Re: j0ryeqmd

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

scar wrote:
> when using IRC over Tor, very often my ident is munged into that string.  
> once is understandable.  the peculiar part is how, if i change Tor circuits 
> (exit node also) and reconnect, i'm connected with that same ident.  it's not 
> constrained to just one IRC network either: it appears to happen across 
> various networks.  anyone else noticing this?
> 
> what is even more peculiar to me is that this has still happened (at least 
> once) even when i first connect to an IRC bouncer via SSL connection (using 
> Tor) and then initiate an insecure connection to an IRC network through the 
> bouncer.  the connection between the bouncer and the IRC network is not 
> through Tor, just the connection between me and the bouncer and that is via 
> SSL anyway.
> 

That's rather odd...

Dumb question: Have you tried changing your ident by hand?

I know it's ridiculously obvious - but that's when I discovered the
disconnected power cord. =;o)

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdxQ1bgkxCAzYBCMRCMrJAJ9n7BGLeOG5tKc9tLsJ9mnoS1R0jwCePVHv
7uL3LazyfdMwgSy/C5T41uI=
=x6Vc
-END PGP SIGNATURE-

Re: IRC privacy with Tor

[Drake Wilson]

Quoth scar <[EMAIL PROTECTED]>, on 2007-12-29 20:39:41 -0700:
> when using IRC over Tor, very often my ident is munged into that
> string.  once is understandable.  the peculiar part is how, if i
> change Tor circuits (exit node also) and reconnect, i'm connected
> with that same ident.

What exactly do you mean by "ident"?  If you mean the hostname, then
if that doesn't change with the exit node, something weird is going on
(I would imagine), and more details might be helpful.  But if you mean
the username that precedes the hostname, it may be being transmitted
by your client through the main connection.  That would also be
consistent with seeing similar behavior through other types of
proxies.  (I seem to recall some of this stuff being transmitted
in-band for IRC, but I may be wrong and I can't recall the details
right now.)

   ---> Drake Wilson

j0ryeqmd

[scar]

when using IRC over Tor, very often my ident is munged into that string.  once 
is understandable.  the peculiar part is how, if i change Tor circuits (exit 
node also) and reconnect, i'm connected with that same ident.  it's not 
constrained to just one IRC network either: it appears to happen across various 
networks.  anyone else noticing this?

what is even more peculiar to me is that this has still happened (at least 
once) even when i first connect to an IRC bouncer via SSL connection (using 
Tor) and then initiate an insecure connection to an IRC network through the 
bouncer.  the connection between the bouncer and the IRC network is not through 
Tor, just the connection between me and the bouncer and that is via SSL 
anyway.



signature.asc
Description: OpenPGP digital signature

Re: virtues of middlemen

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

blau wrote:
(snip)
> If you run a service on the public net, say a website, it
> makes sense to run a Tor middleman node on the same host. This way users
> can reach your service anonymously - without the risks of passing
> through an exit relay.
(snip)

This is something like Noreply's keyserver; it's offered as both a
normal site, and as a Tor hidden service.

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdxELbgkxCAzYBCMRCDvFAJ4+qRBjxH/RJKkrtZotW3C1D0g5bgCeOc7I
NleZPdNhcqd+g0gpHZOkUS0=
=mBI8
-END PGP SIGNATURE-

Tsocks and DNS

[Ringo Kamens]

I have a question regarding tsocks. According to
http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#DNSNote, tsocks
leaks DNS requests and it suggests I either use tor-resolve or apply the
patch at http://www.totalinfosecurity.com/patches/tor.php?. Does the tsocks
version in the Ubuntu repositories still have this problem (for instance,
when I do an apt-get install tor it automatically installs torify and
tsocks)? Would you suggest using the patch?
Thanks
Comrade Ringo Kamens

Re: Please run a bridge relay!

