How to ban bad tor node which would redirect http request to a certain ip tracker?
Hi, I recently found some bad tor node would redirect http request to a pre-configured address such as http://218.86.119.72/req.php?str1=xxxstr2=url where xxx is a 18 digit number contain a Unix time stamp and url is the original url requested. then the host 218.86.119.72 will send back a cookie which named 'UniProclove' whose content is also a 18 digit number. Is it possible to configure tor to isolate such a bad tor node? or is it possible to configure tor to refuse to connect/relay to certain ip addresses?
Installing TOR on CentOS
Hi, Would like to run a node on a centOS box. Got the source from http://www.torproject.org/dist/tor-0.2.0.12-alpha.tar.gz ./configure: I get an error message: [EMAIL PROTECTED] tor-0.2.0.12-alpha]# ./configure checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... //bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: no acceptable C compiler found in $PATH What must I do, or (better!) is there a rpm already for centOS?? Thanks :)
Re: How to ban bad tor node which would redirect http request to a certain ip tracker?
On Sat, Nov 17, 2007 at 02:29:09AM -0800, s s wrote: I recently found some bad tor node would redirect http request to a pre-configured address such as http://218.86.119.72/req.php?str1=xxxstr2=url where xxx is a 18 digit number contain a Unix time stamp and url is the original url requested. then the host 218.86.119.72 will send back a cookie which named 'UniProclove' whose content is also a 18 digit number. Is it possible to configure tor to isolate such a bad tor node? or is it possible to configure tor to refuse to connect/relay to certain ip addresses? Yes, you can exclude the node by nickname (or better, by key fingerprint) by adding an ExcludeNodes line to your torrc file. See the man page for details. But even better, if you tell us which node it is, we'll a) try to contact the operator to get him to fix it, as it's quite likely to be an innocent misconfiguration, and b) blacklist it from the directory consensus in the meantime, so other users won't stumble into it. (I've been meaning for a while to come up with some mechanism for users to report problems they see, while we wait for Mike Perry to get his TorFlow application more automated. But there are enough false positives that I don't think we should just say mail tor-volunteers. I'm not sure what the best plan should be.) Thanks! --Roger
Re: Installing TOR on CentOS
Hi, [EMAIL PROTECTED] wrote: What must I do, or (better!) is there a rpm already for centOS?? Apparently, you don't have any development tools. yum install libevent-devel should pull in everything you need to build Tor. Regards Marco
Re: Installing TOR on CentOS
What must I do, or (better!) is there a rpm already for centOS?? Apparently, you don't have any development tools. yum install libevent-devel should pull in everything you need to build Tor. Thanks, yes in fact I had to install openssl too :) Ok tor is running now, but where is the config file? [notice] Configuration file /usr/local/etc/tor/torrc not present, using reasonable defaults. I want check and probably change some of the reasonable defaults!
Re: court trial against me - the outcome
don't keep the knowledge for yourself :) On Thursday 15 November 2007 22:54, Arrakis wrote: I actually know of such a company that is interested in supplying tor legal insurance in DE. Is anyone interested? Steve
Re: new perspektive for tor
On Friday 16 November 2007 17:04:18 Michael Schmidt wrote: Due to data retention logg needs/law in the EU, there will be no outproxy and no forwarding-nodes in the EU anymore, if they do not logg all traffic. Can someone point me to the EU directive on this? I thought this was just a German initiative. signature.asc Description: This is a digitally signed message part.
