ng" and/or "networking" is everyone else's spam.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
companies
themselves) are intentionally injecting fake information into BitTorrent
like they used to do with Napster .. except that BitTorrent handles this
much better. The fallout from that is companies get a bunch of bogus
complaints.
My 0.02.
Cheers,
Mich
nswer
any questions about it.
> The response is probably then
> catalogued for some future court case.
>
>
As are all of the bogus notices and supporting documentation that
nothing has ever occupied that IP address.
Cheers,
Mic
Perhaps the best choice would be the one used by the most people.
http://www.eff.org/deeplinks/2010/01/tracking-by-user-agent
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord
laints, subpoenas, and various angry phone
calls were never a problem. It was the theft of academic journals (and
that doing so jeopardized our subscriptions) that did it in.
Cheers,
Michael Holstein
Cleveland State University
***
To
> Could you bind your exit traffic to IPs outside your University's
> primary block?
Not sure what you mean by "bind to outside IP", but our network is a
contiguous /16. We would have to register for extra /24s from ARIN, and
that costs money.
Cheers,
Michael Hol
> Why couldn't your exit policy just block the IPs of the journal sites?
Because there's > 1000 of them (and each would be a /32). It was
discussed in another thread at the time, and the developers led me to
the conclusion that such hugely long exit policies were a bad idea.
.. there simply wasn't an easy
way to block access to all of them without an overly-complex exit
policy, and all of our IP space is within a single /16.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubs
> The main cause was the screen resolution.
>
Running TOR and leaving javascript enabled sort of defeats the point,
doesn't it?
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send a
of those cases to drive up costs.
If you can justify the need for your own ASN (because you're
multi-homed, etc.) then you *become* the ISP. This is completely
impractical for an end-user, but it's how Universities (and the like)
get away with hosting the nodes .. there's nobody else to
partially funded by their respective states.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
st is known as a "Title III Order" AKA "wiretap".
These are quite rare by comparison.
Regards,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
est of us. The same is true for China, WikiLeaks, etc.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
of the email you view/send.
>
And sniff/steal the session cookie.
Regards,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body.
r own ASICs to break DES when it
was en-vouge .. I'm sure our side of the pond actively does the same.
Sneakier mice, better mousetraps.
Lather, rinse, repeat.
while().
Cheers,
Michael Holstein
Cleveland State University
ate 10gbps
http://download.intel.com/design/network/ProdBrf/27905403.pdf
Cheers,
Michael Holstein
Cleveland State University
Noticed today that gmail is again requiring
new account creation to use SMS verification.
Tried with a number of exits. Anyone else?
There are email->SMS gateways .. do the reverse not exist?
What about SMS->SIP services? .. eg :
http://www.iptel.org/ser/doc/modules/sms
communications "network" that dealt entirely
in header-source forged UDP packets, but as best practices dictate (not
the everybody follows them) .. one should filter egress of packets with
a source address not within your netblock.
Cheers,
Michael Holstein
Cleveland State University
in the real you) and
TOR (as in traffic that appears to come from you, but isn't the real
you) .. all they care about is what comes out of your pipe.
Anyway .. good luck, and keep up the good fight!
Cheers,
Michael Holstein
Cleveland State University
?
Cheers,
Michael Holstein
Cleveland State University
mic journals with it.
Michael Holstein
Cleveland State University
R anyway) I'd
suggest you take a look at what the friendly pirates at PRQ have come up
with (Relakks .. www.relakks.com).
Cheers,
Michael Holstein
Cleveland State University
d be used to associate the "non-TOR-you" with the
"TOR-you". So could your web-based email if you've EVER used it from an
identifiable location.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
It reminds me of some of the stuff out of the Matrix... hackers casing
damage by manipulating the code of the Matrix, Machines moving in and
out of everything...
Greetings professor .. would you like to play a game?
I imagine there's a way for IIS to do it too.
Yes, there is.
Just create a new virtual host, and change the port it listens on.
http://support.microsoft.com/kb/149605
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
many other TOR
nodes are on academic sites).
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
speaking, the volume of non-legitimate email coming from
anonymous routers makes TOR a pretty easy target.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
perhaps it would be better to have the list strip the IPs from
people's messages?
Um .. how's this gonna work? .. use NetBUI to send them?
Why not just create a filter that delivers mail from
"[EMAIL PROTECTED]" to your inbox?
Cheers,
Michael Holstein CISSP
>From my point of view Tor cannot exist without an installed and running Pivoxy.
