Re: Directory information no longer up-to-date; access blocked?
On 8/3/07, c t [EMAIL PROTECTED] wrote: ... I also tried removing the torrc file from /Library/Tor/ and re-running tor, but no luck try deleting ~/.vidalia/torrc best regards,
Re: Directory information no longer up-to-date; access blocked?
That worked! I didn't think to read that file before deleting it, but out of curiosity, what would have been in there that could cause this problem, and do you know why the problem would suddenly materialize? Regardless, thank you all so much for your quick attention and helpfulness! On 8/4/07, coderman [EMAIL PROTECTED] wrote: On 8/3/07, c t [EMAIL PROTECTED] wrote: ... I also tried removing the torrc file from /Library/Tor/ and re-running tor, but no luck try deleting ~/.vidalia/torrc best regards,
Re: Directory information no longer up-to-date; access blocked?
On 8/3/07, c t [EMAIL PROTECTED] wrote: ... out of curiosity, what would have been in there that could cause this problem, and do you know why the problem would suddenly materialize? Isn't Defcon _fun_, kids? http://archives.seul.org/or/cvs/Aug-2007/msg7.html appears to be those pesky hackers causing trouble. you shouldn't encounter problems of this type anymore if you're running a recent version (0.1.2.16 or 0.2.0.4-alpha). the directory best regards, :)
critical security vulnaribility fixed in Tor 0.1.2.16
Dear Roger and every reader of this mailing list, I read about the critical security vulnerability in your release notes. I understand that some funny hackers have accessed tor's control port 9051 and modified the torrc. Is that right? To my understanding any Tor client or server behind a well-configured physical firewall aren't vulnerable to this type of attack. The only ones vulnerable are people without firewall or with only a software firewall installed on their computer. People with a badly configured physical firewall, for example with DMZ enabled are also at risk. A simple trick to avoid this type of attack is to have a physical firewall between your computer and the internet connection. A cheaper type of combined router/firewall/switch nowadays only cost around 30€ or 40$US. It's a simple and effective way to protect yourself from attacks made possible by opened ports in various programs. (Please tell me if I'm wrong. Because if so I want to change my tor server from version 0.2.0.2alpha immediately. Until then I will keep that version as there is no version 0.2.0.4alpha yet for win32.) /Vikingserver Roger Dingledine skrev: Tor 0.1.2.16 fixes a critical security vulnerability that allows a remote attacker in certain situations to rewrite the user's torrc configuration file. This can completely compromise anonymity of users in most configurations, including those running the Vidalia bundles, TorK, etc. Or worse. Users who do not have ControlPort enabled are secure; if you are not sure, you should upgrade and you should probably overwrite your torrc file with the default when you upgrade. More details will be posted over the next few days. https://tor.eff.org/download.html We have Vidalia bundles for OS X Tiger on the website now. The recommended workaround for Windows users is either to wait until we have a Vidalia bundle ready, or do separate installs of the Win32 "expert" package from https://tor.eff.org/download-windows and the Windows Vidalia-only package from http://vidalia-project.net/download.php Changes in version 0.1.2.16 - 2007-08-01 o Major security fixes: - Close immediately after missing authentication on control port; do not allow multiple authentication attempts.
