blog-contributions/opsec/anonymity/old.html

310 lines
11 KiB
HTML
Raw Normal View History

2024-07-25 12:23:36 +02:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>anonymity Setup</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-cis navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
2024-10-06 21:59:43 +02:00
<a class="navbar-brand-cis" href="\index.html">The Nihilism Blog</a>
2024-07-25 12:23:36 +02:00
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
2024-08-12 23:22:38 +02:00
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
2024-07-25 12:23:36 +02:00
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="cis2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nothing@nowhere - 2023-09-24</ba></p>
<h1>anonymity Setup </h1>
<p>In this tutorial we're going to take a look at how to manage your online Anonymity.</p>
<img src="0.png" class="imgRz">
<p>We want 3 ways to access websites. The first being while using tor, for complete anonymity. The second is to do the same but to masquerade it with a non-KYC VPN which will also be acquired anonymously, and the last is without any protection.</p>
<img src="1.png" class="imgRz">
<p>As a preventive measure, we're going to separate each VMs using VLANs, so that there's a clear separation between any KYC VMs, and VMs used for anonymity. To do so there will be 3 separate VLANs, one being for Anonymity purposes, and the others for KYC use.
For Anonymity, there will be a veracrypt hidden partition in use for plausible deniability.</p>
<img src="2.png" class="imgRz">
<p>To prepare the computer for those tasks, we will rely on opensource software to avoid any tracking, we'll remove logs from arch linux, and from pfsense. </p>
<p>And lastly, we're going to take a look at how to keep track of your accesses to the websites you access anonymously</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="cis3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
<p>First let's make sure all logs get erased upon system shutdown (by piping all logs to go to the /tmp/ folder):</p>
<pre><code class="nim">
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ sudo rm -rf log
[sudo] password for nothing:
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ sudo ln -s /tmp/ /var/log
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ ls -lash log
0 lrwxrwxrwx 1 root root 5 Sep 24 18:43 log -> /tmp/
</code></pre>
<p>Next we're going to install libvirti as seen <a href="../virtual/virtmanager.html">here</a>:</p>
<pre><code class="nim">
sudo pacman -S libvirt qemu virt-manager dnsmasq bridge-utils
sudo systemctl enable --now libvirtd
virt-manager
</code></pre>
<p>Then create the 2 separate LANs for the VMs in virt-manager like so:</p>
<img src="27.png" class="imgRz">
<img src="28.png" class="imgRz">
<p>Then you're going to need to create the pfsense VM, so first get the iso from the <a href="https://www.pfsense.org/download/">official website</a>:</p>
<img src="8.png" class="imgRz">
<pre><code class="nim">
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ cd /mnt/VAULT/ISOs
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/mnt/VAULT/ISOs]
→ mv ~/Downloads/pfSense-CE-2.7.0-RELEASE-amd64.iso.gz .
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/mnt/VAULT/ISOs]
→ ls -lash | grep pfSense
730M -rw-r--r-- 1 nothing nothing 730M Sep 24 19:16 pfSense-CE-2.7.0-RELEASE-amd64.iso
</code></pre>
<p>Then create the VM:</p>
<img src="7.png" class="imgRz">
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<img src="11.png" class="imgRz">
<p>Before installing the VM we will setup the 3 network cards it will handle: The default WAN, and the 2 LANs </p>
<img src="12.png" class="imgRz">
<img src="13.png" class="imgRz">
<img src="14.png" class="imgRz">
<img src="15.png" class="imgRz">
<p>Now let's start installing the pfsense VM:</p>
<img src="16.png" class="imgRz">
<img src="17.png" class="imgRz">
<img src="18.png" class="imgRz">
<img src="19.png" class="imgRz">
<img src="20.png" class="imgRz">
<img src="21.png" class="imgRz">
<img src="22.png" class="imgRz">
<p>And now that's done, next step is to make sure pfsense handles the 2 VLANs properly:</p>
<img src="23.png" class="imgRz">
<img src="24.png" class="imgRz">
<img src="25.png" class="imgRz">
<img src="26.png" class="imgRz">
<p>Then we set the ip addresses of each interface, starting with the LAN-KYC VLAN:</p>
<img src="29.png" class="imgRz">
<img src="30.png" class="imgRz">
<img src="31.png" class="imgRz">
<img src="32.png" class="imgRz">
<p>Then do the same for the LAN-ANON VLAN:</p>
<img src="36.png" class="imgRz">
<img src="37.png" class="imgRz">
<img src="38.png" class="imgRz">
<p>For this next step, we're going to put a VM in the KYC vlan to finish the pfsense router setup</p>
<img src="39.png" class="imgRz">
<img src="40.png" class="imgRz">
<p>From there, it's a matter of setting up pfsense:</p>
<img src="41.png" class="imgRz">
<img src="42.png" class="imgRz">
<img src="43.png" class="imgRz">
<img src="44.png" class="imgRz">
<img src="45.png" class="imgRz">
<p>To change the pfsense theme to a dark theme, go in System > General Setup > webConfiguratior > Theme > set to pfsense-dark</p>
<img src="46.png" class="imgRz">
<p>As you've seen above, we've set 2 temporary public dns servers, so next we're going to setup 2 local TOR DNS servers, which will allow the VMs to resolve any domain anonymously. </p>
<img src="47.png" class="imgRz">
<p>Once done, we make sure that pfsense takes these 2 dns servers, and only uses them, will also setup firewall rules to deny any other dns traffic. </p>
<img src="48.png" class="imgRz">
<p>Here you can see it's working fine:</p>
<img src="49.png" class="imgRz">
<p>Then shutdown the VM, clone it and you'll have the 2 tor DNSes working.</p>
<img src="50.png" class="imgRz">
<p>Next just put them in the anon VLAN:</p>
<img src="51.png" class="imgRz">
<img src="52.png" class="imgRz">
<p>Once in there, we make sure that they are DHCP reserved so their ip won't change over time:</p>
<img src="53.png" class="imgRz">
<img src="54.png" class="imgRz">
<img src="55.png" class="imgRz">
<p>Then do the same for the other tordns:</p>
<img src="56.png" class="imgRz">
<img src="57.png" class="imgRz">
<p>Then from the firewall, we allow the whole subnet to communicate to tordns1 and 2, because they will also be the bridge nodes, and we allow the tordns 1 and 2 servers to connect anywhere with any protocol.
That way, the only traffic that can escape from the anon subnet, will only be through these 2 servers, that will prevent any data leak from happening.</p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="cis2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Setup</b></h2> </br> </br>
<p></p>
<img src="" class="imgRz">
<pre><code class="nim">
</code></pre>
<p></p>
<img src="" class="imgRz">
<pre><code class="nim">
</code></pre>
<p></p>
<img src="" class="imgRz">
<pre><code class="nim">
</code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="cis1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Setup</b></h2> </br> </br>
<p></p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="cisb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
2024-07-25 12:23:36 +02:00
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
2024-10-03 21:57:20 +02:00
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
2024-07-25 12:23:36 +02:00
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
2024-08-28 20:13:19 +02:00
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
2024-07-25 12:23:36 +02:00
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>