Sure it can .. I've been doing it with Firefox and the "foxyproxy"
plug-in for some time.
The main functional element that Privoxy adds is Socks v4a support
(namely, the ability to pass domain names and not
I've got my OR set up to be a bridge, and everything seems to be going
ok. However, I suspect that my ISP (Cox Communications) may be blocking
HTTP port 433, as I can't get a confirmation on it.
Well geez .. that's easy .. just tell us your IP address and we'll see
if we can telnet to port 4
I assume a correlation between these two events, although I wonder how
(blocked) window shrinks could lead to this. My idea was to
automatically search in syslog for window shrink events and then block
the guilty IPs for 24 hours with iptables. But I hope that anybody
understands what was the
od"
iptables -A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60
--hitcount 1 --rttl --name TORdir -j DROP
(adapted from a SSH bruteforce mitigation rule to do a similar thing..)
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Is there a mechanism to use HTTPS to
preencrypt web pages so that they
are encrypted on the server (and so the
server does not have the keys to decrypt
them!)
Not using HTTPS per-se, but you can use SSL to encrypt files.
My initial constraints are that once the data
is put on the server
Despite my bias, an embedded java app
would not work since it would be
controlled (provided) by the hostile
server right?
You could sign the applet with a key provided to your clients, since
you're using a distribution model where you have known end-users (as you
need their keys to encr
I have what may perhaps seem like a strange question.
Is there any commonly used software for encrypting and
decrypting web pages?
Yes, SSL .. and it's been around for quite a while.
Let me explain that a little better: imagine a web
site which has content destined for specific
individ
Are you sure OpenWRT on a Linksys can't handle the states with 32 MBytes RAM,
and a 0.2..0.5 MBit/s upstream?
Yeah, but the "standard" store-bought WRT54G (ver 6) is only 8mb.
Linksys uses Linux (Vxworks for its more braindead types of routers which
I know nothing about), but the default
I've been running a server (phrenograph) on a Comcast connection in
the Washington, DC, area for a few months now, and I haven't heard
anything from Comcast about it.
I guess I should have been more clear .. I ran the tor node on an
academic network, and we have our own ASN, so there's no
I lost count of the number of complaints
mine generated, but I still have copies of the various subpoenas I got (*).
Good luck in any case!
Cheers,
Michael Holstein CISSP GCIA
Cleveland State Unviersity
(*): ultimately, it wasn't all the legal problems that made me take down
our node, i
http://your.router.ip
username: blank
password: admin
Go to the advanced tab -> forwarding
set up two applications, ORport, DIRport .. select TCP, select 9001 and
9030, and point them to whatever IP you have on your linux box.
Make sure you tell TOR to advertise your external IP address via
What exactly is happening? Somebody is using your Tor exit node to
access a website (yahoo mail) and using that to send spam? And this is
being traced back to you by the spam being traced back to Yahoo, and
Yahoo checking their webmail logs and finding your exit node's IP?
Look at a Yahoo! mai
ou wouldn't want that stuff written to disk (ever). That
might be the Achile's heel in my idea.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Don't forget the side effect - that the more questionable material we
filter the more remains to be used in legal ways.
You're missing the point.
If you live under a repressive regime whereby you feel legally obligated
to filter the exit traffic, you should be using the client, not running
Some times ago we have a thread about SORBS and many exit nodes were
listed in this DNSBL with the attribut "trojan hacked". Conclusion of
the thread was: "They have no glue!"
Yeah .. well SORBS is to be taken with a grain of salt.
Google sometimes does not work with several exit nodes and
Dago Watt wrote:
Could someone please send me his
.tor/cached-routers
by e-mail. After having been off-line I don't have enough
directory information to build a circuit, and the web-proxy
blocks the regular directory look-up.
Best regards, Dago
How hard would it be to serve the DirPort via
Mrtg motoring of my box clearly shows what's going on with throughput
and cpu load. Thus I'm bothering this mailing list with more enhanced
multithread capabilities, taking better advantage from multiple cores.
Two ideas :
run multiple instances (and use family option), and let each instance
h
Just a quick question. I thought that the encryption system used was
based on factoring a large prime. If so, won't it become obsolete when
quantum computers become available? That is something that I expect to
see in this lifetime.
At which point folks will switch to ECC (like the NSA already d
a DMCA or some-such on
your behalf .. then you generally get a 1-year ban from that company.
On the plus side, getting canceled by them gets you out of your contract
agreements. Play your cards right and keep mis-spelling your name when
you sign-up, and you can switch between cable and DSL forever
Why not just use something like BigBrother (ironic, I know..)
www.bb4.net
it can monitor services, and send pages/emails when they die. You can
also easily code tests (like wget http://something.com.MYNODE.exit) and
check the response.
