1 our darknet and its bright spots building connections for spaces and people
2 Overview Who are we? What are we talking about? Why should you care? Where are we going with this? When can I join?
3 Who are we? Eric Michaud - TOOOL US, HacDC, PS:One, hackerspaces.org aestetix - OpenAMD/Sputnik, Noisebridge mc.fly - ChaosVPN, CCCHH equinox - dn42, sublab
4 The Usual Suspects Who do we have here in the audience?
5 What are we talking about? Double fudge cookies?
6 What are we talking about? Double fudge cookies? Long walks in the rain?
7 What are we talking about? Double fudge cookies? Long walks in the rain? Raiding the Saturn with TV-B-Gones?
8 What are we talking about? Double fudge cookies? Long walks in the rain? Oh right!?! Networks! Raiding the Saturn with TV-B-Gones?
9 What are we talking about? NETWORKS!
10 Why should you care? Do you find it hard to connect your friends? Test new protocols? Your bandwidth being squeezed? Just have fun? CTFs? Basic Research?
11 Community is just good. It s great to share, it s how we all grow. We also stand on the shoulders of giants.
12 So to sum it up We need a way to share with each other. Networks are a great way to do this. Very little setup and maintenance. Free collaboration for everyone involved.
13 So let s get technical!
14 Networks Involved dn42 ChaosVPN ( Beta ) Agora Link
15 Targets and requirements Our project has several goals: Privacy no one looking in our traffic Community connect with friends Availability solid uptime Speed as fast as possible Easy to use maintenance is simple Neighborly join our friends, block our enemies
16 Privacy Some projects aren t ready yet, research takes time!
17 Community We want to be able to share ideas and projects with our friends.
18 Availability The network needs to be available. The best way to reach that is to avoid single points of failure. That means if a node fails not the whole network shall fail.
19 Speed A fast paced society demands a fast paced network. Fast in network terms can be Bandwidth Multimedia requires high bandwidth Latency Voice communication and games require low latency everyone talks to everyone mesh
20 Easy to Use The network should be easy to configure. Nodes should be able to join or leave the network without a sysadmin This requires an automated update solution.
21 Neighborly To be with our friends, we need to connect Targets are hackerspaces, community zones, clubs, shared apartments... Abstracted they can be seen as networks of different sizes.
22 An idea about solutions So we want a mesh based encrypted and authenticated private network that administrates itself. Easy right?!?!
23 Solutions that won t work OpenVPN Classical client/server model Centralized
24 Solutions that won t work Tor - The Onion Router Too slow, encryption/decryption at every hop We are not concerned with anonymity within the darknet, as we already trust everyone
25 Solutions that won t work Freenet Decentralized network mainly focused on anonymity and filesharing Good for filesharing, but what about irc, skype, and new protocols we want to integrate?
26 Solutions that won t work MRN VPN OpenVPN Server Mode SPOFs, sub-optimal routing unrelieable down
27 the dn42 approach Started as a BGP playground, now it s being used to connect people use point to point links openvpn, IPSec,... put BGP on them, do dynamic routing
28 shaken, not stirred ca. 55 entities on the list around 140 tunnels that s people and spaces 70 IPv4 prefixes, 40 IPv6 prefixes
30 participants grab an IP subnet from /15 a private BGP ASN also, the wiki is t3h rulez an IPv6 network from anywhere Some people have official numbers...
31 peerings are made whenever two people agree to peer and they agree on the parameters and they set it up most people follow a common scheme -but why should anyone restrict anyone s choices?
