Hardening i2pd setup with AppArmor

Quoting Wikipedia:

AppArmor ("Application") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It was included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

It is a great tool to harden security for any of your applications on Linux, including Invisible Internet router.

Now we have added i2pd profile for AppArmor which you can just throw into your profiles directory and it will just work.

Instruction

First, make sure you have AppArmor installed and working. Run the following:

sudo apparmor_status

If you have AppArmor, it should output apparmor module is …

Read more ...


i2pd keyinfo tool and more

If you ever ran i2p you've noticed that both java i2p and i2pd use a web ui for most interactions. For some (most, if you count "power users") this is not desirable. Until recently there existed no documented command line tools for simple tasks (i.e. getting the b32 address of a destination given a private key file).

Java i2p has some utilities deep within their codebase for this but no documentation on how to use them. Hence the i2pd-tools repo was born.

Building:

git clone --recursive https://github.com/purplei2p/i2pd-tools
cd i2pd-tools
make

The most useful tool in my opinion is keyinfo, a tool that extracts useful information about a private key file, i.e. the full destination, the key type and the .b32.i2p address.

./keyinfo privatekey.dat

The routerinfo tool can be used to generate linux iptables rules to permit traffic to a router …

Read more ...


i2p.rocks in proxy up (again)

i2p.rocks in proxy is up again.

give it a go

ssl cert is only for i2p.rocks so your browser will complain.

If there are any problems or concerns with the in proxy please contact me on xmpp: jeff@i2p.rocks


i2pd 2.11 released

i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.

I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.

I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers).

I2P allows people from all around the world to communicate and share information without restrictions.

i2pd is licensed under the 3-clause BSD license, binary packages are available for Debian, Ubuntu, OS X, FreeBSD, Android and Windows.

View release on GitHub

Changelog for i2pd version 2.11:

  • Full support of zero-hops tunnels
  • Tunnel configuration for HTTP and SOCKS proxy
  • Websockets support
  • Multiple acceptors for SAM destination
  • Routing path for UDP tunnels
  • Reseed through a floodfill
  • Use AVX instructions for DHT and HMAC …

Read more ...


PPA repository for i2pd is available

Good news for Ubuntu/Linux Mint users of Invisible Internet! You can now install i2pd very easily from PPA repository created by community member R4SAS.

Add the PPA and install i2pd using the following commands:

sudo add-apt-repository ppa:purplei2p/i2pd
sudo apt-get update
sudo apt-get install i2pd

That's it. When new version of i2pd will be available, you'll recieve updates via package manager.


Connecting to I2P network through restrictive firewalls

If you'll ever experience problems with connecting to I2P network, your Internet Service Provider may be blocking access to I2P bootstrap servers. It is not a big deal if you have access to GitHub.

Edit reseed section in your i2pd config file i2pd.conf file like that:

[reseed]
verify = true
file = https://github.com/r4sas/i2pd-reseed/releases/download/1.0/i2pseeds.su3

or run binary with option:

./i2pd --verify true --reseed.file https://github.com/r4sas/i2pd-reseed/releases/download/1.0/i2pseeds.su3

and you will bootstrap to I2P network from GitHub.

Alternatively, simply download this file with web browser and reseed from local file:

./i2pd --verify true --reseed.file i2pseeds.su3

ipfs access

this blog can now be accessed via ipfs at /ipns/QmUXNVeuFPqjYRFduTxLkaKB4y6WHV8Drj3gWW2bdamtZU/


DIY darknet for fun and profit

A darknet (or dark net) is an overlay network that can only be accessed with specific software, configurations, or authorization, often using non-standard communications protocols and ports.

Well known example of the darknet is the Onionland -- public darknet created with Tor software. This article will show you how to create your own darknet with Invisible Internet Protocol (I2P) for fun and profit. Unlike the Onionland, it will be fully distributed and suitable for any type of private and anonymous communications.

How own darknet can be useful

Online privacy and anonymity research

You can run your own network to study how anonymous networks work, find their weaknesses and performance improvement possibilities.

Filesharing software

Anonymous network layer can be added to any filesharing software, for example, to torrent clients and apps like PopcornTime. Users will download and share content anonymously …

Read more ...


gpgpipe, an alternative for people who want to curlpipe

The term curlpipe comes from using the program curl to download a file and immediately executing the file via a pipe in the command line (this is bad and you should feel bad for doing this)

curlpipe found in the wild

Regardless of the obvious security concerns, many projects feel the need to tell users to execute arbitrary scripts transmitted over plaintext. Is there a workarround for these people? I believe there is now: just pipe it through gpg.

But wait, that won't actually work.

Consider the following:

curl $url | gpg | bash

This command SHOULD fail if the signature is invalid but it doesn't.

curl http://i2p.rocks/files/gpg-test.sh.asc | gpg | bash
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                        Dload  Upload   Total   Spent    Left  Speed
100   293  100   293    0     0   7274      0 --:--:-- --:--:-- --:--:--  7325
it works
backdoor
gpg: Signature made Sat 22 Oct 2016 08:18:57 AM EDT using …

Read more ...


i2pd 2.10 released

i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.

I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.

I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers).

I2P allows people from all around the world to communicate and share information without restrictions.

i2pd is licensed under the 3-clause BSD license, binary packages are available for Debian, Ubuntu, OS X, FreeBSD, Android and Windows.

View release on GitHub

Changelog for i2pd version 2.10:

  • Added support of datagram I2P tunnels
  • Reduced file descriptors usage
  • Unique local addresses for server tunnels
  • Added configuration options for list of reseed servers and initial addressbook
  • Added configuration option for netid
  • Added ability to …

Read more ...