, community zones, clubs, shared apartments... Abstracted they can be seen as networks of different sizes.
22 An idea about solutions So we want a mesh based encrypted and authenticated private network that administrates itself. Easy right?!?!
23 Solutions that won t work OpenVPN Classical client/server model Centralized
24 Solutions that won t work Tor - The Onion Router Too slow, encryption/decryption at every hop We are not concerned with anonymity within the darknet, as we already trust everyone
25 Solutions that won t work Freenet Decentralized network mainly focused on anonymity and filesharing Good for filesharing, but what about irc, skype, and new protocols we want to integrate?
26 Solutions that won t work MRN VPN OpenVPN Server Mode SPOFs, sub-optimal routing unrelieable down
27 the dn42 approach Started as a BGP playground, now it s being used to connect people use point to point links openvpn, IPSec,... put BGP on them, do dynamic routing
28 shaken, not stirred ca. 55 entities on the list around 140 tunnels that s people and spaces 70 IPv4 prefixes, 40 IPv6 prefixes
30 participants grab an IP subnet from /15 a private BGP ASN also, the wiki is t3h rulez an IPv6 network from anywhere Some people have official numbers...
31 peerings are made whenever two people agree to peer and they agree on the parameters and they set it up most people follow a common scheme -but why should anyone restrict anyone s choices?
32 we can haz network quite social network (take that, facebook) ask your peers for services bring you friends to the network
33 we can haz network quite social network (take that, facebook) ask your peers for services bring you friends to the network damn, I forgot to embed a Ponzi scheme
34 we can really HAZ network founder dropped for half a year, nothing happened boxes went down and weren t rebuilt, nothing happened friends nag you to fix your connection
35 semantics a bit like IRC: servers form links participating servers agree on rules servers tend not to die, but netsplits are possible
36 chaosvpn first setup by hamburg. ccc. de used tinc mostly ccc based haegar wrote perl based update script works mostly fine perl not available on most routers many nodes did not update problems
37 update.pl download a configuration file from vpn.hamburg.ccc.de decode sanity checks generate tinc configs (re)start tinc
38 chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to keep lightweight Mostly done by ryd, hc and Haegar with more help from the USA, namely Cinus, Cheryl, John Doe
39 and further Road map better authentication, certificate handling more pull nodes OpenWRT package one network on every of the 4 ports
40 Current Projects freifunk no automatic updates leading to network issues Agora Link / ChaosVPN hackerspaces network warzone research network between research groups enter at your own risk
41 freifunk Used to connect the clouds inter-city like Usually runs on small routers The perl issue No automatic updates, leading to issues like netsplits Partly working
42 Agora North American hackerspaces involved: NYC Resistor (NYC) Noisebridge (San Francisco) PS:One (Chicago) CCCKC (Kansas City) People / Academia More to come
43 chaosvpn CCC Hamburg CCC Hanover Links to CCC Koeln and Berlin t42 Used to transport Chaos Phone earlier hackint irc node people
44 Use Cases VOIP (Chaosphone) media broadcasting, talk streaming making HPC Accesseable cloud computing Internal Sites/Services/Webpages
45 Warzone Playground for security groups: CTFs!!1! University groups Security groups Hackerspaces who want to play Next generation research platform
46 Ubermensch Recap We found a problem to communicate and we tackled it! The network IS UP! We need you! Have resources to share? Contact us!
