Re: Earthlink's broken DNS affecting Tor nodes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does anyone else here use Ubuntu? I set OpenDNS as my domain resolvers, but DHCP later erased these settings. I should be able to have static DNS servers while using DHCP for my local IP address right? I tried adding the info to my dhcpclient.conf file, as per OpenDNS's instructions, but the settings won't take >:( Jacob Appelbaum wrote: > Matt Ghali wrote: > >> On Mon, 4 Sep 2006, numE wrote: >> >> >>> Maybe http://www.orsn.net/ would be even better than opendns. >>> OpenDns is commercial... orsn not. >>> >> IIRC, OpenDNS does the same sort of "Lie on NXDOMAIN" foolishness >> that Earthlink has started doing, which is what the original >> poster was trying to escape. >> >> Doesn't ORSN use an alternate-root scheme where there's no real >> guarantee you're getting the same answers anyone using the one >> true root would get? I might be conflating my alternate-root >> quacks here, but I seem to recall their root delegations differ >> from the real ones. >> >> > > (Disclaimer, I work for OpenDNS.) > > If you're using OpenDNS, you disable all that stuff when you visit > the preference page: http://www.opendns.com/prefs/ > > If you do that you'll get zero unexpected recursive dns behavior. > > Regards, Jacob Appelbaum > > > > - -- Frivolous lawsuits. Unlawful government seizures. It's a scary world out there! Protect your privacy, keep what you earn, and even earn more income at: http://www.KeepYourAssets.net/?andrew -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/kCcgwZR2XMkZmQRAoAJAJwNbku9JH2a3NqvakOo6hVStLOT3gCgxEPz QQduIp5AoTKFfQPspP3zo04= =5995 -END PGP SIGNATURE-
Re: Tor network signature detection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arrakistor wrote: > Nick, Roger, et al > > Does the ISP/network administrator know if a client is connected to the tor > network or is > the connection disguised? Essentially, does running tor create > signatures? > > Regards, > Arrakistor > > Not as clearly as http. But if a connection is used for any time at all it shows the ability to decrypt things encrypted with a tor servers public key. Clients can be identified by looking at the ports and dirserver accesses. Sincerly, Watson Ladd - -- They who would give up an essential liberty for temporary security, deserve neither liberty or security - --Benjamin Franklin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/iwqGV+aWVfIlEMRAjJ8AJsFjf+ceEjH+H3Rmf1VSQPNWGHyLQCePL2C UgcyBvqTX1BWyOQj3ebwarU= =q63g -END PGP SIGNATURE-
Tor network signature detection
Nick, Roger, et al Does the ISP/network administrator know if a client is connected to the tor network or is the connection disguised? Essentially, does running tor create signatures? Regards, Arrakistor
Re: Revealing tor hidden services by their clock skew
On Tue, Sep 05, 2006 at 07:48:52AM -0700, Brian C wrote: > http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/ I was going to post this to the or-talk list, but I see someone beat me to it :-) To avoid any misunderstanding, I should add that there is no reason to panic. Primarily the paper is designed to feed into the future design of Tor rather than suggest any short term fixes. There are already known attacks on Tor which will probably work better than this, but the proposed defences to these will not fix the problem I discuss in the paper. Also, in the paper, I say that for clarity the results in the paper are mainly from a private Tor network and running it in reality will be more messy. However, as the performace of the Tor network improves, the attack will be more effective, so is worth bearing in mind for the future. Thanks, Steven. -- w: http://www.cl.cam.ac.uk/users/sjm217/ pgpK3b1AsQ0Mv.pgp Description: PGP signature
Re: Earthlink's broken DNS affecting Tor nodes?
On Tue, 05 Sep 2006, Matt Ghali wrote: > Doesn't ORSN use an alternate-root scheme where there's no real > guarantee you're getting the same answers anyone using the one true > root would get? That's the point of ORSN. Should the "real" US-controlled root go nuts we still have some place that works. -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `-http://www.debian.org/
Re: Earthlink's broken DNS affecting Tor nodes?
Matt Ghali wrote: > On Mon, 4 Sep 2006, numE wrote: > >> Maybe http://www.orsn.net/ would be even better than opendns. >> OpenDns is commercial... orsn not. > > IIRC, OpenDNS does the same sort of "Lie on NXDOMAIN" foolishness that > Earthlink has started doing, which is what the original poster was > trying to escape. > > Doesn't ORSN use an alternate-root scheme where there's no real > guarantee you're getting the same answers anyone using the one true root > would get? I might be conflating my alternate-root quacks here, but I > seem to recall their root delegations differ from the real ones. > (Disclaimer, I work for OpenDNS.) If you're using OpenDNS, you disable all that stuff when you visit the preference page: http://www.opendns.com/prefs/ If you do that you'll get zero unexpected recursive dns behavior. Regards, Jacob Appelbaum
Re: Earthlink's broken DNS affecting Tor nodes?