Cheers,
Michael Holstein
Cleveland State University
(while we're on the subject..)
Using the same testing method, AHBL's standard dnsbl lists 14 of the
routers, but they have a second one (tor.ahbl.org) that lists 823 of
them (only 63 return NXDOMAIN).
It's also not rocket science to run a client (or wget the directory from
router/tor) and pa
n't test as to which ones were exits or not, so I assume most of
the middlemen didn't get listed.
Sorry about the earlier screw-up. Mea culpa.
Michael Holstein CISSP GCIA
Cleveland State University
(gaak .. make that 759 queries, 709 NXDOMAIN, and 48 that appear somehow
.. the rest of what's below is correct).
~Mike.
Michael Holstein wrote:
SORBS marks TOR servers as zombie spammers I believe.
Um, in the interest of settling this argument :
grep router cached-routers |gr
hey're blacklisted because they're in dynamic
IP ranges
Cheers,
Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University
checking for libevent directory... configure: error:
Could not find a linkable libevent. You can specify an
explicit path using --with-libevent-dir
./configure --with-libevent-dir=/usr/local/lib
that got it working for me (also Ubuntu 6.10 here, but the gnome variety)
A non-issue. The DNS request from the first trick will get routed
through TOR. The second trick is easily avoided by blocking Java via
NoScript.
~Mike.
Fergie wrote:
Hmmm.
http://blogs.zdnet.com/security/?p=114
Comments?
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the
I've seen a VM that routes all traffic over TOR, invisibly to the O/S.
(Not sure what they do about UDP).
Developed at Georgia Tech.
One better .. TOR on OpenWRT on a Linksys router.
Tor at the *hardware* level.
~Mike.
Poor kids DON'T!!!
Okay .. we're seriously off-topic here, but many a person's rights are
trampled because :
"it's for the children..."
There is no "okay" form of censorship. A spade is a spade is a spade.
If you believe in censoring this or that, under any guise, then maybe
TOR isn't the
I have yet to see an example of pure JavaScript code that can read an
end-user's IP address. Any code I've seen returns either "localhost" or
"127.0.0.1".
Bear in mind you need not get javascript to return the results of
something like "ipconfig /all" to work .. all you need do is create a
n
Have a look over here :
http://gemal.dk/browserspy/
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Bryan Fordham wrote:
on a more general note: Does anyone actually have an example of how
javascript can compromise your anonymity? Not "it can obtain your
IP"-type
oth those problems with a "liveCD" distro that dosen't
touch the hard disk. There are many such "internet privacy appliances",
my personal favorite being the one based on OpenBSD (Anonym.OS).
Other general recommendations :
Firefox (dump cookies on exit, no cache, etc)
NoScript plugin (no javascript)
FlashBlock plugin (no flash)
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
hat's the first place
folks will look.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Sam Creasey wrote:
I know I've seen this discussed on here, and it's pretty much just a
FAQ at this point, but somehow my google skills are failing me...
Does anyone have a link
You're correct only in theory.
Well .. we all thought *this* problem was fixed years ago too .. but
somebody at Sun got forgetful...
(Solaris 10/11) :
telnet -l "-f$" [hostname]
(where $ is anything but 'root' .. eg: 'bin')
And who can forget Bill Gates' famous "...that vulnerability is on
ing some text in
a word(or nano for a unix)?
Because TOR is running in the foreground in that terminal. If you want
to background the process, put a '&' after the command .. eg:
'/path/to/tor &'
You can also do a CONTROL+Z (pause) and then issue the command 'bg 1' to
background it in the current terminal. If you want it back in the
foreground, do 'fg 1'.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
nd that executes the SIG_WHATEVER
will have to be either the same UID as what started TOR, or root .. a
security concern since I'm guessing you want to do some web $foo with it
and PHP.
Regards,
Michael Holstein CISSP GCIA
Cleveland State University
Mr. Blue wrote:
Hello,
I am new here
True, but that's configurable in most sensible browsers.
In Firefox, check out the stuff in about:config
specifically the general.useragent.* stuff.
Better yet, get the "User Agent Switcher" plugin.
~Mike
devel wrote:
Hello,
In some cases when OS version or architecture are not popular, I thi
Port 465 doesn't have this problem though as the entire conversation is
encrypted. Assuming the client doesn't accept a bad certificate and
leave themselves open to a MITM attack.
