Re: Setting up a Tor private network
Am 06.10.2006 um 02:33 schrieb George Shaffer: Once I had Tor and Privoxy working as a simple client on the computer I intended to be the Tor server, I only had to change one line in the Privoxy config. All I did was change listen-address from 127.0.0.1 to the real IP address of the computer (in this case a NATed private address). I tried two listen-address lines but that did not work. Of course to get the local client application to work, I had to switch it from 127.0.0.1 (or localhost) to the real IP. You do not need to change the setting in privoxy back. Just point the proxysetting of your browser on the local client (where privoxy is running) also to the LAN-IP adress instaed of localhost/127.0.0.1 and everything will be fine. .-) much fun bernd --- Mit Stil den Punkt verfehlen - das ist die wahre Kunst (Pointilistisches Manifest) please use pgp if possible --- Programmdarwinismus: Wenn Du ein Programm fuer Idioten schreibst, zeigt Dir die Natur, dass sie noch groessere Idioten produzieren kann. please use pgp if possible
Re: Setting up a Tor private network - recall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ups - sorry. i was wrong wrong wrong. have missunderstood it. to early. where is my coffee. *pain* feel like my sign is true bernd Am 06.10.2006 um 02:33 schrieb George Shaffer: Of course to get the local client application to work, I had to switch - --- Programmdarwinismus: Wenn Du ein Programm fuer Idioten schreibst, zeigt Dir die Natur, dass sie noch groessere Idioten produzieren kann. (transl: Programmdarwinism: When you write a programm for idiots, the nature will show you that she can produce greater ones.) please use pgp if possible -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFJhhoyeLmvKKR/JARAlE2AJ48sKKCAiq6AJQyA0WIg0gR0cF1CACg8NFJ faLPNh5DMMA6Oh830V2nomY= =OBST -END PGP SIGNATURE-
Re: Analyzing TOR-exitnodes for anomalies
Greetings! Been experiencing this particular issue since Sunday following the topic here. From 05-Oct: exiting from hotmail account redirected link: http://g.msn.com/frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com%3fa_id%3d1637%26domainname%3dmsn.com%26adultfilter%3doff%26popunder%3doffr=SUSPECTED+UNDESIRABLE+BOT tor exit node: whistlersmother First notice this problem on sunday when the clusty homepage was transformed with porno-style images also had the same catch phrase what you need, when you need it. Unfortunately didn't note the re-directed url on that occassion. I'm quite happy to report further examples as when they occur. Please, if there is any other technical data I can send with these reports let me know what to include (if that's useful).
Re: EXPERIMENTAL Windows binary for 0.1.1.24; please let us know if it works.
Hi *Nick Mathewson and other Tor users* :) Please let us know whether it works for you. Especially, please let us know if 0.1.1.23 works for you, but this 0.1.1.24 package fails. Please *don't* spam the list with it worked/it didn't work mails, or people will think you didn't read these instructions. :) Version 0.1.1.23 works for me with no problem. Here some feedback about the new version of Tor (0.1.1.24) for W32 Typical error messages are: instructions at address 0x0012e7a7 use memory address 0x0800. Memory can't be read at boot time, Impossible to start Tor Win32 Service on local computer, Error 2 : specified file not found. if I try to start the service manually. 1- The reason of these error messages are: The command line of Tor when running as service (demon) is: C:\Program Files\Tor\tor.exe --nt-service -f C:\Program Files\Tor\torrc but the typical Tor installation keep the config files in this folder: C:\Documents and Settings\Administrator\Tor [The user name administrator may be different from one system to an other...] Question: Did the torrc file [and the other files of this folder] must be copied from here: C:\Documents and Settings\Administrateur\Application Data\Tor\torrc to there: C:\Program Files\TOR Or Did we have to changed torrc ImagePath of the service in the registry HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\tor ImagePath from C:\Program Files\tor to C:\Documents and Settings\Administrateur\Application Data\Tor\torrc ? 2- There is no ControlPort 9051 at the end of this command line like when we run Tor as user program instead of NT Service... This: C:\Program Files\Tor\tor.exe --nt-service -f C:\Program Files\Tor\torrc or C:\Program Files\Tor\tor.exe --nt-service -f C:/Documents and Settings/Administrateur/Application Data/Tor/torrc instead of that: C:\Program Files\Tor\tor.exe -f C:/Documents and Settings/Administrateur/Application Data/Tor/torrc ControlPort 9051 Did we have to add ControlPort 9051 to the command line ? 