Defending the Internet with Project Meshnet
Introduction
Topics related to Internet censorship have been debated frequently in the last few years. The main purpose of most Internet censorship actions is to deny access to certain information on the web. This information can be censored throughout the world, or in some cases, can be limited to certain countries. Some countries even have their own censorship policies. One of the many examples of such an act is the very famous SOPA (Stop Online Piracy Act), which had provisions to protect the publication of copyrighted material and intellectual property on the Internet. There are numerous ways to censor information on the Internet, including IP address blocking, DNS Filtering, URL Filtering etc.
What should you learn next?
What should you learn next?
In the past, concerns have been raised over whether Internet censorship is the answer to defend against scenarios that could generate online piracy. This issue has become so prominent because popular sites like Google and Facebook allows users to share information without bearing responsibility for the content posted. These websites do have facilities where copyright holders can file a complaint, and the content will be removed. However, Internet censorship makes it possible to block the entire website for the users, not just a single page or profile. An act which has enough power to take down entire websites like Facebook and Twitter could be used to suppress technology and threaten a free unified and open Internet.
Project Meshnet
Project Meshnet (originally called the Darknet) was born out of concerns over censorship and is aimed at setting up an open, decentralized, and censorship free Internet. The project started with a discussion on reddit, the text of which can be access here. The name Project Meshnet derived from the use of mesh networking topology, which demands that every node must not only capture and disseminate its own data, but also serve as a relay for other nodes in the same network. This architecture makes mesh topology completely decentralized, (i.e. without any centralized authority) thus making it impossible to censor any form of data.
Project Meshnet is still in its alpha stages and is available for testing purposes to its users. The future aim of the project is to use a combination of hardware (called mesh islands) and software (called CJDNS) to set up a decentralized Internet. CJDNS is a routing engine which helps us communicate over the mesh network. Right now, the communication happens over the current Internet infrastructure over a network called Hyberboria. The future aim of the project is to set up its own hardware across the globe through which the communication will take place.
How Does it Work?
The Meshnet network is built on an infrastructure of users. The future aim of the project is to have multiple computers connected to each other through a wireless connection over a virtual network interface. All the information will be encrypted, meaning that only the user at the destination will be able to see the actual data. Packets will be directed from the source to the destination through an intermediate set of nodes until it reaches its final destination. The flow of packets is explained in the wiki section of Project Meshnet's website. An excerpt from the wiki article is below:
"In the CJDNS net, a packet goes to a router and the router labels the packet with directions to a router which will be able to best handle it. That is, a router which is near by in physical space and has an address which is numerically close to the destination address of the packet. The directions which are added to the packet allow it to go through a number of routers without much handling, they just read the label and bounce the packet wherever the next bits in the label tell them to. Routers have a responsibility to 'keep in touch' with other routers that are numerically close to their address and also routers which are physically close to them."
Setting up CJDNS
First and foremost when setting up Project Meshnet is that a participant must set up the CJDNS routing engine on his or her system. In this article we will be looking at how to set up Meshnet on a Mac OS X operating system. Unfortunately, CJDNS only works with Mac OS X 10.7 or newer.
First of all, it is important to make sure that you have all the dependencies installed, which includes git and wget. Downloading the "Command Line Tools for Xcode" from the apple website would also be helpful in the overall process.
First, lets clone the latest from CJDNS's github repository.
Then, go to the CJDNS directory and build using the "./do" command as shown in the figure below. You will be required to have some dependencies like wget, etc. installed on your system in order to conduct a proper build. Otherwise, the build would fail.
The build would take some time, so please be patient.
Here's how your CJDNS should look during building phase. Also, please note that you must have an Internet connection during this whole process.
Once the build is complete, you will get a message stating "Build completed successfully" as shown in the figure below. If you don't see this message, then something is wrong and the build wasn't successful.
Now we need to create a config file that will provide us with a public key, a private key, and an IP address for our node. Run the command as shown in the figure below.
This will create the config file named cjdroute.conf. If you open the file, you will see that we have been assigned a private key, a public key, and an IPv6 address. Yes, Meshnet runs by tunneling IPv6 packets in UDP/IPv4 packets. This is because CJDNS and Hyperboria are still in the early stages of development.
Right now, since Meshnet doesn't have a large user-base from around the world, the Meshnet team has made some public peers available globally for users to connect to. The figure below shows a snapshot from the page http://wiki.projectmeshnet.org/Public_peers , which displays all the public peers available to connect to.
It's always good to check if these servers can be reached by pinging them before trying to connect to them using Meshnet. For example, in the figure below I am pinging a server in the United States to see if it is reachable.
Next, we need to configure the config file in order to connect to that peer. If you open your config file, you will see the following section.
In this file, we need to provide information on the peer that we will be connecting . As you can see from the figure below, I have adjusted the config file to connect to two peers. We can connect to a maximum of three peers at once. We can also add some more options such as "Trust" and "Auth Type". The trust level signifies how much you trust a peer that you are connecting to. It is advisable to assign a higher trust value for those nodes which you have already been connected with in the past. The trust feature has not been implemented in Meshnet yet.
Once you are done with setting up the configuration, start up CJDNS by typing the command as shown in the figure below. You will need admin privileges to run the daemon.
Once you have provided your password, CJDNS will run and you will see the log messages as shown below.
CJDNS is now running properly and communicating with other peers. If you perform a quick "ifconfig" on your system, you will see that a new interface by the name "utun0" has been created. This is the interface used by Meshnet to communicate with the other peers in Hyperboria.
Conclusion
The aim of Project Meshnet is to build a decentralized Internet. This will enable users to exchange information easily without a central authority like an ISP, which can block or filter traffic. In this article we reviewed how to set up Meshnet on our local system, and how to use the network Hyperboria to initiate connections between some publicly available peers.
Help Project Meshnet
The creators of Project Meshnet are always looking for individuals to assist in technical and non-technical fields. Go to Project Meshnet to find out more.
References:
FREE role-guided training plans
FREE role-guided training plans
- Project Meshnet https://projectmeshnet.org/
- MeshWiki https://wiki.projectmeshnet.org/Main_Page
- Mesh Networking http://en.wikipedia.org/wiki/Mesh_networking
In this Series
- Defending the Internet with Project Meshnet
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security