Discussion: How to make sure all internet traffic is tunneled by Phantom
8 views
Skip to first unread message
Michael
May 26, 2009, 8:45:22 AM5/26/09
to Phantom Protocol
Dear Phantoms,
The Phantom Protocol is intended to anonymize all internet traffic. We
should be able to rule out any application communicating over the
internet in standard fashion, once Phantom is running and active on a
computer.
In the design it was suggested to go as low level as necessary, in
order that applications don't even notice or need to notice, that they
are using our AP protocol instead of directly using IP with TCP or
UDP. This might lead to some application specific problems (e.g. DNS),
as Walter pointed out in another thread, but let's discuss these
problems and solutions for it in another thread.
So so far I found three different possibilities, that would allow us
to reach this goal:
(symbols and abbreviations explained at the bottom of the mail)
1: using Tun/Tap
2: overloading the socket API
3: netlink sockets
No.1 TunTap was already discussed in the thread Initial Research on
Implementation (http://groups.google.com/group/phantom-protocol/t/
b379a10b877aa915). To sum it up:
[+] runs on Unix, Linux, Mac and Windows
[+] clean solution, easy for us to use/implement
[-] requires the user to create and configure a virtual TunTap network
interface (possible hurdle for many unexperienced users, resp. DAUs*)
[-] possibly requires root access to the computer
No. 2 is the idea of simply overloading the socket API used by the OS.
This could be done by ld_preload and perhaps in the user space (i am
not sure there).
[+] suitable for DAUs
([+] perhaps possible to run in user space)
[-] restriction to the possibilities and limits of the socket API.
No.3 using netlink sockets. This is basically the same as No.1 without
having all the work already done by someone else.
[+] perhaps possibility to find a solution that does not require the
set up of a virtual interface on the user side (DAU compatible)
[-] probably a lot of work for us
-------
That's what I've found out so far. There might be more than these
three possibilities, If I find another I will add it in this thread.
For now I am inviting you to discuss these three with me.
I will try to find out more about these solutions, so we can replace
some of the "perhapses" and "probablys" above.
see you... anonymized ;)
Michael
[Legend]
[+] marks an advantage of the specific approach
[-] marks a disadvantage of the specific approach
DAU is a useful German abbreviation. It stands for Dümmster
Anzunehmender User. Since there is no English pendant/translation of
this term, I'll be using the German one. DAU means "most stupid user
imaginable". The closest English term might be Luser.
The Phantom Protocol is intended to anonymize all internet traffic. We
should be able to rule out any application communicating over the
internet in standard fashion, once Phantom is running and active on a
computer.
In the design it was suggested to go as low level as necessary, in
order that applications don't even notice or need to notice, that they
are using our AP protocol instead of directly using IP with TCP or
UDP. This might lead to some application specific problems (e.g. DNS),
as Walter pointed out in another thread, but let's discuss these
problems and solutions for it in another thread.
So so far I found three different possibilities, that would allow us
to reach this goal:
(symbols and abbreviations explained at the bottom of the mail)
1: using Tun/Tap
2: overloading the socket API
3: netlink sockets
No.1 TunTap was already discussed in the thread Initial Research on
Implementation (http://groups.google.com/group/phantom-protocol/t/
b379a10b877aa915). To sum it up:
[+] runs on Unix, Linux, Mac and Windows
[+] clean solution, easy for us to use/implement
[-] requires the user to create and configure a virtual TunTap network
interface (possible hurdle for many unexperienced users, resp. DAUs*)
[-] possibly requires root access to the computer
No. 2 is the idea of simply overloading the socket API used by the OS.
This could be done by ld_preload and perhaps in the user space (i am
not sure there).
[+] suitable for DAUs
([+] perhaps possible to run in user space)
[-] restriction to the possibilities and limits of the socket API.
No.3 using netlink sockets. This is basically the same as No.1 without
having all the work already done by someone else.
[+] perhaps possibility to find a solution that does not require the
set up of a virtual interface on the user side (DAU compatible)
[-] probably a lot of work for us
-------
That's what I've found out so far. There might be more than these
three possibilities, If I find another I will add it in this thread.
For now I am inviting you to discuss these three with me.
I will try to find out more about these solutions, so we can replace
some of the "perhapses" and "probablys" above.
see you... anonymized ;)
Michael
[Legend]
[+] marks an advantage of the specific approach
[-] marks a disadvantage of the specific approach
DAU is a useful German abbreviation. It stands for Dümmster
Anzunehmender User. Since there is no English pendant/translation of
this term, I'll be using the German one. DAU means "most stupid user
imaginable". The closest English term might be Luser.