2- At the startup the Tor service and Vidalia start very fast and makes access to the Tor network (That's very good !!!) (As I can see with my firewall log for example...) but: Vidalia can not update automatically the new IP address and this must be done manually ... When The Ip address is manually changed in Vidalia it's updated in message log. But Did it is updated in the Tor network too ? I'm not sure of this... in Vidalia | Network Map No connections are shown except empty No connections are build according to Vidalia display: and no internet access are possible thru Tor with a web browser for example 3- When Tor is stopped from Vidalia the Tor service is stopped but Vidalia shows Tor is stopping and remain in this state... 4- The log in stdout do not give typical informations such as Server fingerprint, OR and DIR port reacheable and so on... 5- If you want to save the Vidalia log file to C:\Program Files\TOR\Tor-log.txt you have to create Tor-log.txt manually *before* saving the log there otherwise this crash Vidalia (not Tor). 6- The Vidalia New Look and features are Super! (The french version was fixed too : thank you ! :-) ) 7- When the new version of Vidalia and Tor for W32 is *not* running as NT Service but as user program, Tor run with no problem. Hope this help. :) -- Claude LaFrenière
Re: Analyzing TOR-exitnodes for anomalies
Hi *Stephen* : Greetings! Been experiencing this particular issue since Sunday following the topic here. From 05-Oct: exiting from hotmail account redirected link: http://g.msn.com/frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com%3fa_id%3d1637%26domainname%3dmsn.com%26adultfilter%3doff%26popunder%3doffr=SUSPECTED+UNDESIRABLE+BOT tor exit node: whistlersmother First notice this problem on sunday when the clusty homepage was transformed with porno-style images also had the same catch phrase what you need, when you need it. Unfortunately didn't note the re-directed url on that occassion. I'm quite happy to report further examples as when they occur. Please, if there is any other technical data I can send with these reports let me know what to include (if that's useful). Hmmm... I had this problem with Whistlemother exit node and this site: http://www.iamaphex.net with the same frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com blah blah blah filter ... =SUSPECTED+UNDESIRABLE+BOT My hypothesis was a filter used by Web sites hosting service. But now you find the same frame with Hotmail... *Therefore my hypothesis was wrong* Did this comes from this exit node? From the DNS server (local or remote) of this exit node? From some nodes between? Or what ? I have no idea for the moment. May be Alexander W. Janssen have an idea? Thank you Stephen to help us to fix this problem. Best regards, -- Claude LaFrenière
Re: Analyzing TOR-exitnodes for anomalies
Hmmm... I had this problem with Whistlemother exit node and this site: http://www.iamaphex.net with the same frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com blah blah blah filter ... =SUSPECTED+UNDESIRABLE+BOT i have the same experience using whistlersmother for the same site. -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net
Re: Analyzing TOR-exitnodes for anomalies
On Friday 06 October 2006 19:21, Robert Hogan wrote: Hmmm... I had this problem with Whistlemother exit node and this site: http://www.iamaphex.net with the same frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com blah blah blah filter ... =SUSPECTED+UNDESIRABLE+BOT i have the same experience using whistlersmother for the same site. And I have the same experience with practically every other exit node I try for this site. So whistlersmother is not the problem... -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net
Re: Analyzing TOR-exitnodes for anomalies
Hi *Robert Hogan* : On Friday 06 October 2006 19:21, Robert Hogan wrote: Hmmm... I had this problem with Whistlemother exit node and this site: http://www.iamaphex.net with the same frame.aspx?u=http%3a%2f%2flanding.domainsponsor.com blah blah blah filter ... =SUSPECTED+UNDESIRABLE+BOT i have the same experience using whistlersmother for the same site. And I have the same experience with practically every other exit node I try for this site. So whistlersmother is not the problem... Hmmm... Personnaly I don't believed that Whistlemother (or any other nodes) are responsible for this... It looks like web server filter or DNS server filter... But now how to explain the same behaviour with a web site like http://www.iamaphex.net and a web site like hotmail.com ??? They don't share the same web hosting service... Is this a new filter for Web sites or Web Hosting ? An other