[liberationtech] Open-source GSM network update
Nathan of Guardian
nathan at guardianproject.info
Mon Jun 20 16:53:10 PDT 2011
/** I want to just want to say briefly before diving into the details
that these types of questions are exactly why anyone building anything
that might be considered "liberation tech" needs to do it in a lab
setting, well away from a place where it could cause real people harm.
In addition, the more transparent you can be with what you are doing, as
you do it, the more you will move the forehead-smacking to the early
part of the process, as opposed to later, when it could really cause
damage... In my work as an activist, I haven't always lived up to this
myself, but in my role as a tool builder, I am trying very hard to.
**/
On 06/20/2011 04:06 PM, Moxie Marlinspike wrote:
> How did you handle this at the transport layer? Last I checked, Tor
> doesn't support UDP. Is it possible that the TorRouter thing you're
> running only handles TCP, and just lets UDP pass straight through?
It is possible, as this was a highly unscientific affair ("hackday"),
and as the state of this particular TorRouter as a piece of
software/hardware is highly influx (I am not 100% certain of which build
the hardware that Access provided us is using, and how it compares to
the "official" TorRouter that the Tor Project is working on (but that is
another can of worms).
However, I do remember asking Daniel (of Access) at the moment we made
the call "Hey is this thing routing UDP or dropping it?" and he replied
"It should be dropping it". I know that with the transproxying rules we
use for Orbot, we drop all UDP. If any of the Access team are on this
list, please join in and clarify.
While we were running Wireshark on the LAN/SIP client-side, and
definitely capturing the RTP/UDP packets there, we were not closely
monitoring the Freeswitch<->Callcentric (our DID/VoIP provider) side of
the equation. For the SIP portion at least, I am fairly certain
Freeswitch can use TCP:
http://wiki.freeswitch.org/wiki/Sofia#Does_it_use_UDP_or_TCP.3F
The Freeswitch box did not have a public IP, and we did not do any
special configuration to open TCP or UDP ports. However, I assume
Freeswitch supports some kind of UPNP/NAT traversal capability that
could have made them open up, and caused the auto-Tor rules to be
bypassed as well. (see: http://wiki.freeswitch.org/wiki/NAT)
In general, the way I have looked at doing VoIP over Tor in the past is
through an OpenVPN or SSH-tunnel, which could also solve the UDP
problem... however with more layers, comes more problems.
Best,
Nathan
More information about the liberationtech
mailing list