Who among us actually pays Verisign (et.al.) for a SSL cert for their
personal MTA?
Besides .. in an anonymous
tandard "I'm a TOR exit.."
email usually does the trick. See the archives for examples .. I've
posted one (SXW format) that has worked for $3_letter_agency subpoenas.
4. Since my machine has about 22K/s bandwidth, how likely is it that I
will be badly backlogged / overtargetted?
tor/contrib/exitlist
which can obtain the IP addresses of all TOR exit nodes, given a copy of
the current directory : http://belegost.mit.edu/
Please let me know if I can be of further assistance.
Regards,
Michael Holstein CISSP GCIA
IS&T Information Security
Cleveland State University
xiando
However, I don't know what that -HUP is about.
man signal
(-HUP is 'hangup' .. )
Interesting. As a variety of sources have said "Linux is not an
operating system," it's kernel, and there are many incompatibilities
between various distributions.
Well, that's debatable. But to be clearer ...
From : http://www.mozilla.com/en-US/firefox/system-requirements.html
(the important
If there is anyone who has solved this problem on a similar **Linux**
system, I'd like to know how.
Thank you,
George Shaffer
On Wed, 2007-01-03 at 08:51, Michael Holstein wrote:
It's easy.
Start your first instance of firefox as usual. Start the second one like
this : "/pa
but the settings are separate
from your "normal" one.
Then just set up a shortcut to involke the second instance using the
-ProfileManager switch, and select the 2nd profile.
GeorgeDS wrote:
On Tue, 2007-01-02 at 13:23, Michael Holstein wrote:
The reason I suggested seperate Firefo
e? I
understand my ISP and mail.com will be able to trace me but not
receivers of emails as I am not sending any at that moment.
Michael Holstein schreef:
ps: am i correct that if i use a webbased email account(for example
gmail) without pop3 and I use (Torified)Firefox to acces it I CAN
So if i use a web based email and use firefox with Tor to access it with
my normal settings(the settings that I always use when i use the
Internet) so not a totally separate profile.The receiver still wont be
able to trace me right?
Well .. sort of. The problem is cookies from the likes of do
But if i am correct you say there is a way to still be able to send
email through tor?
Yes. If they use another port to do it. Most ISPs don't do this for spam
reasons.
Can my ISP provide me with an alternate SMTP port? and.. this is going
to sound dumb... what is a relay-server and how do I
ps: am i correct that if i use a webbased email account(for example
gmail) without pop3 and I use (Torified)Firefox to acces it I CAN send
emails out without the receiver being able to see my personal IP etc?
I dont mind of they se my email address ofcourse as they need that to
reply to me, just
Most exit nodes disallow port 25 (smtp) because NOT doing so would make
TOR a spammer's paradise. If you know a relay-server that runs smtps or
uses an alternate smtp port, use that.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University.
Job wrote:
Hello,
I just got Tor
what about http://www.showmyip.com
It will tell you if you're using a TOR node (and which one, as well as
its exit policy)
~Mike.
Robert Hogan wrote:
Hi all,
http://lefkada.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1
https://tns.nighteffect.com/
https://torstat.xenobite.eu/
All of the above p
ry.
Names and details changed to $variables to protect the $people_involved.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Florian Lohoff wrote:
Hi,
i won an appointment with the local police on monday because someone
abused the tor network for fraud on amazon. My node seems t
i am new to tor and was wondering if it is possible to setup tor in a private
intranet without gateways to the internet? i have to
assume it is, but where would i find documentation and code to build such a
system?
Yep .. just setup your own DirServer. See :
http://tor.eff.org/tor-manual.htm
What about the Department of the Navy that initially funded it? I
wonder if it was pointed out in these meeting that it was the DoD that
wanted this in the first place through the Office of Naval Research
and DARPA?
Simple. It's okay for them to be sneaky to avoid *US* (the citizens)
from know
There have been various TOR exit nodes that have been "behaving badly"
lately (check the tor-talk list) .. some are doing frames, popups, etc
.. there is a list of bad nodenames somewhere on that list (can't find
it at hand..)
Personally, I wouldn't use any exit node in China .. use the
Exclu
I agree that being behind someone else's firewall is a problem as the
user may not understand the implications of this and thus advertise an
impossible exit policy.
Suggestion for the coders .. make the client test itself and adjust the
exit policy on the fly.
Just how do you expect the average windows user to know how to check ssl
certifications? That is now the level of the people using tor.
Well .. trying to remain anonymous while using Windows is on an order of
magnitude more difficult than doing the same with *nix.