question: How this filter spot a Tor exit like Whistlemother? I guess it's based on the IP address of this exit node. (Or the browser referer sent to the web site... ??? ) Since no exit nodes have a control on what is doing by Tor users, Is it possible that some bad guys had used Tor for unacceptable things and put the Whistlemother Ip address into a black list of this hypothetical filter ??? One way to check this is to compare exit nodes with a fixed IP address with the exit nodes with a dynamic Ip address and if this make a difference. If an exit node with a dynamic IP address is not spoted as a bad IP in the hypothetical bad list fliter, therefore the filter is based on IP address Many test must be done before to prove this. ... If the behaviour of Fixed Ip address exit nodes and the behaviour of Dynamics Ip address exit nodes are the same therefore a) the hypothetical filter is not based on Ip address b) there is no such filter but somethings else... ??? [not sure ...] :-\ ( !!! Hmmm.. I to revised my formal logic manuals a little bit .. ;-) ) It's hard to find enough data about this problem because there's no way to easily reproduce it. :) -- Claude LaFrenière
Warning in in tor log
Hello, I have some warnings in my tor log like below: Oct 06 19:56:01.279 [notice] Tor 0.1.1.23 opening log file. Oct 06 19:56:01.610 [notice] Your Tor server's identity key fingerprint is 'minidragon 8A48 10D4 E942 9447 0224 2231 D594 6FB1 8058 36E8' Oct 06 19:56:10.213 [notice] We now have enough directory information to build circuits. Oct 06 19:56:14.301 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Oct 06 19:56:14.301 [notice] Now checking whether ORPort 213.17.104.91:443 and DirPort 213.17.104.91:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Oct 06 19:56:17.308 [notice] router_dirport_found_reachable(): Self-testing indicates your DirPort is reachable from the outside. Excellent. Oct 06 19:56:18.318 [notice] router_orport_found_reachable(): Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Oct 06 19:56:20.320 [warn] connection_dir_client_reached_eof(): http status 400 (Dirserver believes your ORPort is unreachable) response from dirserver '86.59.21.38:80'. Please correct. Oct 06 20:08:22.462 [warn] connection_dir_client_reached_eof(): http status 400 (Dirserver believes your ORPort is unreachable) response from dirserver '86.59.21.38:80'. Please correct. Can some give me directions how te correct this? I have Googled but can't find a answer. On that server I have redirect the port: minidragon:~$ sudo iptables -t nat -n -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0192.168.1.10tcp dpt:443 redir ports 9001 REDIRECT tcp -- 0.0.0.0/0192.168.1.10tcp dpt:80 redir ports 9030 And it seems to work correctly beside the warning. Thanks. Kees -- No problem is insoluble in all conceivable circumstances. Linux Registered User #300181 | ICQ #179658498 -- EOE
Re: Analyzing TOR-exitnodes for anomalies
Hi *M* : How can I see which exit node is using? Check this with Vidalia ... http://www.debian-administration.org/ was mutilated by exit node into something similar that you are reporting. Quite alarming trend. Please let us remain calm like Norwegian sailors in the storm. I think that badly behaving exit nodes should be excluded automagically. How, I dont know =). For the moment nothings prove that any exit nodes are responsibles for this. We have to do somethings based on facts not fears... I suggest, If the facts prove that some exit nodes are responsible, that we keep them temporarely, instead of immediatly blocking them, and use them as guinea pig to study their behaviour and prevent that kind of abuse in the future. Consider this as a laboratory experience with cyber-rats ! ;-) Better than [EMAIL PROTECTED] IMHO. :) -- Claude LaFrenière
Re: Analyzing TOR-exitnodes for anomalies
ok i have played now for more than an half hour with nonsense domainnames. every time the connection goes through an exit node located in texas, one time in the state new york and one time in denver i have got the advertising page. maybe it will be a nice test, that someone unsing the same ISP - and in that case maybe the same dns-route - that one of this strange exit nodes have will test what happened when the write a not registered url? I have also got the advertising one or two times when I was connecting to an exisiting page. But it seemes that nonsenses domainames are a good way for testing cause you can reproduce the advertising. much fun bernd Am 06.10.2006 um 21:34 schrieb bagelcat: hmm. I think this is a problem with some dns-server on second/third level wich make a link to that domainsponsor.com when they are asked for a not registered url. Is it possible?