32 we can haz network quite social network (take that, facebook) ask your peers for services bring you friends to the network
33 we can haz network quite social network (take that, facebook) ask your peers for services bring you friends to the network damn, I forgot to embed a Ponzi scheme
34 we can really HAZ network founder dropped for half a year, nothing happened boxes went down and weren t rebuilt, nothing happened friends nag you to fix your connection
35 semantics a bit like IRC: servers form links participating servers agree on rules servers tend not to die, but netsplits are possible
36 chaosvpn first setup by hamburg. ccc. de used tinc mostly ccc based haegar wrote perl based update script works mostly fine perl not available on most routers many nodes did not update problems
37 update.pl download a configuration file from vpn.hamburg.ccc.de decode sanity checks generate tinc configs (re)start tinc
38 chaosvpn 2.0 Rewrite of the perl update code in c with some improvements so it fits on routers Few requirements, dependency to keep lightweight Mostly done by ryd, hc and Haegar with more help from the USA, namely Cinus, Cheryl, John Doe
39 and further Road map better authentication, certificate handling more pull nodes OpenWRT package one network on every of the 4 ports
40 Current Projects freifunk no automatic updates leading to network issues Agora Link / ChaosVPN hackerspaces network warzone research network between research groups enter at your own risk
41 freifunk Used to connect the clouds inter-city like Usually runs on small routers The perl issue No automatic updates, leading to issues like netsplits Partly working
42 Agora North American hackerspaces involved: NYC Resistor (NYC) Noisebridge (San Francisco) PS:One (Chicago) CCCKC (Kansas City) People / Academia More to come
43 chaosvpn CCC Hamburg CCC Hanover Links to CCC Koeln and Berlin t42 Used to transport Chaos Phone earlier hackint irc node people
44 Use Cases VOIP (Chaosphone) media broadcasting, talk streaming making HPC Accesseable cloud computing Internal Sites/Services/Webpages
45 Warzone Playground for security groups: CTFs!!1! University groups Security groups Hackerspaces who want to play Next generation research platform
46 Ubermensch Recap We found a problem to communicate and we tackled it! The network IS UP! We need you! Have resources to share? Contact us!
47 Outro Projects in the future: Global VoIP HPC Computing Media Multicasting CTFs
48 THX Many thanks to: haegar, ryd, hc, winni, OpenWRT helios, jchome, ichdasich, frapzzt, wintix, Crest
49 Where to Join - (BETA)North America dn42.net ChaosVPN - wiki.hamburg.ccc.de
Router on both sides of Tunnel The figure below shows a situation where the Conel/Spectre router is situated on both sides of OpenVPN tunnel. IP address of SIM cards in the router can be static or dynamic.
Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
Virtual Internet Exchange virtix.st Introducing the Virtual Internet Exchange Managerial summary What is the? The idea of is to build an ISP-level VPN provider for Tier 3 and to allow peering at a Virtual
Networking Semester 1 Final After Study Guide The following have been found to be answered wrong by a majority of the class. The drag & drop questions are not partial credit questions. 1. Where do switches
Workflow Guide Establish Site-to-Site VPN Connection using RSA Keys For Customers with Sophos Firewall Document Date: November 2015 November 2015 Page 1 of 10 Establish Site-to-Site VPN Connection using
Peer-to-Peer Networks Organization and Introduction 1st Week Department of Computer Science 1 Peer-to-Peer Networks Organization 2 2 Web & Dates Web page http://cone.informatik.uni-freiburg.de/lehre/vorlesung/
Unit 3 - Advanced Internet Architectures Carlos Borrego Iglesias, Sergi Robles Carlos.Borrego@uab.cat,Sergi.Robles@uab.cat Departament d Enginyeria de la Informació i de les Comunicacions Universitat Autònoma
Workflow Guide Establish Site-to-Site VPN Connection using Digital Certificates For Customers with Sophos Firewall Document Date: November 2015 November 2015 Page 1 of 14 Establish Site-to-Site VPN Connection
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
Author: Seth Scardefield Updated 11/11/2013 Yealink IP Phone OpenVPN Guide This guide will walk you through configuring an OpenVPN server instance in pfsense to allow Yealink IP Phones (T26P, T28P, T32G,
Roman Hochuli - nexellent ag / Mathias Seiler - MiroNet AG North Core Distribution Access South North Peering #1 Upstream #1 Series of Tubes Upstream #2 Core Distribution Access Cust South Internet West
