Search

The Onion Router (TOR) in a Box

Updated: Jul 4, 2020

TOR protects the users privacy and your IP address from your ISP and anyone interested in the traffic leaving the property by applying multiple layers of encryption to your browser traffic and passing the traffic through series of random Tor relays. As the traffic progresses through the relays a layer of encryption is decrypted revealing the next hope unit the exit node where the final layer is decrypted and original web request is sent on to its final destination.


Simplified diagram of Tor. The green lines are encrypted.

That's the basics of how Tor works and I tend to run it from a Linux variant such as Kali or Backbox. A while back I purchased an Invizbox One, tested it and then chucked it in the back of the drawer. But with some extra time on my hands due to CV-19 I thought I would revisit the Invizbox.


To start with the Invizbox didn't power on, a great start, it didn't like being plugging into the USB port of the router and so I moved it to a PC.


Once connected to the Admin page the firmware had to be updated before Tor would start.


On the Zyxel I assigned the DMZ to port 5, configured the Firewall, DHCP, DNS and then plugged in the yellow cable.

On the Invizbox Admin page I set the Privacy Mode to 'Tor'

Set the country options to Europe and UK, wasn't sure if the UK was considered part of the EU or not......

That was pretty much it, nice and easy. Any client, Windows, Linux or even...Mac (yuck) can connect to the Invizbox wifi and browse from any country in Europe or UK. Yesterday apparently I was visiting Romania and today its Germany.

To sum up its a nifty little device that makes easy and more accessible to more devices including those you cant install software on to. The Invizbox purchased a few years back to a cost of £50, its now £80 on Amazon, direct from the Invizbox there's now a subscription for the VPN. There are alternatives like Anonabox. Would I purchase one today at £80, unlikely, if I had to use a device I would rather build a Onion Pi or Odroid. But likely I would carry on using Kali with Tor, its free.


Now the words of warning:


There have been security flaws with Tor devices and with Tor as a browser, regularly check for updates.


To maintain anonymity don't use the computer where your also logging on to Facebook, Amazon etc....


I would stay away from using Windows as its a little heavy on the MS spyware and there's the potential for AV and Windows updates to be tampered with on the exit nodes.


Only use secure web sites to prevent the exit nodes from performing Man In the Middle attacks.


The relay nodes are run and maintained by volunteers, it means that the nodes can't be trusted and some will be run by the NSA, FBI or criminals.


https://tails.boum.org/ is recommended for maintaining privacy



Invizbox and Alternatives

https://www.anonabox.com/buy-anonabox-original.html

https://www.invizbox.com/products/invizbox/#pricing

https://www.raspberrypi.org/blog/onion-pi-tor-proxy/




15 views0 comments

Recent Posts

See All

Passwords, this is not a lecture.....

There's lots on the web regarding passwords and what they should consist of. There are plenty of sites that also validate the strength of a would be password. But do those sites make useful suggestion