tor controller hangs / doesn't reply
Hello All I use the TorExample.py with slight modification to suit my purpose to access the tor control service. However I see it hang often and there is no response from the tor control service. I am not sure what could possibly be the problem . Its quite non-deterministic . There is no fixed pattern or occurrences which cause the server to stop responding. However the situation corresponds to no data being transferred through a TCP stream using the Tor circuit to which it is assigned. A 'wget' session which uses Tor to perform the download shows no throughput in the throughput indicator. Thanks Sambuddho
DNS statistics from node operators
Hi, I'm looking into some simple DNS related statistics in the Tor network. Specifically, I wrote a small patch that tells an operator the total number of cached entries for their node. I'd like to know about your DNS cache size, especially if you run a fast node! Here's an example of this feature in use with my node 'badbits', a node that averages about 20-30Mb/s. I'm running a very alpha version where Nick merged my DNS cache counting patch: r...@badbits:~# tor --version Jun 02 17:15:22.293 [notice] Tor v0.2.2.0-alpha-dev. This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Tor version 0.2.2.0-alpha-dev. r...@badbits:~# pkill -SIGUSR1 tor r...@badbits:~# grep -i dns /var/log/tor/notices.log Jun 02 17:14:33.597 [notice] Our DNS cache has 3486 entries. Jun 02 17:14:33.597 [notice] Our DNS cache size is approximately 1108920 bytes. Best, Jacob
Re: Banners injected in web pages at exit nodes TRHCourtney*
Hello, Roger! You wrote to or-talk@freehaven.net on Tue, 2 Jun 2009 11:44:03 -0400: >> Just stumbled upon a banner injected in html at tor exit node. >> Nodes in question: >> >> router TRHCourtney01 94.76.246.74 443 0 9030 > > Exciting. Peter and I just added these nodes to the badexit list. That > means clients should start learning that in the next several hours. Cool, thanks. And many thanks for all your work on tor. Alexander Cherepanov
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, Jun 02, 2009 at 02:52:18PM +0400, Alexander Cherepanov wrote: > Just stumbled upon a banner injected in html at tor exit node. > Nodes in question: > > router TRHCourtney01 94.76.246.74 443 0 9030 Exciting. Peter and I just added these nodes to the badexit list. That means clients should start learning that in the next several hours. Thanks for pointing it out. > Some more concerns. Page http://courtney.nullroute.net/ contains: > > WARNING: The TOR Exit Node must *not* be used for illegal means. > Connection and session logs are kept and *will* be forwarded onto > the police in the event of an abuse report Oh. I was going to suggest mailing him/her to ask if the injection was a mistake. (We've had plenty of people sign up as Tor relays and not realize that their local traffic "protection" tools will affect their Tor traffic too.) But this page makes it pretty clear that they meant to do it. Bleah. --Roger
Re: Banners injected in web pages at exit nodes TRHCourtney*
Hello, Freemor! You wrote to or-talk@freehaven.net on Tue, 2 Jun 2009 08:52:10 -0300: > Thanks for the heads up.. I wasn't getting the injected banners on the > link you provided It seems to be an error in an html injecter on exit node or something. In several tests using curl I got the banner injected proxying through privoxy (enabled or disabled) but got no banner going directly through tor. Weird. Alexander Cherepanov
Re: Banners injected in web pages at exit nodes TRHCourtney*
> Strange the the provided link didn't have injection... Adaptation on > the nodes part? A few minutes ago I tried http://www.torproject.org.TRHCourtney01.exit/ and got a banner ad. Maybe they do it on a sporadic basis?
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, Jun 2, 2009 at 2:20 PM, Freemor wrote: > On Tue, 2 Jun 2009 05:36:43 -0600 > John Brooks wrote: > >> Seems like an odd place to look for a paycheck. >> > Might be worse then that.. at least for improperly configures clients.. -8<- > When I Followed > http://courtney.nullroute.net/openx-2.8.1/www/delivery/spcjs.php?id=1 > it had an interesting bit bit of code which linked to: > http://courtney.nullroute.net/openx-2.8.1/www/delivery/fl.js > Which tries to load up SWF objects.. Added to that, http://www.openx.org/ seems to be an advertisement system of some sorts. Seems odd to want to make a buck out of running a tor node, at least one using the public directory. Greetings! -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you.