Magnus Bråding
May 26, 2009, 9:45:13 AM5/26/09
to phantom-...@googlegroups.com
Hi Michael,
First of all, the original Phantom specification does not state that all
communication in the operating system should be Phantom
enabled/anonymized. This would be extremely inconvenient actually, given
that Phantom has its own network space, non-intersecting the Internet
space (i.e. you can never reach a server on the internet from a Phantom
enabled application, unless that server is explicitly Phantom enabled).
Thus, it would just break the majority of applications in the system
(i.e. the ones who expect to talk to a "normal" existing server on the
internet) to "Phantomize" all communication.
This is the reason that the spec states that anonymization should be
done per application. The spec suggests that the easiest and safest way
to intercept the communication on this level is to hook the socket API.
And yes, this can be done from user space, no problem! One of the
simpler ways would be to use a proxy DLL for the Winsock library, loaded
either by tricking the Windows loader to load it directly for the
intended application, or by using DLL injection techniques to load the
hooks. And yes, this would be the equivalent of LD_PRELOAD in Linux/Unix.
You will find more info and more or less ready-made code for this exact
purpose for example here:
http://www.codeproject.com/KB/DLL/ReplaceWindowsSocketsDLLs.aspx?fid=420936&df=90&mpp=25&noise=3&sort=Position&view=Quick&select=2206183
http://www.codeproject.com/KB/DLL/CreateYourProxyDLLs.aspx?fid=362662&df=90&mpp=25&noise=3&sort=Position&view=Quick&fr=26
Unfortunately, many of the discussions here on the list so far have been
based on side tracks, somewhat confused ideas, and/or lack of
reading/understanding the original specification. Thus, please don't
take these discussions too seriously, or at least always read the spec
first, and only if something is missing in there, then see if there has
been suggested some kind of fix for it here on the list.
As you mention, this aspect of the "whole" (i.e. the implementation of
communication interception) is not at all critical to your main goal of
implementing the core functionality of Phantom, so please don't put too
much focus on it at all. For a proof of concept implementation, you can
just as well make a test application that just uses the intended "hook
functions" directly, instead of even trying to use the normal
Winsock/socket functions. The final hooking stuff will be easily fixed
at a later point, as a completely different "module", which can
absolutely be done by someone more comfortable with such techniques, so
please just ignore it completely at this point!
Regards,
Magnus
First of all, the original Phantom specification does not state that all
communication in the operating system should be Phantom
enabled/anonymized. This would be extremely inconvenient actually, given
that Phantom has its own network space, non-intersecting the Internet
space (i.e. you can never reach a server on the internet from a Phantom
enabled application, unless that server is explicitly Phantom enabled).
Thus, it would just break the majority of applications in the system
(i.e. the ones who expect to talk to a "normal" existing server on the
internet) to "Phantomize" all communication.
This is the reason that the spec states that anonymization should be
done per application. The spec suggests that the easiest and safest way
to intercept the communication on this level is to hook the socket API.
And yes, this can be done from user space, no problem! One of the
simpler ways would be to use a proxy DLL for the Winsock library, loaded
either by tricking the Windows loader to load it directly for the
intended application, or by using DLL injection techniques to load the
hooks. And yes, this would be the equivalent of LD_PRELOAD in Linux/Unix.
You will find more info and more or less ready-made code for this exact
purpose for example here:
http://www.codeproject.com/KB/DLL/ReplaceWindowsSocketsDLLs.aspx?fid=420936&df=90&mpp=25&noise=3&sort=Position&view=Quick&select=2206183
http://www.codeproject.com/KB/DLL/CreateYourProxyDLLs.aspx?fid=362662&df=90&mpp=25&noise=3&sort=Position&view=Quick&fr=26
Unfortunately, many of the discussions here on the list so far have been
based on side tracks, somewhat confused ideas, and/or lack of
reading/understanding the original specification. Thus, please don't
take these discussions too seriously, or at least always read the spec
first, and only if something is missing in there, then see if there has
been suggested some kind of fix for it here on the list.
As you mention, this aspect of the "whole" (i.e. the implementation of
communication interception) is not at all critical to your main goal of
implementing the core functionality of Phantom, so please don't put too
much focus on it at all. For a proof of concept implementation, you can
just as well make a test application that just uses the intended "hook
functions" directly, instead of even trying to use the normal
Winsock/socket functions. The final hooking stuff will be easily fixed
at a later point, as a completely different "module", which can
absolutely be done by someone more comfortable with such techniques, so
please just ignore it completely at this point!
Regards,
Magnus
Reply all
Reply to author
Forward
0 new messages