47 Outro Projects in the future: Global VoIP HPC Computing Media Multicasting CTFs
48 THX Many thanks to: haegar, ryd, hc, winni, OpenWRT helios, jchome, ichdasich, frapzzt, wintix, Crest
49 Where to Join - (BETA)North America dn42.net ChaosVPN - wiki.hamburg.ccc.de
Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability
Virtual Internet Exchange virtix.st Introducing the Virtual Internet Exchange Managerial summary What is the? The idea of is to build an ISP-level VPN provider for Tier 3 and to allow peering at a Virtual
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
Networking Semester 1 Final After Study Guide The following have been found to be answered wrong by a majority of the class. The drag & drop questions are not partial credit questions. 1. Where do switches
Workflow Guide Establish Site-to-Site VPN Connection using RSA Keys For Customers with Sophos Firewall Document Date: November 2015 November 2015 Page 1 of 10 Establish Site-to-Site VPN Connection using
Unit 3 - Advanced Internet Architectures Carlos Borrego Iglesias, Sergi Robles Carlos.Borrego@uab.cat,Sergi.Robles@uab.cat Departament d Enginyeria de la Informació i de les Comunicacions Universitat Autònoma
Solutions Guide Secure Remote Access Allied Telesis provides comprehensive solutions for secure remote access. Introduction The world is generating electronic data at an astonishing rate, and that data
Peer-to-Peer Networks Organization and Introduction 1st Week Department of Computer Science 1 Peer-to-Peer Networks Organization 2 2 Web & Dates Web page http://cone.informatik.uni-freiburg.de/lehre/vorlesung/
Workflow Guide Establish Site-to-Site VPN Connection using Digital Certificates For Customers with Sophos Firewall Document Date: November 2015 November 2015 Page 1 of 14 Establish Site-to-Site VPN Connection
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
Author: Seth Scardefield Updated 11/11/2013 Yealink IP Phone OpenVPN Guide This guide will walk you through configuring an OpenVPN server instance in pfsense to allow Yealink IP Phones (T26P, T28P, T32G,
Roman Hochuli - nexellent ag / Mathias Seiler - MiroNet AG North Core Distribution Access South North Peering #1 Upstream #1 Series of Tubes Upstream #2 Core Distribution Access Cust South Internet West
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006 Original version: Johanna Nieminen and Timo Viipuri (2005) Modified: Timo-Pekka Heikkinen, Juha Järvinen and Yavor Ivanov (2006) Task
HP LeftHand SAN Solutions Support Document Application Notes SAN/iQ Remote Copy Networking Requirements Legal Notices Warranty The only warranties for HP products and services are set forth in the express
How To Establish Site-to-Site VPN Connection How To Establish Site-to-Site IPSec VPN Connection using Preshared key using Preshared Key Applicable Version: 10.00 onwards Overview IPSec is an end-to-end
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure
Configure IPSec VPN Tunnels With the Wizard This quick start guide provides basic configuration information about setting up IPSec VPN tunnels by using the VPN Wizard on the ProSafe Wireless-N 8-Port Gigabit
IPv6 Advantages Yanick Pouffary Yanick.Pouffary@compaq.com IPv6 FORUM A world-wide consortium of leading Internet vendors and Research and Education Networks The IPv6 FORUM mission To promote IPv6 in order
IP Office Technical Tip Tip no: 186 Release Date: August 14, 2007 Region: GLOBAL Configuring a VPN Remote IP Phone with an Adtran Netvanta 3305 VPN Router The following document assumes that the user/installer
Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied
Firewalls und IPv6 worauf Sie achten müssen! Pascal Raemy CTO Asecus AG email@example.com Asecus AG Asecus AG Security (Firewall, Web-Gateway, Mail-Gateway) Application Delivery (F5 Neworks with BIGIP)
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.
Signpost: Trusted, Effectful Internet names Jon Crowcroft from original slides by Anil Madhavapeddy, University of Cambridge Keynote for U-Net@ICC, Ottawa, 11.6.2012 BACKGROUND: 1980 Internet AOL Yahoo!
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare firstname.lastname@example.org https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
IT-TESTs.com IT Certification Guaranteed, The Easy Way! \ http://www.it-tests.com We offer free update service for one year Exam : NSE4 Title : Fortinet Network Security Expert 4 Written Exam (400) Vendor
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network
WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table
Key Data Product #: 3380 Course #: 6420A Number of Days: 5 Format: Certification Exams: Instructor-Led None This course syllabus should be used to determine whether the course is appropriate for the students,
Using Innominate mguard over BGAN Version 2 6 June 2008 inmarsat.com/bgan Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure its accuracy,
Felipe Astolfi email@example.com I2P - The Invisible Internet Project Jelger Kroese firstname.lastname@example.org Jeroen van Oorschot email@example.com ABSTRACT I2P is an open source Internet technology
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
Cisco EXAM - 300-075 Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2) Buy Full Product http://www.examskey.com/300-075.html Examskey Cisco 300-075 exam demo product is here for you to test the
Quick Note 20 Configuring a GRE tunnel over an IPSec tunnel and using BGP to propagate routing information. (GRE over IPSec with BGP) Appendix A GRE over IPSec with Static routes UK Support August 2012
MPLS over Various IP Tunnels W. Mark Townsley Generic MPLS over IP Manual, Point to Point Tunnel IP/MPLS Network P Manually Configured Tunnel IP Network P IP/MPLS Network Typically a GRE tunnel, but may
