top of page
Search
Writer's pictureTenaka

The Onion Router (TOR) in a Box

Updated: Jun 30, 2022

TOR protects the user's privacy and your IP address from your ISP and anyone interested in the traffic leaving the property by applying multiple layers of encryption to your browser traffic and passing the traffic through a series of random Tor relays. As the traffic progresses through the relays a layer of encryption is decrypted revealing the next hope unit the exit node where the final layer is decrypted and the original web request is sent on to its final destination.


Simplified diagram of Tor. The green lines are encrypted.

That's the basics of how Tor works and I tend to run it from a Linux variant such as Kali or Backbox. A while back I purchased an Invizbox One, tested it and then chucked it in the back of the drawer. But with some extra time on my hands due to CV-19 I thought I would revisit the Invizbox.


To start with the Invizbox didn't power on, a great start, it didn't like being plugged into the USB port of the router and so I moved it to a PC.


Once connected to the Admin page the firmware had to be updated before Tor would start.


On the Zyxel I assigned the DMZ to port 5, configured the Firewall, DHCP, DNS and then plugged in the yellow cable.

On the Invizbox Admin page, I set the Privacy Mode to 'Tor'

Set the country options to Europe and UK, wasn't sure if the UK was considered part of the EU or not......

That was pretty much it, nice and easy. Any client, Windows, Linux or even...Mac (yuck) can connect to the Invizbox wifi and browse from any country in Europe or UK. Yesterday apparently I was visiting Romania and today it's Germany.

To sum up, it's a nifty little device that makes it easy and more accessible to more devices including those you can't install software on. The Invizbox was purchased a few years back at a cost of £50, it's now £80 on Amazon, direct from the Invizbox there's now a subscription for the VPN. There are alternatives like Anonabox. Would I purchase one today at £80, unlikely, if I had to use a device I would rather build an Onion Pi or Odroid. But likely I would carry on using Kali with Tor, it's free.


Now the words of warning:


There have been security flaws with Tor devices and with Tor as a browser, regularly check for updates.


To maintain anonymity don't use the computer where your also logging on to Facebook, Amazon etc....


I would stay away from using Windows as it's a little heavy on the MS spyware and there's the potential for AV and Windows updates to be tampered with on the exit nodes.


Only use secure websites to prevent the exit nodes from performing Man In The Middle attacks.


The relay nodes are run and maintained by volunteers, which means that the nodes can't be trusted and some will be run by the NSA, FBI or criminals.


https://tails.boum.org/ is recommended for maintaining privacy



Invizbox and Alternatives




50 views0 comments

Recent Posts

See All

Credential Stuffing

Reusing passwords across multiple accounts can put you at significant risk because hackers can exploit this practice through a technique...

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page