tor servers communicating to wrong ports
I went through my firewall's log today, and noticed a large number of blocked packets coming from other tor servers. I run a tor server myself on port 995. About 1-10 packets per minute coming from other tor servers are blocked. They all communicate to ports between 59000 and 65000, and my firewall blocks their communication. My most important question is, why do other servers communicate to my server through any other port than 995? 995 is my advertised port. And if other tor servers' communication to me are answers to requests from my own tor server sent to them through ports 59000-65000 in my firewall, why doesn't my firewall allow those answers? The firewall doesn't block traffic that are answers to normal internet software for example: internet explorer, firefox, email. And only rarely block streaming video/audio by mistake. But it blocks a lot of tor traffic, why? (By the way, it blocks tor server traffic to ports 59000-65000 even when i disable SPI.) And is the tor software intelligent enough to resend the packets to port 995 instead of ports 59000-65000 when they get blocked? I'd be thankful for answers to these questions. Not that my life depends on it, but I'm curious. :-) /Viking
Re: critical security vulnaribility fixed in Tor 0.1.2.16
On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: ... To my understanding any Tor client or server behind a well-configured physical firewall aren't vulnerable to this type of attack. ... (Please tell me if I'm wrong. you're wrong. upgrade to the latest version (0.1.2.16 or 0.2.0.4-alpha) to avoid this type of attack. best regards,
Re: tor servers communicating to wrong ports
On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: ... I run a tor server myself on port 995. About 1-10 packets per minute coming from other tor servers are blocked. They all communicate to ports between 59000 and 65000, and my firewall blocks their communication. is this TCP or UDP? (DNS) 59k and above are ephemeral ports usually associated with a local client type connection to a remote public ip/port. best regards,
Re: critical security vulnaribility fixed in Tor 0.1.2.16
Please describe a little bit. "You're wrong" is not a good answer. Please describe how someone can reach port 9051 behind a firewall. Or is the attack not done by connecting to the control port 9051? Is it done by connecting to the advertised port? (in my case 995) /Viking coderman skrev: On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: ... To my understanding any Tor client or server behind a well-configured physical firewall aren't vulnerable to this type of attack. ... (Please tell me if I'm wrong. you're wrong. upgrade to the latest version (0.1.2.16 or 0.2.0.4-alpha) to avoid this type of attack. best regards,
Re: tor servers communicating to wrong ports
It's TCP. /Viking coderman skrev: On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: ... I run a tor server myself on port 995. About 1-10 packets per minute coming from other tor servers are blocked. They all communicate to ports between 59000 and 65000, and my firewall blocks their communication. is this TCP or UDP? (DNS) 59k and above are ephemeral ports usually associated with a local client type connection to a remote public ip/port. best regards,
Re: critical security vulnaribility fixed in Tor 0.1.2.16
On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Please describe a little bit. Please describe how someone can reach port 9051 behind a firewall. port 9051 is usually bound to localhost (127.0.0.1). a firewall (usually) protects against external connections. applications / utilities bound to localhost can access other ports bound to this address. best regards,
Re: tor servers communicating to wrong ports
On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: It's TCP. i'd be curious to know if you uncover additional details (packet dump?) to determine the nature of these connections. it may be that you are attempting connections to potential external servers for reachability verification or something else of this nature. best regards, (is there anything in the logs to indicate the nature of these requests as well?)
Re: tor servers communicating to wrong ports
Sorry, the log is just a list of blocked IPs with port numbers. There is no additional information. All my firewall gives you is a simple log file with blocked connections. Tor works fine, so it was out of curiosity that I wanted to know, and if this is a problem for the Tor-network, I wanted to post it to the or-talk list, to inform the programmers and users. Maybe some one else has the same thing happening with their firewall blocking tor server communication on ports 59000-65000? Maybe someone else has a firewall which gives more descriptive logs, or packed dumps? If this only happens with my firewall, then it shouldn't be a big problem for the tor-network. But if it's common, then it might be worth to investigate further. Thanks, Viking coderman skrev: On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: It's TCP. i'd be curious to know if you uncover additional details (packet dump?) to determine the nature of these connections. it may be that you are attempting connections to potential external servers for reachability verification or something else of this nature. best regards, (is there anything in the logs to indicate the nature of these requests as well?)