If you're dumb enough to bli
is this common have others seen this type of behaviour?
Yes, and yes. Although I was running an exit which makes me more visible
than you. Fortunately, I was on an academic network that could easily
absorb it, and running on *BSD so it didn't hickup the server either :)
~Mike.
> 4. A couple dozen _fast_ 24x7 exit nodes are run by
> trusted operators (read: known personally by Nick or
> Roger) on a local machine the operators control.
The $3_letter_agency would just *love* to have a dozen places (or 2
people) they already know about to serve the subpoenas.
> 7. All Tor
> Depending on what constitutes authentication (and encryption). If the
> encryption adds integrity to the authentication (if not there already)
> and prevents an eavesdropper from being able to trivially learn what
> is needed to masquerade as you, then it has value against adversaries
> not soph
> Why not start logging the traffic going through your server to a public,
> non->tor website?
> You could even make it searchable through google.
I do believe one Russian exit node (was/is?) doing that .. by posting
usernames/passwords (I guess they're dunning dsniff or whatever on their
TOR box
> what prevents government from running Tor (exit) points and sniffing
> exit (incoming) traffic on them?
Nothing .. but the incoming traffic (between nodes 2 and 3) would be TLS
and encrypted.
(this is what I thought was happening when I saw a .cn exit node)
~Mike.
I have read that article, Now I can choose the path length.? Is it right?
Yes, if you modify the source and re-compile it, but there is nothing to
be gained by choosing a longer path length, and everything to loose by
choosing a shorter one.
what about configuring your SMTP/POP3 port to something else?
Sure .. if you can find a MTA that will do that (and of course you could
always set one up, but that'd totally defeat the purpose of trying to
hide the path).
Really, you're better off with tools like Mixmaster. The alternative is
There is no way in Windows to redirect all DNS queries over Tor
at a system level yet. Only at an application level.
You can use TorDNS to accomplish that.
http://sandos.ath.cx/~badger/tordns.html
/mike.
Why not just install the "User Agent Switcher" plugin for firefox?
http://releases.mozilla.org/pub/mozilla.org/extensions/user_agent_switcher/user_agent_switcher-0.6.8-fx+fl+mz.xpi
Does the same thing on the fly.
~Mike.
Anothony Georgeo wrote:
---
*CONCEPT*
There has been bit of dic
New circuits can be forced by manually selecting an exit (eg:
http://some.website.ROUTERNAME.exit)
Also .. the 10-minute lifetime dosen't apply to established sessions
(eg: SSH, IM, etc.)
I suppose you could also modify the client source, but why would you
want to?
~Mike.
numE wrote:
Hi,
Thus making Tor suck for everyone. The better approach would be to just
say reject *:80 or reject *:* or something like that. Your node is
still useful as a middleman and wouldn't actively harm clients.
Everyone how? .. it'd just affect people trying to access a specific set
of academic journ
iptables -t nat -A POSTROUTING -p tcp -d --dport 80 -j DNAT
--to-destination
FreeBSD here, but I'll try something along those lines.
Still, I would also agree that rejecting *:80 would be the best until
this IP as authentication issue is resolved.
Since the /etc/hosts approach posions the
Alternatively, I don't think it would cause much inconvenience if
requests for IP-authenticated webpages were simply routed to an error
page that said "Sorry, but I cannot connect to the IP address you
requested. You may want to explicitly select another exit node".
Good idea. How can I do thi
What'd be preferable to both of those, but even harder to implement,
would be to route that traffic (or even all traffic) through a
transparent proxy with an IP outside the /16.
It actually wouldn't be that hard. If I could find somebody that'd setup
the other side for me, I could configure my
You are hurting the Tor network more than you realize. You are lying to
clients and clients cache that answer. Don't do this.
I've tested this before, and since the /etc/hosts entry refers to an
address which is blocked by *all* TOR servers default exit policy, it
just says "requested exit n
Specifically, we're arguing to various administrative and technical
committees that the whole damn network shouldn't be trusted by
services that we subscribe to... and instead, the proxy service that
berkeleyites use to connect to library services off campus should be
used on campus too (so that a
The latency would make the call entirely unworkable.
~Mike.
Anothony Georgeo wrote:
Good day,
I was thinking of routing a VoIP call (SIP protocol)
via. a VoIP client into Phillip Zimmermann's new
"Zfone" (
http://www.philzimmermann.com/EN/zfone/index.html )and
then into Tor before the VoIP cal
1 - 100 of 123 matches
Mail list logo
