Binding Tor to Pseudo-Interface
I've been running a Tor exit node on and off for awhile now and my biggest problem has always been bandwidth limiting. I finally installed a firmware on my router with relatively advanced QoS on. It works pretty well most of the time, but to optimize it, I need to be able to isolate *all* Tor traffic. Because I use the same computer for other purposes, I can't just deprioritize its traffic, so I created a pseudo-interface for the QoS to filter on. My remaining problem is that while Tor listens and responds to other Tor clients via this pseudo-interface (and hence different IP) it still fetches information as an exit node from the non-pseudo-interface, making it much more difficult to filter (I don't want to deprioritize *my* web-browsing as well!). Is there a way to bind Tor so that it *only* uses the pseudo-interface? -madjon
Re: Binding Tor to Pseudo-Interface
Jonathan Addington wrote: [...] > My remaining problem is that while Tor listens and responds to other > Tor clients via this pseudo-interface (and hence different IP) it > still fetches information as an exit node from the > non-pseudo-interface, making it much more difficult to filter (I don't > want to deprioritize *my* web-browsing as well!). > > Is there a way to bind Tor so that it *only* uses the pseudo-interface? Maybe this works: OutboundBindAddress ip.of.pseudo.interface
Re: Tor relay shutted down by ISP
Tom Hek wrote: > This morning is a friend of mine also was disconnected from the internet > because XS4ALL thinks there is a Trojan running on his system. He also > runs Tor on his system.. I'll keep you guys posted. This also happened to me and at least one other person. In my case it was because of trojan activity on IRC. I was using the default Tor exit policy at that time, which, as it turns out, isn't restrictive enough. XS4ALL told me that it's OK to run a non-exit node, which I'm running now. There's a number of other non-exit nodes in XS4LL IP space, including the node of one of the XS4ALL founders, so running a non-exit node seems to be fine.
Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > This also happened to me and at least one other person. In my case it > was because of trojan activity on IRC. I was using the default Tor exit > policy at that time, which, as it turns out, isn't restrictive enough. > XS4ALL told me that it's OK to run a non-exit node, which I'm running > now. There's a number of other non-exit nodes in XS4LL IP space, > including the node of one of the XS4ALL founders, so running a non-exit > node seems to be fine. Yep, I'm going to run a non-exit node too.. But I really want to run an exit node and I really don't like it that XS4ALL is filtering me because of that.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfAuZQACgkQStmJ9+mkUHOLxgCeN+qGK8bQcks2D6UeSc7/JlD+ iocAmgPEErvneSB7FW2GQtbCFZWkDr5X =iIpf -END PGP SIGNATURE-
Re: Maybe Firfox isn't the best choice for privacy?
Thus spake misc ([EMAIL PROTECTED]): > On Fri, 15 Feb 2008 13:38:58 -0800, Mike Perry wrote: > > > Thus spake kazaam ([EMAIL PROTECTED]): > > > > A few comments on this. First off, the fact that window sizes factor > > into a hash means as soon as you resize your window 1 pixel, they get > > a completely new identifier, uncorrelated to the previous one. So this > > is a trivial identifier to modify on your own if you are aware of it, > > or even to change accidentally. > > > > But otherwise, I agree it is pretty interesting work, and Torbutton > > 1.1.14 will address many of these items, including a couple of modes > > of operation for masking window size, and protection against revealing > > extension installation during Tor. The ability to use chome urls to > > determine true user agent, extension presence, and platform > > information was brought to our attention courtesy of Gregory > > Fleischer about a month ago. Unfortunately, fixes for his issues and > > the window size spoofing code didn't make it into the 1.1.13 release > > because of the more serious javascript and plugin issues recently > > descovered in Firefox that that release had to work around. > > What about NoScript extension? Will that prevent gathering information > about installed plugins and other settings? Not to my knowledge. Adblock Plus has support to hide extension presence, but I believe extensions have to programmatically request it from an Adblock service. Torbutton 1.1.14 should be out early next week, and will address these issues. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp0JkzTjPiB0.pgp Description: PGP signature
Re: Tor relay shutted down by ISP
Tom Hek wrote: >> This also happened to me and at least one other person. In my case it >> was because of trojan activity on IRC. I was using the default Tor exit >> policy at that time, which, as it turns out, isn't restrictive enough. >> XS4ALL told me that it's OK to run a non-exit node, which I'm running >> now. There's a number of other non-exit nodes in XS4LL IP space, >> including the node of one of the XS4ALL founders, so running a non-exit >> node seems to be fine. > > Yep, I'm going to run a non-exit node too.. But I really want to run an > exit node and I really don't like it that XS4ALL is filtering me because > of that.. > They aren't filtering Tor exit nodes, but they check for bad traffic coming from their IP space (spam, trojans, viruses, cracking, ...). With a Tor exit node, that will happen sooner or later.
Re: Binding Tor to Pseudo-Interface
That did it, thanks much! Obviously I need to do a better job of R(ing)TFM. My apologies. One more problem (at least at the moment), my three roommates are getting the Google spyware/virus page. This isn't making them happy for some strange reason. I would really lie to continue to have an exit node that supports port 80. Is there anyway around this? None of them are using Tor... -madjon On Sat, Feb 23, 2008 at 5:47 PM, Arjan <[EMAIL PROTECTED]> wrote: > Jonathan Addington wrote: > [...] > > > My remaining problem is that while Tor listens and responds to other > > Tor clients via this pseudo-interface (and hence different IP) it > > still fetches information as an exit node from the > > non-pseudo-interface, making it much more difficult to filter (I don't > > want to deprioritize *my* web-browsing as well!). > > > > Is there a way to bind Tor so that it *only* uses the pseudo-interface? > > > Maybe this works: > > OutboundBindAddress ip.of.pseudo.interface > -- [EMAIL PROTECTED] http://reachtj.blogspot.com
Re: Binding Tor to Pseudo-Interface
On Sat, Feb 23, 2008 at 07:29:18PM -0600, Jonathan Addington wrote: > One more problem (at least at the moment), my three roommates are > getting the Google spyware/virus page. This isn't making them happy > for some strange reason. I would really lie to continue to have an > exit node that supports port 80. Is there anyway around this? None of > them are using Tor... One approach would be to add a line reject 64.233.189.0/24:80 to your exit policy. Then you allow port 80 for most destinations but not for some of the Google services. It's not quite the ideal solution, but it's not a bad one. --Roger