[Gitano]

Andrew Del Vecchio wrote:

> I got nothing:
> 
> Chain PREROUTING (policy ACCEPT)
> target prot opt source   destination

This works well for me:
---
iptables -t nat -F PREROUTING
iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 443 -j REDIRECT
--to-ports 9001
---
iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 5080K packets, 266M bytes)
 pkts bytes target prot opt in out source destination
 6543  585K REDIRECT   tcp  --  eth0   *   0.0.0.0/0  0.0.0.0/0
  tcp dpt:443 redir ports 9001

Re: Please run a bridge relay! (was Re: Tor 0.2.0.13-alpha is out)

[Olaf Selke]

Andrew Del Vecchio wrote:
> I got nothing:
> 
> Chain PREROUTING (policy ACCEPT)
> target prot opt source   destination
> 
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source   destination
> 
> Chain OUTPUT (policy ACCEPT)
> target prot opt source   destination

sorry dude, no idea! On my box it does work:

iptables -t nat -A PREROUTING -p tcp -d 195.71.90.10 --dport 443 -j DNAT
--to-destination 195.71.90.10:9080
iptables -t nat -A PREROUTING -p tcp -d 195.71.90.10 --dport 80 -j DNAT
--to-destination 195.71.90.10:9090

gives

anonymizer:~# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source   destination
DNAT   tcp  --  anywhere anonymizer.blutmagie.de tcp
dpt:https to:195.71.90.10:9080
DNAT   tcp  --  anywhere anonymizer.blutmagie.de tcp
dpt:www to:195.71.90.10:9090

Chain POSTROUTING (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


regards, Olaf

Proper TOR DNS Configuration Testing Help

[Mark Manning]

Hello - I'm just starting to pay attention to this mailing list so forgive
me if this subject has been brought up before.

I'm interested in setting up a [or using an existing] service that could
test for a proper DNS configuration [among other things].  The goal being
that a person could visit a web page to confirm that their DNS queries were
being forwarded through the TOR network and not using a local DNS server.

HD Moore of the Metasploit project has had some interesting success with his
Decloak research project
[link]which as I
understand it, uses a custom DNS server and a special web page to
force a client to resolve a special domain name where the server can
correlate the lookup name to the IP that is making the request and thereby
determining whether or not their DNS queries are coming from a TOR exit
node.

My question is has anyone had any experience with this subject they would
like to share?  Specifically with existing services out there or any ideas
for implementing such a service.

The final goal for my humble project is to come up with an ubiquitous
testing page that could report with relative certainty that a user's
environment is configured properly for anonymity or not and do so without
assuming any specific client-side capabilities [ie Javascript, java,
cookies, etc].  My hang up right now is finding the best way to test that
DNS queries are going out over the TOR network.

Again, I apologize if this is a silly question but I appreciate any
feedback.

Re: Please run a bridge relay! (was Re: Tor 0.2.0.13-alpha is out)

[Andrew Del Vecchio]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I got nothing:

Chain PREROUTING (policy ACCEPT)
target prot opt source   destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


- --
People just like you lose untold millions in personal wealth due to
frivolous lawsuits and unfair government seizures.
Are you protected? Read the Asset Protection Crash Course at
http://www.keepyourassets.net?andrew to find out how to protect your
hard-earned assets.


Olaf Selke wrote:
> Andrew Del Vecchio wrote:
>> Sudo route and iptables -L don't show the below in the routing table as
>> being applied. Any debugging suggestions?
> 
> iptables -L -t nat
> 
> Olaf
> 
> 
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdrP4gwZR2XMkZmQRAmWqAJ9rtkOK+i4lowz+yPsx68FJ8qnIGgCfWGCQ
9Jygwma2wcs7+9Uhvc4Ayis=
=S+Dg
-END PGP SIGNATURE-

Re: virtues of middlemen

[blau]

Eugen Leitl ha scritto:
> The Tor network so far is largely seen only as an anonymizing
> layer, to access the "real" Internet.
> 
> However, it is fully capable of becoming a real Darknet, 
> provided hidden services achieve a critical mass,

Not only that. If you run a service on the public net, say a website, it
makes sense to run a Tor middleman node on the same host. This way users
can reach your service anonymously - without the risks of passing
through an exit relay.

Blau

Can I somehow setup that the endpoint (=exit node) shuld be in USA ?

[Ben Stover]

Can I somehow setup that the endpoint (=exit node) should be in USA ?

How do I specify this in Tor or Vidalia?

Ben

Re: Exit from Tor, Pivoxy and Vidalia with one click possible ?