Re: Swedish Police Swoop on Dan Egerstad
Paul Ferguson [EMAIL PROTECTED] wrote: Not good. What's that? Via TheAge.com.au. The hack required little more than tools freely available on the internet, and Egerstad maintains he broke no laws. I find it hard to believe that his hack didn't violate any laws in Sweden and I also have my doubts about the raid taking place in the way described in this poorly-researched article. Without more information I get the impression that he broke Swedish law and is now facing the consequences. Big deal. Fabian signature.asc Description: PGP signature
Re: new perspektive for tor
2007/11/17, Robert Hogan [EMAIL PROTECTED]: On Friday 16 November 2007 17:04:18 Michael Schmidt wrote: Due to data retention logg needs/law in the EU, there will be no outproxy and no forwarding-nodes in the EU anymore, if they do not logg all traffic. Can someone point me to the EU directive on this? I thought this was just a German initiative. in the total EU there will be NO TOR-Outproxy from begin of 1.1.2008: So the idea is to have only forwarders in the EU - based on a security friend to friend layer with trusted friends only (tor retroshare-plugin). The hybrid nodes (tor plugins connecting AS WELL to the normal tor network layer) though must be then Outside this law aerea. And: every forwarder inside needs to know a hybrid outside the law aerea. If this is given, he can forward the packet many time on the f2f layer of his trusted friends, until any of the f2f-friends know ANY PORT to go outside to a hybrid again. So this is Matrix Reloaded with Neo, needing a Port. - World outside: routing and routing - HYBRID: World outside, slides the packet over to F2F - World inside begin: ping pong Germany pong ping Germany ping pong Germany pong ping Germany ... and many hops forwarded - World inside end - HYBRID: World outside, a friend from inside is giving the packet to a hybrid node outside - Worldoutside: routing and routing to the destination. So the new approach is to have a world outside with tor routing, and a World inside with forwarding nodes. The World inside is based on the secure trusted friend encrypted layer of http://retroshare.sf.net . Each node inside the World needs friends either forwarding or a HYBRID-friend from Outside the law. We need a board for that, to bring people from inside and outside together, as the f2f chain may be broken quick, as not every f2f user is installing the tor-plugin. But three or four routing ways in the middle is enough for a start to haver the MIXER. Then different Ports or Hybrids outside the World start the routing, some ping pong inside over f2f layer and then back outside, ideally over a different hybrid node. So the goal for nodes inside is a) to have friends forwarding for free, and b) to have at least one or two hybrid- friends to mix here the Inside-World-Entry and Inside-World-Exit Nodes. (remember the exit node is the tor node to fetch the website and the iside-world-exit-node is the node in a country without data retention law and hybrid with F2F). Here are the laws: EU, Germany and some laywer discussions, UK and Ireland and some other already have, as well USA will step into this .. so.. Russia and India is the last resort for Tor, China as well of course not. So a protocol change is needed, or a mixer, which is based on acting against the law, but this will no one do. So the trusted friend inside and the trusted friend hybrid outside will help to get a mix chain inside the law-area. Regards Richtlinie 2006/24/EG: http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2006/l_105/l_10520060413en00540063.pdf; Umgesetzt im deutschen Gesetzesentwurf: http://dip.bundestag.de/btd/16/058/1605846.pdf http://www.vorratsdatenspeicherung.de http://www.heise.de/newsticker/meldung/91627 vom 23.06.2007 http://www.bundestag.de/bic/analysen/2006/zulaessigkeit_der_vorratsdatenspeicherung_nach_europaeischem_und_deutschem_recht.pdf, dagegen: https://www.datenschutzzentrum.de/polizei/20070627-vorratsdatenspeicherung.pdf sowie das Bundesverfassungsgericht: http://www.bundesverfassungsgericht.de/pressemitteilungen/bvg07-082.html Bundesverfassungsgericht - Pressestelle - Pressemitteilung Nr. 82/2007 vom 27. Juli 2007 - 1 BvR 370/07; 1BvR 595/07 - http://www.bundesverfassungsgericht.de/pressemitteilungen/bvg07-082.html
Re: new perspektive for tor
Hi Robert, On Sat, 17.11.2007, you wrote: Can someone point me to the EU directive on this? I thought this was just a German initiative. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:01:EN:HTML felix -- felix_eckhofer * http://tribut.de/kontakt * please encrypt Ein Betriebssystem sie zu knechten, sie alle zu finden, ins Dunkle zu treiben und ewig zu binden... signature.asc Description: Digital signature
Re: encrypting your communications?!
