Slashdot Mirror

← Back to Stories (view on slashdot.org)

Triangle Boy Lives

Posted by timothy on from the antimissile-missile dept.

mlinksva writes: "Safeweb cancelled their free service late last year, but their P2P anonymizing proxy, Triangle Boy, has been spotted in the wild (south of Fort Worth, Texas). 'Because of its stealth nature, the P2P software does not show up in reports from many filtering products and the administrator doesn't even know the problem exists and has no way to check it.'(via UniteTheCows)."

8 of 207 comments (clear)

  1. Not all web proxys are p2p software, but... by Erpo · · Score: 3, Informative

    ...this one is. It just bounces requests off of other triangle boy users, as opposed to a server you've set up at home.

  2. Re:MPAA on the prowl! by Anonymous Coward · · Score: 1, Informative

    uh..sorry, it was a pop-culture reference you might have missed. South Park. There is an episode where a film festival comes to town. Cartman says that all independant films are gay cowboys eating pudding. He is proven right later on in the show...

  3. Re:Need Link to Source Code and or Binary by Anonymous Coward · · Score: 5, Informative

    http://www.safeweb.com/pr_tboy1.html says
    ---
    The source code for Triangle Boy 1.0 is available immediately. Those who wish to volunteer to host a Triangle Boy machine can download the free program from the SafeWeb site at http://fugu.safeweb.com/webpage/tboy-1.0.3.tar.gz. Volunteers must have a PC running Linux or Windows NT/2000.

  4. Re:...or SSH by drsoran · · Score: 2, Informative

    It's even easier if you're using OpenSSH:

    ssh -D 1080 yourhomemachine.org

    Point Nutscrape or Mozilla to localhost port 1080 for the Socks4 proxy. Everything will go over the SSH connection and be proxied by your remote machine without a need for Squid or an explicit web proxy. Don't forget to ask your local security team if this is permissible before doing it though! It may be a big violation to circumvent the access controls in place to support a local security policy. You can, may, and will lose your job over it. Make sure it's worth it.

  5. still alive..... yes by amithv · · Score: 4, Informative
    I had downloaded Triangle Boy and put it on my Linux machine when it was released so I get around various blocks at different places where I used the Internet. When SafeWeb called it quits, my Triangle Boy client continued to work which I found interesting. But I didn't complain.

    That is until someone in Taiwan spammed a whole bunch of people with my IP address advertising it as a way to get around Chinese Internet censorship (my friend translated the Simplified Chinese in the e-mail). My ISP found out that my IP address was in the e-mail and was pissed and suspended my account (Ironically not because I was running Triangle Boy, but because my IP address was in the e-mail. They though *I* sent out the spam!) I just shut down the program, but lesson learned I guess.

  6. Re:Anyone know anything more about this? by Quixote · · Score: 3, Informative
    How does it work? What does "stealth" mean in this context? Why wouldn't it be blocked by people having firewalls explicitly for the purpose of locking someone in?

    IIRC, the data is sent to your machine via forged UDP packets. The client on your machine (which is also the proxy for your machine) then reassembles the packets and forwards them to your browser.

    Checkout the TriangleBoy Whitepaper

  7. Re:Anyone know anything more about this? by dohcvtec · · Score: 3, Informative

    Quoting the article: ... returns the requested page directly to the client browser, "spoofing" the origin address so that it appears to come from the Triangle Boy host.
    Unless I'm reading this wrong, or the author of the article doesn't know what they're talking about, the spoofing occurs outside of your network. Apparently, Triangle Boy knows that Safeweb IP addresses will be blocked by some firewalls or filtering software, so the return traffic from Safeweb (e.g. viewing web pages) is spoofed to the IP address of the Triangle Boy host. It's not like clients inside your network are spoofing their source addresses. If that were the case, you would be right and any decent firewall ruleset would block such activity.
    I know at least my firewall would block that
    Your firewall would block address spoofing from the inside, but not from the outside like in this case. I don't know the details, but I would think that the spoofing on Triangle Boy's part would have to take into account issues like TCP state and TCP sequence numbers to work properly, and IF these issues are taken care of, nothing would look suspicious to your firewall.

    --
    -- Never hit a man with glasses. Hit him with a baseball bat.
  8. Before you think tboy is safe in US, read this: by Anonymous Coward · · Score: 1, Informative

    http://www.der-keiler.de/Mailing-Lists/securityfoc us/security-basics/2001-11/0344.html

    If your speech or desired access is offensive to the Chinese government only, you will be safe, but if it is offensive to the US, think again.