The Value of Content Distribution Networks Mike Axelrod, Google firstname.lastname@example.org Introduction Well understood facts: o Fast is better than slow but it costs more to be fast o Network has to be fast and
VPN Trunk Load-Balance between Vigor3200 and Other Vigor Router This section will discuss how to build VPN Trunk with load-balance between Vigor3200 and other router (e.g., Vigor3300). Scenario 1: One-pair
How to Create a Basic VPN Connection in Panda GateDefender eseries Support Documentation How-to guides for configuring VPNs with Panda GateDefender eseries Panda Security wants to ensure you get the most
Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN Product Overview Today s networked applications such as voice and video are accelerating the need
ISG50 Application Note Version 1.0 June, 2011 Scenario 1 - ISG50 is placed behind an existing ZyWALL 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements,
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security
IP PBX Utilising VPN security when extending PBX services to remote users Virtual Private Network It is not uncommon for a single company to occupy more than one set of premises. Individual users on geographically
Multicast vs. P2P for content distribution Abstract Many different service architectures, ranging from centralized client-server to fully distributed are available in today s world for Content Distribution
How to Configure a Client-to-Site IPsec IKEv2 VPN Use an IPsec IKEv2 Client-to-Site VPN to let mobile workers connect securely to your Barracuda NextGen F- Series Firewall with a standard compliant IKEv2
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Written by: Salman A. Baset and Henning G. Schulzrinne (Colombia University, NY) CIS 6000 Distributed Systems Benjamin Ferriman email@example.com
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF 89, London, UK A New Use Case for LISP It s a use
IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections Document ID: 99427 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram
Why IPv6 is necessary for new communication scenarios Tony Hain Cisco William Dixon V6 Security For IPv6 Coalition Summit Reston, VA May 26, 2005 How IPv4 NAT Works Internet IPv4 Internal node connects
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: firstname.lastname@example.org Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
A Case Study Design of Border Gateway Routing Protocol Using Simulation Technologies Chengcheng Li School of Information Technology University of Cincinnati Cincinnati, OH 45221 Chengcheng.email@example.com ABSTRACT
Secure Communications Product Brochure 0.00 R&S IP-GATE IP gateway for encryption devices R&S IP-GATE At a glance The R&S IP-GATE is an IP interface for the encryption device. Used with the, the R&S IP-GATE
Prominic Private Cloud Private Networking Solutions Powered by Sprint Secure and Reliable Alternatives to the Public Internet Does a single hour of downtime for one of your employees to your servers cost
How To Configure SSL VPN in Cyberoam SSL (Secure Socket Layer) VPN provides simple-to-use and implement secure access for the remote users. It allows access to the corporate network from anywhere, anytime
Using IPsec VPN to provide communication between offices This example provides secure, transparent communication between two FortiGates located at different offices using route-based IPsec VPN. In this
OpenVPN Setup Zeroshell By Cristian Benítez The main objective of this document is to show you what's the reason to setup a VPN in my environment with ZEROSHELL Router/Firewall and help of OpenVPN. Case
IPv6, Mobile IP & Mobile IPv6 Tolga Numanoglu Outline IPv6 Background Features Details Mobile IP Mobile Node, Home Agent, Foreign Agent Mobile IPv6 What s different? IPv6 Background IP has been patched
2 DOMINO AGGREGATION DE VOIES ETHERNET N 1 Bridging to the Future par [Hypercable] DOMINO DOMINO Broadband BondingTM Network Appliance With cellular data card failover/aggregation capability DANS CE NUMERO
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
2012 ZyWALL USG ZLD 3.0 Support Notes CSO ZyXEL 2/1/2012 Scenario 1 - Reserving Highest Bandwidth Management Priority for VoIP Traffic 1.1 Application scenario In an enterprise network, there are various
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s
Where MPLS part I explains the basics of labeling packets, it s not giving any advantage over normal routing, apart from faster table lookups. But extensions to MPLS allow for more. In this article I ll
Connecting Remote Offices by Setting Up VPN Tunnels Cisco RV0xx Series Routers Overview As your business expands to additional sites, you need to ensure that all employees have access to the network resources
the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they
Volume 3, Issue 9, September 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Layer Based
Introduction to TCP/IP Raj Jain The Ohio State University Columbus, OH 43210 Nayna Networks Milpitas, CA 95035 Email: Jain@ACM.Org http://www.cis.ohio-state.edu/~jain/ 1 Overview! Internetworking Protocol
www.ijcsi.org 599 IPv6 Tunneling Over IPV4 A.Sankara Narayanan 1, M.Syed Khaja Mohideen 2, M.Chithik Raja 3 Department of Information Technology Salalah College of Technology Sultanate of Oman ABSTRACT
The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this
Virtual Privacy vs. Real Security Certes Networks at a glance Leader in Multi-Layer Encryption Offices throughout North America, Asia and Europe Growing installed based with customers in 37 countries Developing
Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.