On Sat, Nov 17, 2007 at 07:35:10AM -0500, Roger Dingledine wrote: On Sat, Nov 17, 2007 at 12:13:34PM +, Robert Hogan wrote: Gah. You're right. I've changed the offending sentence to: Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning where you're coming from. This is better. Although Much like the original concern that Robert raised, this could be interpreted as saying that using Tor prevents the sites you visit from learning where you're coming from (especially since it says just that ;). The tricky thing is how to succinctly and clearly say to the general user that it is the networking address information implicit in the act of connecting that is hidden, but that's not the whole story. The onion routing project home page phrases it thus in the opening paragraph. The focus is on practical systems for low-latency Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routing servers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network. This is too geekspeakish for the intended purpose here. But it gives a hint perhaps of what could be said. Also, apropos to Robert's complaint the last sentence does two things: it does let people know that traffic is encrypted against eavesdroppers within the network. More importantly, even for people who aren't thinking about encryption one way or the other and for people that might have been confused by the sentence Robert noted, it succinctly and clearly tells them that there is a part of the communication path that is not encrypted against eavesdroppers---a part that is outside of Tor. So a suggested revision Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit. Even the Tor relay you connect to doesn't learn that. Tor comes bundled with other protections that combine with Tor to hide your location from the sites you visit too. And, Tor hides what you are saying from eavesdroppers anywhere between the point your connection leaves your computer to the point it leaves the Tor network and heads to the site you are visiting. I think the sentence about bundling lets even the people who can't look two short paragraphs down know that there is more to the story, but it still says there is a basic protection from responding sites that they get from Tor (And, it doesn't end with a preposition ;) I'm torn about whether the last sentence is worth it. It's a really important point for the reasons that prompted this exchange and other reasons too, but maybe it is just one point too many for an opening paragraph. HTH, Paul
Re: court trial against me - the outcome
Mirko Thiesen [EMAIL PROTECTED] wrote: They offered me to dismiss the actual court trial according to paragraph 153 StPO which is not the same as an acquittal (no Freispruch) which I eventually accepted. My German is not that fresh anymore, but it seems to say that if your guilt is low and they don't find any interest for society at large to prosecute you, they can choose not to prosecute. Is that what that paragraph says? Yes, this is what the paragraph says. Unfortunately it implies that I am indeed somehow guilty. I don't think so. The first part of the paragraph talks about the guilt of the offender, the second part about dismissing the case with the approval of the accused. The accused doesn't have to be the offender and as being accused for itself doesn't imply any guilt I don't see why dismissing the case according of § 153 StPO would imply any guilt either. Fabian signature.asc Description: PGP signature
Re: new perspektive for tor
On Saturday 17 November 2007 14:42:56 you wrote: Hi Robert, On Sat, 17.11.2007, you wrote: Can someone point me to the EU directive on this? I thought this was just a German initiative. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:01 :EN:HTML felix If you go to the bottom of that link you can see many countries appear to be 'postponing' application of the directive indefinitely. signature.asc Description: This is a digitally signed message part.
