-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Using several accounts of instant messaging, email, IRC and foruns
through Tor we can be spoted by using the same exit node. I need
pratical examples to configure torrc to use MapAddress and TrackHostExits.
If is possible please
Hi!
I am wondering why should I allow SSH and Telnet ports to be open on a
relay? Is there really a usage case where a Tor user would need them
(because connecting with SSH to a server does somehow go against
anonymity)? Because otherwise it could be used for dictionary attacks
against SSH hosts.
On Sun, Dec 14, 2008 at 07:15:18PM +0100, Mitar wrote:
I am wondering why should I allow SSH and Telnet ports to be open on a
relay? Is there really a usage case where a Tor user would need them
(because connecting with SSH to a server does somehow go against
anonymity)? Because otherwise it
On Sun, Dec 14, 2008 at 07:15:18PM +0100, Mitar wrote:
Hi!
I am wondering why should I allow SSH and Telnet ports to be open on a
relay? Is there really a usage case where a Tor user would need them
(because connecting with SSH to a server does somehow go against
anonymity)? Because
On Sun, Dec 14, 2008 at 11:36 AM, Christopher Davis loaf...@gmail.com wrote:
On Sun, Dec 14, 2008 at 07:15:18PM +0100, Mitar wrote:
Hi!
I am wondering why should I allow SSH and Telnet ports to be open on a
relay? Is there really a usage case where a Tor user would need them
(because
On Sun, Dec 14, 2008 at 10:36:13AM -0800, Christopher Davis wrote:
How practical is SSH password cracking over Tor? Wouldn't the latency
deter attackers?
SSH password attacks from single sources can be deterred with watcher programs
such as Fail2Ban which modify the firewall to discard
Hi!
On Sun, Dec 14, 2008 at 7:26 PM, Roger Dingledine a...@mit.edu wrote:
That said, feel free to take out ports 21 and 22 from your exit policy
if they make you uncomfortable.
Is there maybe a middle way? For example to limit number of
connections exiting to the same host? So I could limit to
Kasimir Gabert schrieb:
On Sun, Dec 14, 2008 at 11:36 AM, Christopher Davis loaf...@gmail.com
wrote:
How practical is SSH password cracking over Tor? Wouldn't the latency
deter attackers?
I have received about 70 brute force ssh attempts on my Tor node in the
past month from other exit
On Sun, Dec 14, 2008 at 12:48 PM, Dominik Schaefer schaed...@gmx.de wrote:
Kasimir Gabert schrieb:
On Sun, Dec 14, 2008 at 11:36 AM, Christopher Davis loaf...@gmail.com
wrote:
How practical is SSH password cracking over Tor? Wouldn't the latency
deter attackers?
I have received about 70
Thanks for the information. I run denyhosts, and receive ridiculous
numbers of these connections to my servers as well. I ran a quick
script to grab what denyhosts had blocked, and determined how many of
those connections were from Tor exit nodes. Quite a large number!
Off topic, I had a
Hi!
On Sun, Dec 14, 2008 at 8:48 PM, Dominik Schaefer schaed...@gmx.de wrote:
Concerning the aspect of using Tor to target others: I would be very
surprised if anyone actually tries to use Tor for this, ordinary botnets of
owned machines are completely sufficient.
Invalid SSH login attempts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Kammering wrote:
Matthew McCabe schrieb:
Here is where I need your help. First, is there a good way to filter
out torrents in my exit policy?
I tried out some different exit policies after getting a big load of
DMCA notices. My
I run two Tor clients. One client is configured normally, which I use
for web browsing etc. The other has the option 'MaxCircuitDirtiness 0'
which makes Tor set up a new route for every connection request. That
way when I start Thunderbird and get my mail, my 3 accounts on the same
website
I just noticed that HDMoore re-released his decloak engine.
http://metasploit.com/data/decloak
He's improved some of the attacks from before like java, flash, and DNS in
pretty interesting ways. There's also a test for Microsoft Office documents
which I thought was interesting. From the page:
On Sunday 14 December 2008, Roc Admin wrote:
It doesn't seem like there are any new attack vectors but I wanted to
pass it along to see if anyone had comments.
I am looking for feedback as well -- right now, the reporting side is
pretty weak, but that should improve this evening. Roger pointed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roc Admin wrote:
I just noticed that HDMoore re-released his decloak engine.
http://metasploit.com/data/decloak
He's improved some of the attacks from before like java, flash, and
DNS in pretty interesting ways. There's also a test for
On Sun, 14 Dec 2008 18:57:18 -0600
Roc Admin onionrou...@gmail.com wrote:
I just noticed that HDMoore re-released his decloak engine.
http://metasploit.com/data/decloak
He's improved some of the attacks from before like java, flash, and
DNS in pretty interesting ways. There's also a test
Hi!
I noticed that on a machine where I am running a Tor node I am getting
a lot of invalid HTTP requests to my 80 port. In Apache logs I saw
that they are Bittorrent packets and not HTTP requests. So I was
wondering if anybody else has been noticing this? Why exactly is this
happening?
Mitar
On Sunday 14 December 2008, Roc Admin wrote:
It doesn't seem like there are any new attack vectors but I wanted to
pass it along to see if anyone had comments.
Added iTunes (itms://) and made the Office test much more useful. tor-
button asks the user to confirm itms:// URLs before launching at
This:
I just wish there were a better way to
inspect the
traffic and disallow certain traffic.
seems to contradict:
Don't get me
wrong, I'm not
advocating that any relay inspect any traffic,
Do you mean you want a way to *automatically*, without
recording/logging/inspecting personally,
On Sun, Dec 14, 2008 at 07:26:43PM -0600, tors...@metasploit.com wrote 0.7K
bytes in 14 lines about:
: accurate view for folks who run noscript/torbutton. My own testing with
: torbutton shows it to be really solid (only tor exit and tor exit's DNS
: servers show up).
My default browser config
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Coffi wrote:
Mitar wrote:
Hi!
I noticed that on a machine where I am running a Tor node I am
getting a lot of invalid HTTP requests to my 80 port. In Apache
logs I saw that they are Bittorrent packets and not HTTP
requests. So I was
Hello Dorothea
I had never seen such beautiful and greatly-performing watches like the ones I
found online at
http://www.domehas.com/
Take an extra 15% off your purchase during month of December.
http://www.domehas.com/
Sincerely,
Mr Steele
On Dec 15, 2008, at 4:41 AM, Jon wrote:
[snip]
...DMCA, hacking, child exploitation transiting my link.
Don't get the context wrong... quote it all if your going to pick it
line item. These things (with perhaps the loose exception of DMCA) are
illegal in all jurisdictions I believe? If there
On Mon, December 15, 2008 06:16, Jon wrote:
there is encouragement to use Tor for BitTorrent. Personally, the
practice should be discouraged... and before anyone calls me pro
censorship... can anyone think of a good reason to Seed or leach via
Tor?
the link you posted doesn't talk about
25 matches
Mail list logo