S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006 Original version: Johanna Nieminen and Timo Viipuri (2005) Modified: Timo-Pekka Heikkinen, Juha Järvinen and Yavor Ivanov (2006) Task
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
Solutions Guide Secure Remote Access Allied Telesis provides comprehensive solutions for secure remote access. Introduction The world is generating electronic data at an astonishing rate, and that data
How To Establish Site-to-Site VPN Connection How To Establish Site-to-Site IPSec VPN Connection using Preshared key using Preshared Key Applicable Version: 10.00 onwards Overview IPSec is an end-to-end
HP LeftHand SAN Solutions Support Document Application Notes SAN/iQ Remote Copy Networking Requirements Legal Notices Warranty The only warranties for HP products and services are set forth in the express
How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare firstname.lastname@example.org https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
IPv6 Value Proposition An Industry view of IPv6 Advantages Madrid Global IPv6 Summit May 12-14, 2003 Yanick Pouffary Networks Technical Director - OSSG HP Pr. Member of Technical Staff Agenda What is IPv6
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
Key Data Product #: 3380 Course #: 6420A Number of Days: 5 Format: Certification Exams: Instructor-Led None This course syllabus should be used to determine whether the course is appropriate for the students,
IPv6 Advantages Yanick Pouffary Yanick.Pouffary@compaq.com IPv6 FORUM A world-wide consortium of leading Internet vendors and Research and Education Networks The IPv6 FORUM mission To promote IPv6 in order
1 Objectives VLSM and CIDR Routing Protocols and Concepts Chapters 6 and 7 Compare and contrast classful and classless IP addressing. Review VLSM and explain the benefits of classless IP addressing. Describe
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
Using Innominate mguard over BGAN Version 2 6 June 2008 inmarsat.com/bgan Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure its accuracy,
Configure IPSec VPN Tunnels With the Wizard This quick start guide provides basic configuration information about setting up IPSec VPN tunnels by using the VPN Wizard on the ProSafe Wireless-N 8-Port Gigabit
Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied
Signpost: Trusted, Effectful Internet names Jon Crowcroft from original slides by Anil Madhavapeddy, University of Cambridge Keynote for U-Net@ICC, Ottawa, 11.6.2012 BACKGROUND: 1980 Internet AOL Yahoo!
Firewalls und IPv6 worauf Sie achten müssen! Pascal Raemy CTO Asecus AG email@example.com Asecus AG Asecus AG Security (Firewall, Web-Gateway, Mail-Gateway) Application Delivery (F5 Neworks with BIGIP)
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
IP Office Technical Tip Tip no: 186 Release Date: August 14, 2007 Region: GLOBAL Configuring a VPN Remote IP Phone with an Adtran Netvanta 3305 VPN Router The following document assumes that the user/installer
Multicast Support for MPLS VPNs Configuration Example Document ID: 29220 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure Network Diagram Configurations
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN Product Overview Today s networked applications such as voice and video are accelerating the need
IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections Document ID: 99427 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram
IT-TESTs.com IT Certification Guaranteed, The Easy Way! \ http://www.it-tests.com We offer free update service for one year Exam : NSE4 Title : Fortinet Network Security Expert 4 Written Exam (400) Vendor
The Value of Content Distribution Networks Mike Axelrod, Google firstname.lastname@example.org Introduction Well understood facts: o Fast is better than slow but it costs more to be fast o Network has to be fast and
Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order
The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: email@example.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network
Dynamic Multipoint VPN between CradlePoint and Cisco Router Example Summary This article describes how to setup a Dynamic GRE over IPSec VPN tunnel with NHRP (more commonly referred to as Dynamic Multipoint
IPv6, Mobile IP & Mobile IPv6 Tolga Numanoglu Outline IPv6 Background Features Details Mobile IP Mobile Node, Home Agent, Foreign Agent Mobile IPv6 What s different? IPv6 Background IP has been patched
Felipe Astolfi firstname.lastname@example.org I2P - The Invisible Internet Project Jelger Kroese email@example.com Jeroen van Oorschot firstname.lastname@example.org ABSTRACT I2P is an open source Internet technology