Re: new perspektive for tor
Michael Schmidt wrote: in the total EU there will be NO TOR-Outproxy from begin of 1.1.2008: really? I don't intend to shut down my exit gateway located in Germany. Is there any reason I'm supposed to do so? Olaf
Re: new perspektive for tor
2007/11/17, Olaf Selke [EMAIL PROTECTED]: in the total EU there will be NO TOR-Outproxy from begin of 1.1.2008: really? I don't intend to shut down my exit gateway located in Germany. Is there any reason I'm supposed to do so? Olaf You need to logg the traffic, you have time to get the log tools till. 1.1.2009, so one year from beginning in 2008. If you do not log, then you are aginst the law. Dunno, what the punsihment is... But as the german plice has raided several Tor servers, I would not run one, and as you are in law conflict, if you do not logg, then this is as well a problem.. so I guess in the next year more and more servers will vanish... Mike
Re: new perspektive for tor
Michael Schmidt wrote: You need to logg the traffic, you have time to get the log tools till. 1.1.2009, so one year from beginning in 2008. do I? According the law one has to store (speichern) collected (erzeugte) or processed (verarbeitete) data for six months. From my understanding there's no obligation to collect any data. Obviously data not collected can't be stored. I've just asked a friend working for the BSI about his opinion. He promised to check and provide me with feedback regarding Dark Side's perspective of the terms collect and store. Did any of my German colleagues on this list really bothered with reading the law? regards, Olaf
Re: new perspektive for tor
„§ 113a Speicherungspflichten für Daten (6) Wer Telekommunikationsdienste erbringt und hierbei die nach Maßgabe dieser Vorschrift zu speichernden Angaben verändert, ist zur Speicherung der ursprünglichen und der neuen Angabe sowie des Zeitpunktes der Umschreibung dieser Angaben nach Datum und Uhrzeit unter Angabe der zugrunde liegenden Zeitzone verpflichtet. http://dip.bundestag.de/btd/16/058/1605846.pdf 2007/11/17, Olaf Selke [EMAIL PROTECTED]: You need to logg the traffic, you have time to get the log tools till. 1.1.2009, so one year from beginning in 2008. do I? According the law one has to store (speichern) collected (erzeugte) or processed (verarbeitete) data for six months. From my understanding there's no obligation to collect any data. Obviously data not collected can't be stored. I've just asked a friend working for the BSI about his opinion. He promised to check and provide me with feedback regarding Dark Side's perspective of the terms collect and store. Did any of my German colleagues on this list really bothered with reading the law? regards, Olaf
Re: court trial against me - the outcome
Wilfred L. Guerin wrote: I am sincerely concerned about the following issue: address and identity used are from the cow town next door Please explain for us the failures of your tor implementation to properly mix and distribute the content, and why (moreso how) such an event occured? Are you sure you read Mirko's mail? The *entire* mail? If so, I would advise you to go back and read it *again*. Slowly this time. Pay close attention to who did what. Sorry if I'm being rude, but your mail shows you have neither understood the original post, nor read the follow ups. You really should consider doing so before posting on a mailing list. Saves a lot of valuable time for the rest of the world. Now back to topic, please. This issue is far too serious to lose track of. Andrew
Re: encrypting your communications?!
How about this? Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents the sites you visit from learning where you're coming from, and it prevents somebody watching your Internet connection from learning what sites you visit. Even the Tor relay you connect to doesn't learn that. However, Tor is NOT a Solve-everything -- proper use of Tor requires protection of cookies and Javascript (either of which, without any other tool, can be used to reveal you to the destination node). Finally, Tor exposes you to a new type of Man-In-The-Middle attack -- the last Tor node used will see everything that the destination site sees. [bold] Never send a password over Tor unless you are using an https connection. If your site only uses https for the login password, but uses a cookie authentication and normal http after that, then your login may still be stolen; always log out from the site you are talking to when finished. [/bold] It is recommended that you use a separate profile for your tor-based anonymous browsing, with cookies cleared after each session, and javascript disabled. Noscript, for firefox, can safely permit scripts on a site-by-site basis, after determining that it is safe. Additionally, a plugin or tool to remove referer information is absolutely essential, or third party sites -- such as advertisers -- can track your every move. Tor is normally used with Privoxy to both remove referer information, and block advertisers. (Referer is the proper spelling -- the original http standard misspelled referrer, and the misspelling is too ingrained in the web to be fixed now.)
