[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: RE: [Snort-sigs] Triangle Boy
From: "Scott, Michael R." <MICHAEL.R.SCOTT () saic ! com>
Date: 2002-07-25 17:17:15
[Download RAW message or body]
It appears the TriangleBoy network is still up and running. I recently
filled out the form on their website to receive a copy of the software, and
here is some relevant snippets from the emails I've received:
<quote>
TRIANGLE BOY VOLUNTEER PROGRAM
==============================
Triangle Boy was developed by SafeWeb, Inc. as a response to invasive
online monitoring practices and Internet censorship worldwide. It is
supported by the United States Government's International Broadcasting
Bureau. It is a free, peer-to-peer application that volunteers download
onto their PCs so that users who have been blocked from certain Internet
sites can circumvent firewalls and regain access to those sites.
With Triangle Boy, users everywhere can have free, private and secure
access to an uncensored Web.
Some key features of Triangle Boy:
----------------------------------
1) Requests are transmitted to SafeWeb via Triangle Boy, but Web content
is returned DIRECTLY to the user via IP spoofed packets.
2) All communications are encrypted using 128-bit SSL. The key exchange
is between SafeWeb and the user only, so the Triangle Boy machine CANNOT
eavesdrop on the communications.
3) Users will receive an automatic warning alerting them to inspect
SafeWeb's digital certificate to ensure that they are connected to
SafeWeb through a legitimate Triangle Boy machine, and not through a
fake one.
</quote>
In addition, if you send an email to ip@privatehop.com it will return you a
listing of three current TriangleBoy addrs, but:
<quote>
The number of Triangle Boy IPs published per day is restricted.
You may try again in a few days for a different set of Triangle Boy IPs.
You will not receive any further emails if you try again within an hour.
Thank you for supporting the Privacy Matrix.
</quote>
As for the orig question, a signature to detect this, it may be difficult as
it's all SSL encrypted and the server addrs are not fixed. I will take a
closer look if/when I get a chance to install and play with it.
-Mike
-----Original Message-----
From: Jason [mailto:jason@brvenik.com]
Sent: Tuesday, July 23, 2002 11:02 AM
To: O'Flynn, Derek
Cc: snort-sigs@lists.sourceforge.net
Subject: Re: [Snort-sigs] Triangle Boy
It used to be available at https://www.triangleboy.com
Some archives are still available of fugu
http://web.archive.org/web/20010717133059/fugu.safeweb.com/sjws/solutions/tr
iangle_boy.html
http://web.archive.org/web/20010909152147/fugu.safeweb.com/webpage/tboy_down
load.php3
And I managed to find the source
http://web.archive.org/web/20011109105021/http://fugu.safeweb.com/webpage/tb
oy-1.0.3.tar.gz
I was under the impression however that safeweb no longer provides these
services after Sept 11 to the general public. I do seem to recall that
the initial funding and research were in support of American and
European three letter agencies. I do miss it!
I did find the following 2 items which should clear things up about
Triangle Boy
http://www.safeweb.com/tboy_whitepaper.html
http://www.safeweb.com/tboy_service.html
Down the 2nd page
--- quote ---
Due to the suspension of SafeWeb's online consumer privacy service,
Triangle Boy usage is currently limited to our project with Voice of
America to free the Internet in China. Therefore, all volunteers who
have downloaded Triangle Boy will now have their computers point to
servers that we have set up for Voice of America.
--- quote ---
Regards,
Jason
"O'Flynn, Derek" wrote:
>
> Triangle boy spoofs the IP on the returning packet to be the "triangle"
> client, thereby hiding the safeweb servers. Check out the link John
> provided they explain it in detail. I don't see this as being such a
large
> problem since there is no mass way of downloading the program yet. If it
> does show up on download.com or even a link on their site, then I would
> consider it a problem. I would like to see if there is a signature
> somewhere, I'm trying to find the executable, at which point I can work on
a
> signature, but as of yet, don't have the executable in hand. If someone
has
> the link to download it please post it.
>
> Derek
>
> -----Original Message-----
> From: John Sage [mailto:jsage@finchhaven.com]
> Sent: Monday, July 22, 2002 5:22 PM
> To: snort-sigs@lists.sourceforge.net
> Subject: Re: [Snort-sigs] Triangle Boy
>
> On Mon, Jul 22, 2002 at 11:22:52AM -0700, Florin Andrei wrote:
> > http://siliconvalley.internet.com/news/article.php/707911
> >
> > Anyone has sigs for this nasty little baby?
> >
> > --
> > Florin Andrei
> >
> > Don't break things that don't need to be broken
> > while you're fixing things that really need fixing.
>
> My personal take: this is *almost* as much vaporware as they accuse
> PeekaBooty of being..
>
> It's certainly a great deal of PR fluff.
>
> While PeekaBooty supposedly works from a "..distributed server
> cloud.." (in other words, you don't really know *where* a specific set
> of content is coming from), apparently Triangle Boy works by using
> "..the SafeWeb server, which returns the requested page directly to
> the client browser.."
>
> So how are they going to hide the SafeWeb server's IP address, or the
> IP addresses of their server farm?
>
> Block that, and you've got them by the -- um.. -- you get the idea...
>
> - John
> --
> "Cowardly refusing to create an empty archive."
>
> PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
> Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
--
===(''''/)===(\'''')===
| | | |
| | | |
| | | |
Life's Tuff
Go Ride
-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing
real-time communications platform! Don't just IM. Build it in!
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing
real-time communications platform! Don't just IM. Build it in!
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic