Sunday, October 3, 2010

Tcpcrypt on Ubuntu.

If you dont already know here is what tcpcrypt is and a run down on what it does.

Taken from
Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP. Install Tcpcrypt and you'll feel no difference in your every day user experience, but yet your traffic will be more secure and you'll have made life much harder for hackers.

And yes its as good as it sounds, but it does have a few weaknesses. Heres a little blerb of how it works and more detials on its short comings.

Tcpcrypt is opportunistic encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be in clear text. Thus, Tcpcrypt alone provides no guarantees—it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.

Network attackers come in two varieties: passive and active (man-in-the-middle). Passive attacks are much simpler to execute because they just require listening on the network. Active attacks are much harder as they require listening and modifying network traffic, often requiring very precise timing that can make some attacks impractical.

By default Tcpcrypt is vulnerable to active attacks—an attacker can, for example, modify a server's response to say that Tcpcrypt is not supported (when in fact it is) so that all subsequent traffic will be clear text and can thus be eavesdropped on.

Tcpcrypt, however, is powerful enough to stop active attacks, too, if the application using it performs authentication. For example, if you log in to online banking using a password and the connection is over Tcpcrypt, it is possible to use that shared secret between you and the bank (i.e., the password) to authenticate that you are actually speaking to the bank and not some active (man-in-the-middle) attacker. The attacker cannot spoof authentication as it lacks the password. Thus, by default, Tcpcrypt will try its best to protect your traffic. Applications requiring stricter guarantees can get them by authenticating a Tcpcrypt session.

Now to install this guy we need to get our system ready so lets start by opening a term up and running this:
sudo apt-get install iptables libcap-dev libssl-dev libnfnetlink-dev libnetfilter-queue-dev git-core

Then run these commands:
git clone git://
cd tcpcrypt/user

Now we need to edit rc.local "/etc/rc.local"
sudo vi /etc/rc.local

Add this line before "exit 0"
sh /home/user/tcpdump/user/

And restart your done!! You may want to move the tcpcrypt dir out of your home dir but thats up to you. Enjoy!

1 comment:

  1. You have to enter: "./configure" (without the quotes) before "make)
    And in order to install tcpcrypt you normally issue: "make install" (without the quotes of course).