Directory servers for a subset of Tor routers
Hi, Question, is it possible to set up private directory servers and make available only a portion of the available Tor routers? For example, if you only wanted to make routers that were online in the U.K. or France available to users who got their info from these dir servers, can that be done? I know you can set entry and exit nodes but this only addresses part of the question and is too static for this example. I've seen some info on Blossom but don't know if that will do it either. If it can't be done or there are other problems, does anyone have any other ideas or suggestions? Thanks... -- Free information on becoming a Photographer. Click Now! http://tagline.hushmail.com/fc/Ioyw6h4fQtFznTeLcy3AEY651ReJH32DRSQ2P3pVLpQiG47cRgOe7X/
Too many connections when ORPort is defined
FYI: I would like to run a tor server, but there is no way to limit the number of connections. Also my tor.log gets filled with Failing because we have 991 connections already. Please raise your ulimit -n. which is crap I do not care to see. Development REALLY needs to implement a connection limit so that tor can be configured to be less a resource pig. While there is an overabundance of bandwidth here, the host computer simply cannot handle more than 100 simultaneous connections because it has so little RAM and a low horsepower CPU. If that ever happens, you might want to notify me (off list because I won't still be subscribed), at which time I'll turn the server back on. Note that bandwith limiting is not effective, either via htb or htb + configuration options in torrc. -- gypsy at iswest dot com
Re: critical security vulnaribility fixed in Tor 0.1.2.16
On Sat, Aug 04, 2007 at 04:40:04PM +0200, [EMAIL PROTECTED] wrote: Perhaps someone else has an answer for this.br Nothing in coderman's short answers have made this clear to me. The answers look rather confusing to me, sorry.br (Typing on defcon network so will be quite brief) The short answer is yes, this is an attack, and no, we're not going to tell you exactly how it works yet. That's because several hundred thousand people are vulnerable, and we're going to give them several weeks to upgrade before we arm random people on the Internet with the ability to launch this attack against them. You should be one of the people who upgrades. :) --Roger
Re: Too many connections when ORPort is defined
On Sat, Aug 04, 2007 at 11:00:25AM -0700, [EMAIL PROTECTED] wrote 0.8K bytes in 19 lines about: : FYI: : I would like to run a tor server, but there is no way to limit the : number of connections. Also my tor.log gets filled with Failing : because we have 991 connections already. Please raise your ulimit -n. : which is crap I do not care to see. Sockets and memory consumption are two different things. I've run tor servers in virtual servers with 256MB of ram just fine. You could also man tor and find: ConnLimit NUM The minimum number of file descriptors that must be available to the Tor process before it will start. Tor will ask the OS for as many file descriptors as the OS will allow (you can find this by ulimit -H -n). If this number is less than ConnLimit, then Tor will refuse to start. : Development REALLY needs to implement a connection limit so that tor can : be configured to be less a resource pig. While there is an : overabundance of bandwidth here, the host computer simply cannot handle : more than 100 simultaneous connections because it has so little RAM and : a low horsepower CPU. I believe someone has submitted patches to this effect. We're always happy to accept more patches. -- Andrew
Re: Can we beat the Firewall of china attack?
On Fri, Aug 03, 2007 at 02:54:06PM -0700, [EMAIL PROTECTED] wrote 2.2K bytes in 18 lines about: : I am behind an ISA firewall so I need to use NTLMAPS to get through. My ISP have started to block TOR Servers to prevent anyone to connect through them. Yet I know I can access those servers through any free proxy already existing on the Internet, provided it can use SSL connections. It would be nice if I could point my TOR client to any of these proxies before it would connect to the TOR servers which are blocked. I know TOR allows for an HTTP proxy, but that one I have used to point to the NTLMAPS proxy already. : Do I stand any chance to beat my ISP? I only need TOR to acces the circuit initially throgh an existing HTTP server. Should my ISP detect the HTTP server and block it, what the hell, still there are zillions more to connect to. :) Unfortunately, Tor doesn't support NTLM authentication.I know others have run into this problem as well. I'm not sure if they ever figured out a workaround. -- Andrew
Tor and NTLM (was Re: Can we beat the Firewall of china attack?)