On Mon, 4 Sep 2006, numE wrote: Maybe http://www.orsn.net/ would be even better than opendns. OpenDns is commercial... orsn not. IIRC, OpenDNS does the same sort of "Lie on NXDOMAIN" foolishness that Earthlink has started doing, which is what the original poster was trying to escape. Doesn't ORSN use an alternate-root scheme where there's no real guarantee you're getting the same answers anyone using the one true root would get? I might be conflating my alternate-root quacks here, but I seem to recall their root delegations differ from the real ones. matto Andrew Del Vecchio schrieb: Alternatively, you can use OpenDNS's servers. See www.opendns.com. OpenDNS is very easy (just use their IP addresses), and quite fast. On the other hand, caching can be fast too, and give you slightly more security, as you'll be sending less requests, thus making traffic analysis a tad more labor intensive. Would you concur, Matt? ~Andrew [EMAIL PROTECTED]< Moral indignation is a technique to endow the idiot with dignity. - Marshall McLuhan
Re: TOR Directory file
On Tue, Sep 05, 2006 at 10:12:58AM -0700, Joe Clark wrote: > First of all, thanks ! > > You're saying to not rely on the cached-routers file (name and > format), so what can I rely on as a list of all routers? You can rely on cached-routers working for now, but we do not promise never to change it. Tor is under active development. (Similarly, we do not promise permanent backward compatibility with respect to any current protocol. We try to keep stable series working for at least a year (when we can), and we try not to change formats and protocols gratuitously, but that's about it.) > this: > http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?textonly=1%22 I would suggest not if you require information to be 100% accurate and up-to-date; this site tends not to track updates to the directory format very quickly. > or maybe this: (notice that this is by the old format) > http://moria.mit.edu:9031/tor/ If you want to downlaod the info yourself, you should check out the document I suggested you read. It's here: > The directory protocol is described at > http://tor.eff.org/svn/trunk/doc/dir-spec.txt yrs, -- Nick Mathewson pgpCCGBuF1yex.pgp Description: PGP signature
Re: TOR Directory file
First of all, thanks ! You're saying to not rely on the cached-routers file (name and format), so what can I rely on as a list of all routers? this: http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?textonly=1%22 or maybe this: (notice that this is by the old format) http://moria.mit.edu:9031/tor/ ? Thanks!, Joe. Nick Mathewson <[EMAIL PROTECTED]> wrote: On Mon, Sep 04, 2006 at 12:19:27AM -0700, Joe Clark wrote:> Hi,> > I don't want to be rude, but please answer my little question.> > > Joe
Clark <[EMAIL PROTECTED]>wrote:> Dear TOR users:> > I got a pretty newbie question to you guys:> From where does TOR client take its routers' database ?The directory protocol is described athttp://tor.eff.org/svn/trunk/doc/dir-spec.txt> In v-0.1.0.17 it was a file called "cached-directory". I upgraded> to v-0.1.1.23 and I noticed some changes in the filename> ("cached-routers" ?!) and in the file format.Indeed you did. The old protocol is athttp://tor.eff.org/svn/trunk/doc/dir-spec-v0.txtThe storage format is undocumented, and intentionally so: we maychange it without warning, so please don't rely on it. But basically,the old format was just to store a raw directory to disk. The newformat is to store a network status document for each authority in afile named cached-status/ (with the authority'sfingerprint given in hex); and to store the
router descriptorsconcatenated in cached-routers and cached-routers.new. The latter isappend-only, and used as a journal; periodically, we prune out unusedrouter descriptors and regenerate cached-routers.The source (in routerlist.c) should have full information.yrs,-- Nick Mathewson
Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail.
Re: being a middleman
Pascal Levasseur wrote: > May I take the liberty to remove "This is called being a "middleman" > node" from the wiki ? Hi Pascal, i fixed it. Thal
Re: being a middleman
Hello Roger, > > I've removed all trace of the word 'middleman' from the code, the docs, > and the sample torrc file. So the only place you'll be encountering > it is somebody else's docs or an old torrc file if you're using an old > 0.1.0.x one. Are there places that I missed? > By the way, the wiki has a reference to "middleman" http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#RunAServerBut "If you want to avoid most if not all abuse potential, set it to "reject *:*". This is called being a "middleman" node" May I take the liberty to remove "This is called being a "middleman" node" from the wiki ? Pascal
Revealing tor hidden services by their clock skew
http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/ This is on the front page of reddit.com right now, so it should get some attention. Murdoch's paper is here: http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf
