PSI patch anti dns-leaking

[Noiano]

Hello everybody
some time ago I submitted a request through the psi flyspry bug tracking
system asking the devs to resolve the dns-leaking problem. Since the
devs seems not to have decided when to fix this bug a good gui, hannes,
has developed a patch that acts as a workaround for the problem. You can
download the patch from here
http://www.opendylan.org/~hannes/XXX/psi-socks-no-dns-leaking.diff . In
tor logs you won't see any message saying tor has been given an host to
resolve but I tested myself the patch sniffing the traffic by wireshark
and I found no dns request.

Noiano




signature.asc
Description: OpenPGP digital signature

Re: PSI patch anti dns-leaking

[Ringo Kamens]

Thanks for that, I've been looking for something like this. If it isn't
there already, put it on the Tor wiki hosted on noreply.org
there are so many dawns which have yet to break,
Comrade Ringo Kamens
Armed Division, 35th Parallel

On Sun, Feb 24, 2008 at 4:11 AM, Noiano <[EMAIL PROTECTED]> wrote:

> Hello everybody
> some time ago I submitted a request through the psi flyspry bug tracking
> system asking the devs to resolve the dns-leaking problem. Since the
> devs seems not to have decided when to fix this bug a good gui, hannes,
> has developed a patch that acts as a workaround for the problem. You can
> download the patch from here
> http://www.opendylan.org/~hannes/XXX/psi-socks-no-dns-leaking.diff.
>  In
> tor logs you won't see any message saying tor has been given an host to
> resolve but I tested myself the patch sniffing the traffic by wireshark
> and I found no dns request.
>
> Noiano
>
>
>

tor memory leak under Ubuntu 6.06

[Dietrich Schmidt]

On my internet server, tor has a memory leak.
If I start tor, it requires 10 megabyte:

top - 19:13:12 up  1:24,  2 users,  load average: 0.07, 0.04, 0.00
 PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
29872 debian-t  15   0 20784  10m 4372 S1  0.5   0:02.68 tor

After 16 hours of operation, it requires 94 megabyte:

 top - 09:58:15 up 16:09,  1 user,  load average: 0.07, 0.05, 0.00
 PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
21569 debian-t  16   0  107m  94m 5376 S2  4.7  30:22.60 tor

My server is running Ubuntu 6.06, and I have these versions installed:

http://mirror.noreply.org dapper/main tsocks
1.8beta5-2~~weasel-ubuntu.1 
http://mirror.noreply.org dapper/main tor 0.1.2.19-1~dapper+1 [959kB]

Does anyone experience similar problems?

What further information is required to solve this?

Dietrich

-- 
Dietrich Schmidt
Klenzestr. 44
80469 München
PGP Schlüssel 0x1DC8DEA2


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Re: tor memory leak under Ubuntu 6.06

[Ringo Kamens]

I've used tor on 6.06 desktop and never experienced this, or at least I've
never had it get to the point where the impact on my machine was noticeable.
Hmm...
Comrade Ringo Kamens

On Sun, Feb 24, 2008 at 4:34 AM, Dietrich Schmidt <
[EMAIL PROTECTED]> wrote:

> On my internet server, tor has a memory leak.
> If I start tor, it requires 10 megabyte:
>
> top - 19:13:12 up  1:24,  2 users,  load average: 0.07, 0.04, 0.00
>  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 29872 debian-t  15   0 20784  10m 4372 S1  0.5   0:02.68 tor
>
> After 16 hours of operation, it requires 94 megabyte:
>
>  top - 09:58:15 up 16:09,  1 user,  load average: 0.07, 0.05, 0.00
>  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 21569 debian-t  16   0  107m  94m 5376 S2  4.7  30:22.60 tor
>
> My server is running Ubuntu 6.06, and I have these versions installed:
>
> http://mirror.noreply.org dapper/main tsocks
> 1.8beta5-2~~weasel-ubuntu.1
> http://mirror.noreply.org dapper/main tor 0.1.2.19-1~dapper+1 [959kB]
>
> Does anyone experience similar problems?
>
> What further information is required to solve this?
>
> Dietrich
>
> --
> Dietrich Schmidt
> Klenzestr. 44
> 80469 München
> PGP Schlüssel 0x1DC8DEA2
>

Re: tor memory leak under Ubuntu 6.06

[Dietrich Schmidt]

I forgot to mention, that my internet server is running
as a middle-node.

Am Sonntag, den 24.02.2008, 10:34 +0100 schrieb Dietrich Schmidt:
> On my internet server, tor has a memory leak.
> If I start tor, it requires 10 megabyte:
> 
> top - 19:13:12 up  1:24,  2 users,  load average: 0.07, 0.04, 0.00
>  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 29872 debian-t  15   0 20784  10m 4372 S1  0.5   0:02.68 tor
> 
> After 16 hours of operation, it requires 94 megabyte:
> 
>  top - 09:58:15 up 16:09,  1 user,  load average: 0.07, 0.05, 0.00
>  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 21569 debian-t  16   0  107m  94m 5376 S2  4.7  30:22.60 tor
> 
> My server is running Ubuntu 6.06, and I have these versions installed:
> 
> http://mirror.noreply.org dapper/main tsocks
> 1.8beta5-2~~weasel-ubuntu.1 
> http://mirror.noreply.org dapper/main tor 0.1.2.19-1~dapper+1 [959kB]
> 
> Does anyone experience similar problems?
> 
> What further information is required to solve this?
> 
> Dietrich
> 
-- 
Dipl. Math. Dietrich Schmidt
Klenzestr. 44
80469 München
PGP Schlüssel 0x1DC8DEA2


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Re: tor memory leak under Ubuntu 6.06

[Dominik Schaefer]

Andrew wrote:
While I'm not an expert at any of this, I would think that ~100MB might 
very well be a reasonable size for a somewhat fast tor node. How do these

figures compare to others running on Ubuntu?

My two relay nodes on Debian Etch (about 200k and 300k bandwidth) consume
about 200MB (250MB VSS) and 290MB (330 MB VSS). So, yes, without additional
information e.g. about the changes over time the 100 MB can be perfectly
normal behaviour. That the memory utilisation increases from startup values
significantly is expected as tor doesn't have to keep track of many
connections directly after startup. (And if tor consumes more and more memory
over a longer time it may be due to memory fragmentation or increased number
of connections.)

Regards,
Dominik

Re: tor memory leak under Ubuntu 6.06

[Błażej Zimnak]

On Sun, Feb 24, 2008 at 2:56 PM, Andrew <[EMAIL PROTECTED]> wrote:

> Dietrich Schmidt schrieb:
> > I forgot to mention, that my internet server is running
> > as a middle-node.
>

[...]


> While I'm not an expert at any of this, I would think that ~100MB might
> very well be a reasonable size for a somewhat fast tor node.
> How do these figures compare to others running on Ubuntu?
>


It looks fine. I've got 220MB on ubuntu (7.04) with tor 0.1.2.17 working as
a middle-man as well, with avg. transfers about 3M.

syncro

Re: tor memory leak under Ubuntu 6.06

[Andrew]

Dietrich Schmidt schrieb:

I forgot to mention, that my internet server is running
as a middle-node.

Am Sonntag, den 24.02.2008, 10:34 +0100 schrieb Dietrich Schmidt:
  

On my internet server, tor has a memory leak.
If I start tor, it requires 10 megabyte:

top - 19:13:12 up  1:24,  2 users,  load average: 0.07, 0.04, 0.00
 PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
29872 debian-t  15   0 20784  10m 4372 S1  0.5   0:02.68 tor

After 16 hours of operation, it requires 94 megabyte:

 top - 09:58:15 up 16:09,  1 user,  load average: 0.07, 0.05, 0.00
 PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
21569 debian-t  16   0  107m  94m 5376 S2  4.7  30:22.60 tor

My server is running Ubuntu 6.06, and I have these versions installed:

http://mirror.noreply.org dapper/main tsocks
1.8beta5-2~~weasel-ubuntu.1 
http://mirror.noreply.org dapper/main tor 0.1.2.19-1~dapper+1 [959kB]


Does anyone experience similar problems?

What further information is required to solve this?

Dietrich

While I'm not an expert at any of this, I would think that ~100MB might 
very well be a reasonable size for a somewhat fast tor node.

How do these figures compare to others running on Ubuntu?

Andrew

RE: some small questions

[Caner Bulut]

Hi All,

I am a new member of this group. And i have some small questions.

Can use any hacker the tor network to be invisible?. 
If a joined this network, how i protect myself from them?. 

Please help me know this issue deeply.

Regards.

Re: tor memory leak under Ubuntu 6.06

[Alec Berryman]

Andrew on 2008-02-24 15:56:43 +0100:

> While I'm not an expert at any of this, I would think that ~100MB might
> very well be a reasonable size for a somewhat fast tor node.
> How do these figures compare to others running on Ubuntu?

I saw ~100MB RAM usage on a Debian middle node; it starts out small, but
once it's up and accepting traffic quickly ramps up the memory usage and
stays at about that level.

RE: some small questions

[Dietrich Schmidt]

Hi,

I am also a new member of this group, and I try to answer
your question:

tor is about using the internet anonymously.

So yes, anyone, including hackers, can use tor to stay anonymously.

You have to protect yourself agains hackers anyway - if they use
tor or not.

regards
Dietrich

Am Sonntag, den 24.02.2008, 17:19 +0200 schrieb Caner Bulut:
> Hi All,
> 
> I am a new member of this group. And i have some small questions.
> 
> Can use any hacker the tor network to be invisible?. 
> If a joined this network, how i protect myself from them?. 
> 
> Please help me know this issue deeply.
> 
> Regards.
> 
> 

Re: tor memory leak under Ubuntu 6.06

[Dietrich Schmidt]

Am Sonntag, den 24.02.2008, 16:09 +0100 schrieb Dominik Schaefer:
> Andrew wrote:
> > While I'm not an expert at any of this, I would think that ~100MB might 
> > very well be a reasonable size for a somewhat fast tor node. How do these
> > figures compare to others running on Ubuntu?
> My two relay nodes on Debian Etch (about 200k and 300k bandwidth) consume
> about 200MB (250MB VSS) and 290MB (330 MB VSS). So, yes, without additional
> information e.g. about the changes over time the 100 MB can be perfectly
> normal behaviour. That the memory utilisation increases from startup values
> significantly is expected as tor doesn't have to keep track of many
> connections directly after startup. (And if tor consumes more and more memory
> over a longer time it may be due to memory fragmentation or increased number
> of connections.)
> 
> Regards,
> Dominik

Thanks for all the answers.

I was assuming that tors memory footage was linearily 
increasing since startup, therfore I used the term "memory leak".

This might prove to be wrong - so I will watch tors memory 
requirements on the server for a longer period and post the results.

However, it looks like tor requires an significat 
amount of memory.

My (rented) server has a guaranteed amount of 128 MB RAM,
and I am running apache webserver with ssl and php, postfix mail, 
cyrus imaps and ldaps on it.

I hope the server will prove to run stable with these
application together with tor.

Regards,
Dietrich

Re: Your computer is too slow to handle this many creation requests!

[Olaf Selke]

I wrote:
>
All 
the nifty features introduced since  0.2.0.15 at least don't seem to 
speed up the application.


it looks like I was wrong. Apparently it has been a change 
in my exit policy slowing down tor. After rejecting the well 
known filesharing ports tor became fast again.


Olaf

Re: tor memory leak under Ubuntu 6.06

[Olaf Selke]

Dietrich Schmidt wrote:

On my internet server, tor has a memory leak.


hi,

There's a problem with memory fragmentation under glibc 
malloc().

https://bugs.torproject.org/flyspray/index.php?do=details&id=468&area=comments

The Openbsd malloc() function solved this issue from my 
point of view. On anonymizer.blutmagie.de the Tor process 
doesn't grow above 500MB any more.


Olaf

Re: Tor relay shutted down by ISP

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

M wrote:
(snip)
> One of my friend works at national isp, he warned me in advance that
> they may cut off my adsl connection if I don't "fix" Tor (filter out
> abusive traffic which is impossible or make it middle-man only).
(snip)

While this is the pits, it's better to go middleman than to shut down
completely. =:o)

(Sorry, I'm a compulsive silver-lining-seeker =xoD )

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR8IF/ej8TXmm2ggwAQgf1RAAi31Rn086FTSC1N3tJJK28jrvgyMU6Fdh
Avl6sxM4q3pmLv7dLcNxYjXaBNKWxrimfL8KSbuOFbKZ73pER+I7mXbnJ7oQ7pGs
d/OZJOylF5rtXpqjFS2Dfp+LgesTY1a0s8hrJMbLIb4MTSQtn0Ubm9Hqm9VynKNa
jRsKzH271fjRRMp9ChkijQYRl6ExhJ2Ro9OP9rfdX3u0He9+GQBL/yTMzP1pPM6+
X7Am05t6dbt1hZEARLlMUguWaSLesPSpmQ1VunZgwwZ/tv1jcnL426rIUqZLeoyP
0fEFgSFuIsmwITV+MmGzgPbMsn1K8CzFsX0beulQ6+HYlJOLYy5Py/pjUXK9H+qJ
o2wHjRNybCDJKlt6e12A+9IE8HW1GZqXu186E/uM10HgMtIUPy+AU0sFDJIrNBC5
zfiIWfQaGcG7B++lM/jVUwTEFeBVz11TeVd8z7SOZ8b/GrxR6o4K4UaxEZgm11nx
wL3g4ELJ+LYjF6V59c0UM7RUm6DbgaFI0XFDFhVS51lQB+XrzgTwgD0dGA9S5xSk
uOkMb6bj2jnCklYNHh+Kd9ywqEuE1HtHtM3Pz6EIkT2TcN6aGls9z/jvGtyGgI6N
z5A3AJfRlXzB1ZRhc3ffZdfANs5Hwprv9Fu4B8miOIwif2JxHR/h7ujSfconFXoP
4iJSYTjJ+tY=
=bHRI
-END PGP SIGNATURE-

Re: some small questions

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dietrich Schmidt wrote:
(snip)
> So yes, anyone, including hackers, can use tor to stay anonymously.
> 
> You have to protect yourself agains hackers anyway - if they use
> tor or not.
(snip)

@ smiles @

Hackers built Tor - and pretty much everything at the heart of the
Internet. =;o)

I believe you mean "bad" or malicious hackers by your statement - the
kind that break the law and end up in the news. Such persons are often
referred to as "crackers" or "black-hats."

Just know that not all hackers are bad; in fact, the whole goal for most
hackers is creation, not destruction.

"Genesis was perfectly named: The creation of life - not death."
- - Sarek, Star Trek IV.

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR8IJCej8TXmm2ggwAQhAZRAAgW7UulNDQbVhb+7HW0cnr3WKKAylO/rn
mMTqa8tPFmwvKUiuVnlsNB0PGFlb5IjiA5ZMMtdG3dPYcQ4Z0r3RyyLD1xMrDK/v
+tZdO/vy1qhbG/+bRYMcbHU4ULxmEsy+Kq0h6NDMwY4nXvLXhlafKRO9K29WSvV2
887/lVfznIx9OaQ1doEs0LUOWla/MGRZkf3J+ygbbTFDXZ2vnhJZ95+oesmxpy28
WwgBMjF0TtdAdS2AHKc2RLixMDa5JLN7XweGyfylK3z4sTIrVQOy8Zp+sKvskBIW
+3DRPDhVfxeqSnvvKAD9Kjb7sgl4ZK9+gnhjYn5/q/NMPpAMSmiVh7/pEVJniACT
SEkWb8EoZQ9Q7Gy0mdo7shjFE0KNWkvq/3f+zMu8RTG/qS2bQ/zA8J6iIHuqMZjB
jD0krrrvqAZX60Qx1u+qo9N4gvCHR54qW32x7tl1Wo1SbCwt9C5b4oArZgBidC6k
vNcM4dXXgvO5qJg/bubTCUoyHxjibv7lHTqoNg04M0sRcXo6K9/1Q788VDakwhkl
Rn/AIuIQjjzwqm+6VLwFtgnRVyQlh9ZabfQ2A9ARwh6XFxdO4LwAhcDxZvRa03aC
lFeVOe3T6yawmywWc1nle1y3tc2kobtg11mMCFrx2J+PyNRje6FUl89+rxfdYC6B
QWUR/hF/cfw=
=YDEX
-END PGP SIGNATURE-

Won't connect

[Chris Macdonald]

Every time I turn on the tor in the status bar nothing will connect it
just says the proxy is refusing connections.

Re: Won't connect

[Chris Palmer]

Chris Macdonald writes:

> Every time I turn on the tor in the status bar nothing will connect it
> just says the proxy is refusing connections.

http://catb.org/~esr/faqs/smart-questions.html

Torbutton 1.1.14-alpha released

[Mike Perry]

Torbutton 1.1.14-alpha has been released at
https://torbutton.torproject.org/dev/. 

This release primarily features several mechanisms to mitigate browser
fingerprinting. This includes chrome/extension presence disclosure,
resolution information, Tor port probing, and user agent and locale
spoofing fixes.

Here is the complete ChangeLog for 1.1.14:

  * bugfix: set general.useragent.locale if user wants to spoof an English
browser. This handles navigator.locale
  * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  * bug 580: Resize preferences window to fit in 640x480 displays
  * new: Spoof window.screen to mask desktop resolution and resize the
browser to multiples of 50px while tor is enabled.
  * new: Block content window access to chrome urls if Tor is enabled,
and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for
reporting the chrome disclosure issues
  * new: Added option to close all opened tabs on a Tor toggle. Useful
for general convenience and also as a backup protection against
Bug 409737.
  * new: Add Tor ports to the list of banned ports for Firefox. Should
prevent http-ping based fingerprinting attacks.
  * new: Finally add support for automatic updates.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpJV8jUqfMaP.pgp
Description: PGP signature

Re: Torbutton 1.1.14-alpha released

[defcon]

nice additions, thankyou mike for doing such great work, I have an idea for
you, maybe in the future you could implement a tor-control option like
vidalia as an extention; with of course basic functionality like the " new
identity" option to switch up the tor nodes.  Right now Firefox 3
compatibility will be my favorite addition :)
Thanks,
defcon

On Sun, Feb 24, 2008 at 8:33 PM, Mike Perry <[EMAIL PROTECTED]> wrote:

> Torbutton 1.1.14-alpha has been released at
> https://torbutton.torproject.org/dev/.
>
> This release primarily features several mechanisms to mitigate browser
> fingerprinting. This includes chrome/extension presence disclosure,
> resolution information, Tor port probing, and user agent and locale
> spoofing fixes.
>
> Here is the complete ChangeLog for 1.1.14:
>
>  * bugfix: set general.useragent.locale if user wants to spoof an English
>browser. This handles navigator.locale
>  * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
>  * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
>  * bug 580: Resize preferences window to fit in 640x480 displays
>  * new: Spoof window.screen to mask desktop resolution and resize the
>browser to multiples of 50px while tor is enabled.
>  * new: Block content window access to chrome urls if Tor is enabled,
>and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for
>reporting the chrome disclosure issues
>  * new: Added option to close all opened tabs on a Tor toggle. Useful
>for general convenience and also as a backup protection against
>Bug 409737.
>  * new: Add Tor ports to the list of banned ports for Firefox. Should
>prevent http-ping based fingerprinting attacks.
>  * new: Finally add support for automatic updates.
>
>
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
>