IP Addressing Objectives Explain the different classes of IP addresses Configure IP addresses Subdivide an IP network CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 2 Objectives (continued)
WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table
VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s
VPN Trunk Load-Balance between Vigor3200 and Other Vigor Router This section will discuss how to build VPN Trunk with load-balance between Vigor3200 and other router (e.g., Vigor3300). Scenario 1: One-pair
Cisco EXAM - 300-075 Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2) Buy Full Product http://www.examskey.com/300-075.html Examskey Cisco 300-075 exam demo product is here for you to test the
MPLS over Various IP Tunnels W. Mark Townsley Generic MPLS over IP Manual, Point to Point Tunnel IP/MPLS Network P Manually Configured Tunnel IP Network P IP/MPLS Network Typically a GRE tunnel, but may
International Telecommunication Union IETF Security Work Magnus Nyström Technical Director, RSA Security Presentation made on behalf of the IETF Background Internet Engineering Task Force o International
Quick Note 20 Configuring a GRE tunnel over an IPSec tunnel and using BGP to propagate routing information. (GRE over IPSec with BGP) Appendix A GRE over IPSec with Static routes UK Support August 2012
Introduction to TCP/IP Raj Jain The Ohio State University Columbus, OH 43210 Nayna Networks Milpitas, CA 95035 Email: Jain@ACM.Org http://www.cis.ohio-state.edu/~jain/ 1 Overview! Internetworking Protocol
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
The IP Networks Introduction to Computer Networks Chapter 2 Part 3 of 3 CA M S Mehta, FCA 1 The IP Networks Learning Objectives Task Statements 1.1 Identify deployment of different components of IT and
Internet Services What really is a Service? On internet (network of networks), computers communicate with one another. Users of one computer can access services from another. You can use many methods to
Prominic Private Cloud Private Networking Solutions Powered by Sprint Secure and Reliable Alternatives to the Public Internet Does a single hour of downtime for one of your employees to your servers cost
How to Create a Basic VPN Connection in Panda GateDefender eseries Support Documentation How-to guides for configuring VPNs with Panda GateDefender eseries Panda Security wants to ensure you get the most
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Written by: Salman A. Baset and Henning G. Schulzrinne (Colombia University, NY) CIS 6000 Distributed Systems Benjamin Ferriman email@example.com
Multicast vs. P2P for content distribution Abstract Many different service architectures, ranging from centralized client-server to fully distributed are available in today s world for Content Distribution
ISG50 Application Note Version 1.0 June, 2011 Scenario 1 - ISG50 is placed behind an existing ZyWALL 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements,
Why IPv6 is necessary for new communication scenarios Tony Hain Cisco William Dixon V6 Security For IPv6 Coalition Summit Reston, VA May 26, 2005 How IPv4 NAT Works Internet IPv4 Internal node connects
IP PBX Utilising VPN security when extending PBX services to remote users Virtual Private Network It is not uncommon for a single company to occupy more than one set of premises. Individual users on geographically
Using IPsec VPN to provide communication between offices This example provides secure, transparent communication between two FortiGates located at different offices using route-based IPsec VPN. In this
ProCurve Networking The Next Generation of Networking Introduction... 2 Benefits from... 2 The Protocol... 3 Technology Features and Benefits... 4 Larger number of addresses... 4 End-to-end connectivity...
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security
How to Configure a Client-to-Site IPsec IKEv2 VPN Use an IPsec IKEv2 Client-to-Site VPN to let mobile workers connect securely to your Barracuda NextGen F- Series Firewall with a standard compliant IKEv2
CHAPTER 4 This chapter describes how to configure the firewall mode, routed or transparent, and how to customize transparent firewall operation. Note In multiple context mode, you cannot set the firewall
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF 89, London, UK A New Use Case for LISP It s a use
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
Secure Communications Product Brochure 0.00 R&S IP-GATE IP gateway for encryption devices R&S IP-GATE At a glance The R&S IP-GATE is an IP interface for the encryption device. Used with the, the R&S IP-GATE