Re: Soliciting Opinions on xB Browser How To Build doc
How about instead of Make, we use Scons? It should be easier for people to read and modify. Additionally, for the list of tor 3rd party devs... I figured out how to implement the (more) secure persistent settings in firefox. This will be useful for others trying a similar approach to xB Browser. 1. Keep prefs.js with the normal user settings. 2. Load this user.js on top of it, to keep the network settings persistent. This way the user can change their settings like cache, saving passwords, etc, but not risk messing up their network settings. Tested and it works. Files below, including settings. Regards, Steve -- BEGIN PREFS.JS -- # Mozilla User Preferences /* Do not edit this file. * XEROBANK BROWSER CONFIGURATION SOFTCODE SETTINGS * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref(accessibility.typeaheadfind.flashBar, 0); user_pref(app.update.auto, false); user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1195327847); user_pref(app.update.lastUpdateTime.background-update-timer, 1195327847); user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1195327847); user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1195327853); user_pref(app.update.url.override, https://aus2.mozilla.org/update/2/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/update.xml;); user_pref(browser.cache.disk.capacity, 0); user_pref(browser.download.lastDir, C:\\Documents and Settings\\Administrator\\Desktop); user_pref(browser.download.manager.retention, 0); user_pref(browser.formfill.enable, false); user_pref(browser.history_expire_days, 0); user_pref(browser.history_expire_days.mirror, 9); user_pref(browser.preferences.advanced.selectedTabIndex, 1); user_pref(browser.send_pings, false); user_pref(browser.sessionstore.enabled, false); user_pref(browser.shell.checkDefaultBrowser, false); user_pref(browser.startup.homepage, https://support.xerobank.com/IPSpy;); user_pref(browser.startup.homepage_override.mstone, rv:1.8.1.8); user_pref(browser.tabs.warnOnClose, false); user_pref(dom.storage.enabled, false); user_pref(intl.accept_languages, en-US,en,chrome://global/locale/intl.properties); user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8); user_pref(layout.css.report_errors, false); user_pref(network.cookie.lifetime.days, 0); user_pref(network.cookie.lifetimePolicy, 2); user_pref(network.cookie.prefsMigrated, true); user_pref(network.dns.disableIPv6, true); user_pref(network.http.keep-alive.timeout, 1000); user_pref(network.http.max-connections-per-server, 16); user_pref(network.http.max-persistent-connections-per-proxy, 24); user_pref(network.http.max-persistent-connections-per-server, 16); user_pref(network.http.pipelining, true); user_pref(network.http.pipelining.maxrequests, 8); user_pref(network.http.proxy.pipelining, true); user_pref(network.http.use-cache, false); user_pref(network.proxy.backup.ftp, ); user_pref(network.proxy.backup.ftp_port, 0); user_pref(network.proxy.backup.gopher, ); user_pref(network.proxy.backup.gopher_port, 0); user_pref(network.proxy.backup.socks, localhost); user_pref(network.proxy.backup.socks_port, 9050); user_pref(network.proxy.backup.ssl, ); user_pref(network.proxy.backup.ssl_port, 0); user_pref(network.proxy.failover_timeout, 0); user_pref(network.proxy.no_proxies_on, ); user_pref(network.proxy.share_proxy_settings, true); user_pref(network.proxy.socks, localhost); user_pref(network.proxy.socks_port, 9050); user_pref(network.proxy.socks_remote_dns, true); user_pref(network.proxy.type, 1); user_pref(pref.privacy.disable_button.view_cookies, false); user_pref(privacy.item.cookies, true); user_pref(privacy.item.passwords, true); user_pref(privacy.sanitize.didShutdownSanitize, true); user_pref(privacy.sanitize.promptOnSanitize, false); user_pref(privacy.sanitize.sanitizeOnShutdown, true); user_pref(security.disable_button.openDeviceManager, false); user_pref(security.warn_entering_secure, false); user_pref(security.warn_entering_secure.show_once, false); user_pref(security.warn_leaving_secure.show_once, false); user_pref(security.warn_submit_insecure, false); user_pref(security.xpconnect.plugin.unrestricted, false); user_pref(signon.rememberSignons, false); user_pref(xpinstall.whitelist.add, ); user_pref(xpinstall.whitelist.add.103, ); -- END PREFS.JS -- -- BEGIN USER.JS -- # Mozilla User Preferences /* Do not edit this file. * XEROBANK TOR CONFIGURATION HARDCODE SETTINGS * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more