[phobos]

On Sat, Dec 29, 2007 at 11:07:39AM +0100, [EMAIL PROTECTED] wrote 0.3K bytes in 
15 lines about:
: Is there a way to exit them all 3 at once with only 1 click ?

They are three separate programs.  Therefore, three separate clicks are
needed.  Someday in the future we may tie them all together.

-- 
Andrew

virtues of middlemen

[Eugen Leitl]

The Tor network so far is largely seen only as an anonymizing
layer, to access the "real" Internet.

However, it is fully capable of becoming a real Darknet, 
provided hidden services achieve a critical mass, and there
will be a search engine indexing the lot, preferrably a
distributed one.

All of this, of course, assuming the network would scale
to millions of nodes.

-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Exit from Tor, Pivoxy and Vidalia with one click possible ?

[Ben Stover]

When I start Tor, then 3 icons appear in the SysTray of WinXP:

1 for Tor
1 for Pivoxy
1 for Vidalia

If I want to exit all 3 programs I have to exit them all 3 individually, one 
after the other:

Is there a way to exit them all 3 at once with only 1 click ?

Ben

Re: Can Tor run WITHOUT Pivoxy ?

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I tend to use polipo on my machines (physical and virtual), which act as
clients. Polipo's optimized support for HTTP 1.1's nifty features are
just utter win. =:oD

If polipo is as fast as a car, by comparison, Privoxy looks like
molasses being poured after idling in a snowbank for eight hours at the
South Pole.

(Well, maybe that's exaggerating a bit. But like the Gecko says, "You
get my point." =:oD )

"Kitsune," on the other hand, has no proxy at all - and its SocksPort is
set to zero. No sense in wasting resources on that old dinosaur... =:oD

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdhLAbgkxCAzYBCMRCDCdAJ4s8pUTUjeLggmPCTVJ3kVW7SqWsgCghjhB
NEJw1UXwy0fKcOpy168KjUY=
=Q5o8
-END PGP SIGNATURE-

Re: Your computer is too slow to handle this many creation requests!

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

morphium wrote:
(snip)
> Yes, I wanted to use a Server with GBit-Link dedicated for tor.
> (When) will multi-cpu-support be implemented? (So that I could provide
> at least 320 MBit instead of 80).
(snip)

I think if you want to do that amount of processing, a Tor server
"family" may be in order... you can spread it over multiple machines.

You'd have to be sure to put the server handles in the "MyFamily" area
of their torrc's; that way it would be declared as a server group
operated by a single admin, and not throw up a ton of red flags at the
directory authorities...

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdhB8bgkxCAzYBCMRCLOYAJ0W3vDtANLCLlwenl/Oay2uK5FNXQCfaZ+J
qcNa8s9nfbvk0w2CY5nVNwk=
=CjJU
-END PGP SIGNATURE-

Re: Testing bridge capabilities

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Andrew Del Vecchio wrote:
> How do I go about
> testing my functionality? Also, if I can't use 443, are there other
> typically not blocked ports that it would be worth using?

AFAIK, Cox doesn't block port 443 - at least not here. I have "kitsune"
listening on 443 (via redirect, of course).

As far as testing ports (assuming all you want to know is if it's
open)... other than having other users Telnet to you, I've used "Shields
Up" to see if its listening:
http://grc.com

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdg33bgkxCAzYBCMRCK7LAJ96XI1bmJJq7f58rbwzDAmO4SrCtwCfXHGT
QP2KZGrqdGflZgqN7fxewmI=
=nsyh
-END PGP SIGNATURE-

Re: Your computer is too slow to handle this many creation requests!

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Olaf Selke wrote:
> morphium wrote:
>> Tor is only using about 80 MBits, so that aren't even 10% of the Bandwith I
>> want to give for tor.
> 
> eeh? Wanna give Tor 800 MBits/s?
(snip)

800 *MEGA*bits a second? Holy Jeebus...

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHdgyBbgkxCAzYBCMRCOI3AJ9254Lu9qbF08NLh/wWlcrcrvVEpQCcCTSr
rSkI/mC0TENumCzXH1HqWTs=
=HSvH
-END PGP SIGNATURE-