Pierluigi Paganini
November 30, 2015
The non-profit security research project originating from the Czech Republic, which focuses on safety of SoHo users, has recently entered a new phase. This project, whose users include such celebrities as Vint Cerf and Steve Crocker, is the work of CZ.NIC, the administrator of the Czech national domain .CZ and developer of globally used open-source projects, such as the authoritative DNS server KnotDNS or the routing daemon Bird.
In the original project, each user of the service received a Turris router, which extends standard functions of a home router to include the ability to analyze traffic between the Internet and the home network, while identifying suspicious data streams. If such data stream is detected, the router alerts the Turris central to a possible attack. The system central then compares data from many connected Turris routers and evaluates the detected threat.
If the threat is classified as attack, updates are created and distributed throughout the Turris network to help protect all other users. The router also includes other interesting safety-related features. One of them is the Majordomo tool which enables the user to check what public IP addresses the devices on their network communicated with. This tool was inspired by earlier problems of some IoT devices, such as TVs, which were caught sending data “home”.
Hardware and software developed within the project are completely open and accessible to the whole community. The aim of this project is to increase the safety of SoHo users while identifying new threats on the Internet. The Turris router supports IPv6, DNSSEC, automatic updates, and much more. The router, which is an important part of the project, was originally intended only for users from the Czech Republic. Due to the great success of the project, it was decided to create a similarly equipped device that would be available to users from other countries.
This is how the project of the Turris Omnia router came to be, which retained most important features of the original device.
The performance is provided by a 1.6GHz dual-core ARM CPU, 4GB of flash storage and 1GB of DDR3 RAM. Turris is ready for fast WAN and LAN: it has six 1Gb ports and dual-band Wi-Fi 802.11ac (3×3 MIMO)/ 802.11b/g/n (2×2 MIMO).
It also offers an SFP connector for optical Internet. Such a powerful router obviously suggests other possible uses, for example as a home NAS, that is why two USB 3.0 ports are also included. The router’s board has two Mini PCI Express ports, one mSATA, pins for GPIO, I²C, SPI and even a slot for a SIM card. Compared to the original Turris router, Turris Omnia brings one major change.
Participation in the research project is voluntary and the user can decide whether to enable the collection of anomalies on the device, for example.
Both versions of the router also allow their users to redirect certain ports to the common honeypot of the project, making the system central receive information about the behavior of attackers in the various networks, to which the routers are connected.
Thanks to this option, the project has already achieved success in detecting suspicious behavior of particular systems, protecting users from web pages spreading malware and identifying Turris clients’ computers that were members of the Zeus botnet. In the course of the last year’s investigation of attacks on users of the Synology Company, the company became interested in the anonymous data from the project.
The Turris project publishes information on curious findings on the CZ.NIC blog.
The Turris Omnia router can now be ordered in the crowdfunding campaign on Indiegogo either as the raw motherboard, or the complete device. The project remains non-profit, the price takes into account only the actual costs of CZ.NIC for the device production.
(Security Affairs – Turris Omnia, SOHO routers)