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, 2 Jun 2009 05:36:43 -0600 John Brooks wrote: > Definitely abusive. Fortunately, because of how nearby most of the IPs > are, Tor will treat them as family even if the operator neglected to, > so it doesn't pose a risk to anonymity (other than the one outlying > node, but even then it's a maximum of two), but this definitely looks > like a badexit situation. > > Honestly, why does somebody run a tor node if they keep > connection/session logs? Seems like an odd place to look for a > paycheck. > > - John Brooks > Might be worse then that.. at least for improperly configures clients.. there deos seem to be javascript injection: http://courtney.nullroute.net/2lol.gif"; style="display:none"> body { margin: 0 0 0 0 !important; } #Banner2 { width:728px; height:90px; } #textme { font-family:arial; color:#333; font-size:11px; } When I Followed http://courtney.nullroute.net/openx-2.8.1/www/delivery/spcjs.php?id=1 it had an interesting bit bit of code which linked to: http://courtney.nullroute.net/openx-2.8.1/www/delivery/fl.js Which tries to load up SWF objects.. Haven't picked it all apart yet (still no coffee) but I'm guessing it's either decloaking attempts or exploit attempts. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Banners injected in web pages at exit nodes TRHCourtney*
Definitely abusive. Fortunately, because of how nearby most of the IPs are, Tor will treat them as family even if the operator neglected to, so it doesn't pose a risk to anonymity (other than the one outlying node, but even then it's a maximum of two), but this definitely looks like a badexit situation. Honestly, why does somebody run a tor node if they keep connection/session logs? Seems like an odd place to look for a paycheck. - John Brooks On Tue, Jun 2, 2009 at 4:52 AM, Alexander Cherepanov wrote: > Hello! > > Just stumbled upon a banner injected in html at tor exit node. > Nodes in question: > > router TRHCourtney01 94.76.246.74 443 0 9030 > router TRHCourtney02 94.76.247.136 443 0 9030 > router TRHCourtney03 94.76.247.137 443 0 9030 > router TRHCourtney04 94.76.247.138 443 0 9030 > router TRHCourtney05 94.76.247.139 443 0 9030 > router TRHCourtney06 94.76.247.140 443 0 9030 > router TRHCourtney07 94.76.247.141 443 0 9030 > router TRHCourtney08 94.76.247.142 443 0 9030 > router TRHCourtney09 94.76.247.143 443 0 9030 > router TRHCourtney10 92.48.84.113 443 0 9030 > contact Courtney TRH > > All of them inject a piece of html at end of web pages. Text under > banner reads: > > Courtney TOR/VPN & Wifi Exit Node :: Usage subject to Terms and > Conditions/Acceptable Use Policy :: Want to advertise here? Contact > us > > Check for yourself: http://www.torproject.org.TRHCourtney01.exit/ . > > Some more concerns. Page http://courtney.nullroute.net/ contains: > > WARNING: The TOR Exit Node must *not* be used for illegal means. > Connection and session logs are kept and *will* be forwarded onto > the police in the event of an abuse report > > There is no family set for these nodes in descriptors. > > Port 110 (POP3) accepted in exit policy but not port 995 (POP3/SSL). > > Just to let you know. > > Alexander Cherepanov > >
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, 02 Jun 2009 "Freemor" wrote: Some rather silly stuff.. Appoligies for the proceeding post.. Certificate is correct.. The .trhcourtney01.exit/ Was throwing the browser into complaining that the certificate didn't match. I really must learn not to post before having my morning coffee. I've tried a couple of other sites now and there definitely is banner injection going on... looking into the html source now to see if there are other exploits. Strange the the provided link didn't have injection... Adaptation on the nodes part? -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, 02 Jun 2009 14:52:18 +0400 "Alexander Cherepanov" wrote: > Hello! > > Just stumbled upon a banner injected in html at tor exit node. > Nodes in question: > Thanks for the heads up.. I wasn't getting the injected banners on the link you provided but when I tried: https://torcheck.xenobite.eu.trhcourtney01.exit/ I got an invalid certificate error.. Definitely man-in-the-middle stuff going on here.. Certificate I received for the above belonged to: Issued to Common Name (CN)*.krauscomputer.de Organization (O)Manuel Kraus Organizational Unit (OU)StartCom Verified Certificate Member Serial Number 00:de Issued By Common Name (CN)StartCom Class 2 Primary Intermediate Server CA Organization (O)StartCom Ltd. Organizational Unit (OU)Secure Digital Certificate Signing Validity Issued On 08-06-25 Expires On 09-06-25 SHA1 Fingerprint 6a:cd:f2:9d:32:4d:c8:c6:af:d9:27:42:09:e2:62:57:49:c8:d0:1e MD5 Fingerprint B1:11:1f:5e:f8:47:38:d4:08:06:28:66:db:91:cf:7f Needless to say this is not the correct certificate. This is a very unfriendly exit node. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Banners injected in web pages at exit nodes TRHCourtney*
Hello! Just stumbled upon a banner injected in html at tor exit node. Nodes in question: router TRHCourtney01 94.76.246.74 443 0 9030 router TRHCourtney02 94.76.247.136 443 0 9030 router TRHCourtney03 94.76.247.137 443 0 9030 router TRHCourtney04 94.76.247.138 443 0 9030 router TRHCourtney05 94.76.247.139 443 0 9030 router TRHCourtney06 94.76.247.140 443 0 9030 router TRHCourtney07 94.76.247.141 443 0 9030 router TRHCourtney08 94.76.247.142 443 0 9030 router TRHCourtney09 94.76.247.143 443 0 9030 router TRHCourtney10 92.48.84.113 443 0 9030 contact Courtney TRH All of them inject a piece of html at end of web pages. Text under banner reads: Courtney TOR/VPN & Wifi Exit Node :: Usage subject to Terms and Conditions/Acceptable Use Policy :: Want to advertise here? Contact us Check for yourself: http://www.torproject.org.TRHCourtney01.exit/ . Some more concerns. Page http://courtney.nullroute.net/ contains: WARNING: The TOR Exit Node must *not* be used for illegal means. Connection and session logs are kept and *will* be forwarded onto the police in the event of an abuse report There is no family set for these nodes in descriptors. Port 110 (POP3) accepted in exit policy but not port 995 (POP3/SSL). Just to let you know. Alexander Cherepanov