On Sat, Aug 04, 2007 at 02:42:11PM -0400, [EMAIL PROTECTED] wrote: Unfortunately, Tor doesn't support NTLM authentication.I know others have run into this problem as well. I'm not sure if they ever figured out a workaround. See the middle paragraph of http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#HttpProxy for how to do NTLM along with your http proxy for Tor. --Roger
Re: critical security vulnaribility fixed in Tor 0.1.2.16
So both you and "coderman" know how this attack is done but simply don't want to explain more? Now I understand why the answers were confusing. ;-) Thanks for answering anyways. /Viking Roger Dingledine skrev: On Sat, Aug 04, 2007 at 04:40:04PM +0200, [EMAIL PROTECTED] wrote: Perhaps someone else has an answer for this.br Nothing in coderman's short answers have made this clear to me. The answers look rather confusing to me, sorry.br (Typing on defcon network so will be quite brief) The short answer is yes, this is an attack, and no, we're not going to tell you exactly how it works yet. That's because several hundred thousand people are vulnerable, and we're going to give them several weeks to upgrade before we arm random people on the Internet with the ability to launch this attack against them. You should be one of the people who upgrades. :) --Roger
Re: critical security vulnaribility fixed in Tor 0.1.2.16
Did this end up biting TOR in the ass, or is this a Proactive move? I am just curious as I mentioned this very problem (or something extremely close to it) back in August last year (see: http://archives.seul.org/or/talk/Aug-2006/msg00187.html ) So I'm just wondering it if finally made it to the top of what I am sure is a long To-do list that the DEV's have, or was it actually exploited. I completely understand the need not to release further details until people upgrade but I am looking forward (once things are safe) to hearing how and by whom this was exploited if it was. In either case (exploited/not exploited), Kudos to the Dev's for fixing it quickly and getting the word out. This has left me wondering one thing tho.. My tor was updated auto-magically as I used a Debian based distro and have the official TOR repository in my apt list. So my question is, is there, or could there be some similar form of auto-updating for persons using the windows version of TOR? If not maybe Vadalia could be made to check for TOR updates and pop up notices to the users? ... just a thought. Sadly my coding skills are decades out of date or I'd offer to help. Freemor [EMAIL PROTECTED] Freemor [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: critical security vulnaribility fixed in Tor 0.1.2.16
Quoting Roger Dingledine [EMAIL PROTECTED]: On Sat, Aug 04, 2007 at 04:40:04PM +0200, [EMAIL PROTECTED] wrote: Perhaps someone else has an answer for this.br Nothing in coderman's short answers have made this clear to me. The answers look rather confusing to me, sorry.br (Typing on defcon network so will be quite brief) The short answer is yes, this is an attack, and no, we're not going to tell you exactly how it works yet. That's because several hundred thousand people are vulnerable, and we're going to give them several weeks to upgrade before we arm random people on the Internet with the ability to launch this attack against them. You should be one of the people who upgrades. :) --Roger When I read the following post last month in a.p.a-s I just _assumed_ it was a kid trolling. - Posting in the clear through Google with his Portland, OR Verizon IP flapping in the breeze. I now _assume_ this Usenet post is related to the subject at hand (?) http://preview.tinyurl.com/2d5wzx _ Newsgroups: alt.privacy.anon-server Subject: Re: JanusVM Date: Fri, 13 Jul 2007 08:45:21 - Message-ID: [EMAIL PROTECTED] On Jul 13, 12:25 am, Anonymous Sender [EMAIL PROTECTED] wrote: What do you think of this tor wrapper? http://janusvm.peertech.org/ Has anyone tried it? Pros? Cons? Caveats? http://janusvm.peertech.org/Flash/JanusVM-SEC-Demo-1.html This is the only tool that prevents side channel attacks against Tor. This happens because JanusVM is transparently proxying ALL your TCP traffic through Tor. HD Moore had a very nice example of why you should NOT trust your applications to always use Tor correctly. JanusVM doesn't have this problem because it catches everything at the Network Layer. Also, I am going to be releasing a 0-day against Tor @ DefCon15 this year that will reveal your true IP address. :-P Needless to say, the 0-day will not work against those using JanusVM. And no, I'm not releasing ANY details about it until Defcon. Enjoy! Kyle _
[no subject]
unsubscribe
RE: Torbutton 1.1.6-alpha
PLEASE UNSUBSCRIBE ME -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Perry Sent: Tuesday, July 31, 2007 4:21 AM To: or-talk@freehaven.net Subject: Torbutton 1.1.6-alpha http://torbutton.torproject.org/dev/ 1.1.6 30 Jul 2007 * bugfix: Fix an exception that may have messed up cookie/cache clearing if you allowed Tor to write history URLs (possibly kills bug #457) * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking misses (possibly kills bug #460) * misc: Clean up annoying false positives with date hooking checks I've been running this version for a week or so now, and I have not seen any alerts about missing Javascript hooking. It is possible the bug has been fixed by those other fixes, plus I cut down on the false positives for those alerts. As always, please keep an eye on Torbutton to make sure it is actually properly blocking plugins, always properly clearing/isolating cookies+cache, disabling javascript for pages loaded in an opposite Tor state, and blocking CSS popups for the same. -- Mike Perry Mad Computer Scientist fscked.org evil labs Disclaimer: This E-mail and any attachments hereto are intended solely for the addressee and it may contain confidential material. If you are not the intended addressee or receive this in error, please delete the message and notify the sender. You must not disclose, forward or copy this E-mail or attachments to any third party. Statements, opinions or comments expressed in this E-mail are those of the sender and do not necessarily represent those of Arabian Advanced Systems AAS. AAS accepts no liability for any damage caused by this E-mail or its attachments
Re: Can we beat the Firewall of china attack?