Re: Analyzing TOR-exitnodes for anomalies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe a problem with a DNS- Server? Greetz Missi Eben(am 6. 10. 2006 um 22:26 Uhr)hast du eingetippt: ok i have played now for more than an half hour with nonsense domainnames. every time the connection goes through an exit node located in texas, one time in the state new york and one time in denver i have got the advertising page. maybe it will be a nice test, that someone unsing the same ISP - and in that case maybe the same dns-route - that one of this strange exit nodes have will test what happened when the write a not registered url? I have also got the advertising one or two times when I was connecting to an exisiting page. But it seemes that nonsenses domainames are a good way for testing cause you can reproduce the advertising. much fun bernd Am 06.10.2006 um 21:34 schrieb bagelcat: hmm. I think this is a problem with some dns-server on second/third level wich make a link to that domainsponsor.com when they are asked for a not registered url. Is it possible? - -- Webseite: http://www.entartete-kunst.com/ The monitor is plugged into the serial port Songverfehlung des Tages: Paradise Lost - Isolate -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Ich habe nichts zu verbergen! iD8DBQFFJrz5WTjnF57KrgIRAl+jAJ4u6iBQDLgToostA4XgUcCFYpu01wCfTLFe st2haUI1FQt/xTpQSnqKBww= =XAot -END PGP SIGNATURE-
Re: Analyzing TOR-exitnodes for anomalies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How can I see which exit node is using? Check this with Vidalia ... Thanks for the info. I think that badly behaving exit nodes should be excluded automagically. How, I dont know =). For the moment nothings prove that any exit nodes are responsibles for this. We have to do somethings based on facts not fears... I suggest, If the facts prove that some exit nodes are responsible, that we keep them temporarely, instead of immediatly blocking them, and use them as guinea pig to study their behaviour and prevent that kind of abuse in the future. I admit it, perhaps I was too hastily blaming anomalities on exit node without thinking it over. I was just pissed off (ok, thats not an excuse)... Sorry for any inconvience =) M ps: ugghh, my eBay account was freezed 'cause I used it via tor... I', using transparent tor and added some of eBays servers to exclude list but theres ton of them.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3-cvs (MingW32) Comment: GnuPT 2.7.6 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFJsD/6fSN8IKlpYoRAjp0AJ9+yg59gUqIBBgL9PHLRJe4nO8PDwCgm+QO T0xDBZVpF0QyDVJ9ytBcc50= =fX5t -END PGP SIGNATURE-
Re: Analyzing TOR-exitnodes for anomalies
bagelcat wrote: ok i have played now for more than an half hour with nonsense domainnames. every time the connection goes through an exit node located in texas, one time in the state new york and one time in denver i have got the advertising page. I remember something about a major DNS server that was abusing its power and redirecting requests for nonexistent domains to advertising pages. Also, ISPs sometimes redirect bad requests: http://blogs.earthlink.net/2006/08/handling_dead_domains_1.php ..and get lots of flak for it. (Not nearly enough, I say!) I also came across a note that ISPs may be randomly redirecting requests for existing sites to domainsponsor.com in a bid to up their profits: http://www.infosyssec.com/forum/viewtopic.php?p=11395sid=436f73bb85d55318bf53f7ff80fc64e9 - Tim McCormack
Determining currentexit node w/o vidalia
How do I determine what the exit node is in my Tor client's current selection without using Vidalia? (I haven't gotten around to compiling it.) - Tim McCormack
Re: Determining currentexit node w/o vidalia
First of all, at any given time, Tor maintains several circuits, with several exit nodes. You can use a tool like Blossom to browse your current list of open circuits. http://afs.eecs.harvard.edu/~goodell/blossom/ - Sent with ChatterEmail True push email for the Treo Smartphone www.chatteremail.com -Original Message- From: Tim McCormack [EMAIL PROTECTED] Date: Friday, Oct 6, 2006 5:50 pm Subject: Determining currentexit node w/o vidalia How do I determine what the exit node is in my Tor client's current selection without using Vidalia? (I haven't gotten around to compiling it.) - Tim McCormack
Re: Determining currentexit node w/o vidalia
On Fri, Oct 06, 2006 at 06:50:05PM -0400, [EMAIL PROTECTED] wrote 0.2K bytes in 4 lines about: : How do I determine what the exit node is in my Tor client's current : selection without using Vidalia? (I haven't gotten around to compiling it.) You could use the contol interface to list out circuits and streams assigned to circuits. Vidalia and Blossom are much easier however. -- Andrew
Re: 0.1.1.24 release announcement?
On Thu, Oct 05, 2006 at 11:03:07AM -0400, [EMAIL PROTECTED] wrote 0.6K bytes in 17 lines about: : I apologize if I missed the message due to filtering on my end, but : was 0.1.1.24 ever announced? I see it's on the download page, and There has not been an official announcement about 0.1.1.24. We're waiting for Win32 binaries to be tested out. You haven't missed anything and your spam filters haven't eaten any tasty announcements about 0.1.1.24. -- Andrew