Are you on windows or Linux? Comrade Ringo Kamens On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Fri, Aug 03, 2007 at 02:54:06PM -0700, [EMAIL PROTECTED] wrote 2.2K bytes in 18 lines about: : I am behind an ISA firewall so I need to use NTLMAPS to get through. My ISP have started to block TOR Servers to prevent anyone to connect through them. Yet I know I can access those servers through any free proxy already existing on the Internet, provided it can use SSL connections. It would be nice if I could point my TOR client to any of these proxies before it would connect to the TOR servers which are blocked. I know TOR allows for an HTTP proxy, but that one I have used to point to the NTLMAPS proxy already. : Do I stand any chance to beat my ISP? I only need TOR to acces the circuit initially throgh an existing HTTP server. Should my ISP detect the HTTP server and block it, what the hell, still there are zillions more to connect to. :) Unfortunately, Tor doesn't support NTLM authentication.I know others have run into this problem as well. I'm not sure if they ever figured out a workaround. -- Andrew
Re: Directory servers for a subset of Tor routers
I think this is possible with a little hacking of the code. If you don't want to make you own version of tor (a bad idea to begin with) you could run an authoritative dir server and then just block connections to certain countries. Just make sure you configure your server NOT to advertise that information to other directories. Comrade Ringo Kamens On 8/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, Question, is it possible to set up private directory servers and make available only a portion of the available Tor routers? For example, if you only wanted to make routers that were online in the U.K. or France available to users who got their info from these dir servers, can that be done? I know you can set entry and exit nodes but this only addresses part of the question and is too static for this example. I've seen some info on Blossom but don't know if that will do it either. If it can't be done or there are other problems, does anyone have any other ideas or suggestions? Thanks... -- Free information on becoming a Photographer. Click Now! http://tagline.hushmail.com/fc/Ioyw6h4fQtFznTeLcy3AEY651ReJH32DRSQ2P3pVLpQiG47cRgOe7X/
Unsubscribe
Unsubscribe me please -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 12, 2007 7:53 AM To: or-talk@freehaven.net Subject: Suggestion about TorButton Hello! First, thank you for this SUPERB extension :)) I have an idea of feature that could be interesting, but don't know if you would agree to implement it, and moreover I think it is a lot of job: It would be to force some of the bookmarks to use TOR, whatever the TorButton status is. For example, there would be one more function in the right click menu, Bookmark this link WITH TOR. Then, the link will always use TOR, even if Tor is turned OFF with Torbutton. What do you think? :) Best, F44 Disclaimer: This E-mail and any attachments hereto are intended solely for the addressee and it may contain confidential material. If you are not the intended addressee or receive this in error, please delete the message and notify the sender. You must not disclose, forward or copy this E-mail or attachments to any third party. Statements, opinions or comments expressed in this E-mail are those of the sender and do not necessarily represent those of Arabian Advanced Systems AAS. AAS accepts no liability for any damage caused by this E-mail or its attachments
