Re: Problem bootstrapping. Stuck at 5%
Hi. I don't really need to edit torrc at all. I wanted to gather more information in the form of educating myself on how to do such a thing. I have never really had any problems with Tor and one of the developers told me tweaking it lends itself to problems. I just want to learn more. There is mention of editing torrc in the manual The Onion Router and how to block certain naughty exit nodes or choose which exit nodes one wishes to use. I read about this in the OR-TALK emails and have a very difficult time understanding it and naturally want to. Should I do this? Do I need to do this? Where I live, there appears to be no one I could meet and discuss Tor with, nor have someone teach or show me some of the technical aspects that are mentioned in The Onion Router. This stuff interests me but I really don't have the intelligence to get it like those more tech savvy or trained than I. I talk about Tor with people I meet and get to know, and try to urge more individuals to learn about it and to use Tor. I mention to them that I would like to become a Tor server before I die (less than 3,000 days to go now), and so I decided to risk asking this question here. By trying to talk another into trying Tor out, I thought it would help me, at the very least, to show them what I do know or how to do, and learn a bit more in that way or even see if I understand it any better than when I first started using it. I first read about it in a newspaper column by someone who writes a small tech column about new softwares, web sites, and a small amount of computer -problems advice. Right now I just thought, maybe I could email that person and see if they are now using Tor. I only saw a server on the Network Map (1 time), that showed a server in the country I now live in. I don't know if it was an entry, middle or exit node as I really don't know how to read the servers listed as, or while, Tor is running. I just know they say open, closed. I would like to know how that list reads. Is it top down? And they usually list three at a time, so am I correct to assume (usually not), that those are the three hops? left-to-right-entry-middle-exit? For instance, I regularly update the version of Vidalia/Tor for my Mac (10.5.2 ppc) and for Windows IM Browser Bundle and a little bit for Windows, but I usually use the IM Bundle on a USB when I am not at home. At home I usually use Mac. I still haven't been able to walk through the process of verifying signatures because at a certain point the page for that tells me what I need to do next but I need to know how to do what I need to do next which I don't know how to do. Sorry for my lack of training and intelligence regarding this sort of thing. I think Tor is needed very much today and to be able to eventually become a server means learning more. And by telling more and more about it, I'm hoping that helps a little bit. Regards. -Original Message- From: Runa Sandvik runa.sand...@gmail.com To: or-talk@freehaven.net Sent: Mon, Mar 1, 2010 2:05 pm Subject: Re: Problem bootstrapping. Stuck at 5% On Mon, Mar 1, 2010 at 5:32 AM, zzzjethro...@email2me.net wrote: Hello. Hi, I have wanted to understand more about these Vidalia/Tor torrc files and just how and where one edits them. In other words what do I write, where and in what manner? What do you want to accomplish? Why do you need to edit torrc? -- Runa Sandvik *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Torlock - a simple script to prevent outgoing packets from bypassing Tor.
Hello. I have created a simple Bash script to prevent any data from bypassing Tor when Tor is running. I started it to use just for myself, but now I think it will be better to share it with other users of Tor. This script, named Torlock, does the following things when used to start Tor: - Creates a special user named torlock by default (if you run it first time or have removed that user after previous Tor session). - Uses Iptables to block network access for everyone except for torlock. - Setuids to torlock and starts Tor. Tor will be started in background mode, and its output redirected to a file. When used to stop Tor, it stops Tor, unlocks network access, and (optionally) removes torlock user. More information is in included text file. Even more can be obtained by reading the script. It is small, simple, and easy to make sure it's not backdoored. The script can be downloaded from Sourceforge: http://sourceforge.net/projects/torlock/files/ Inspite of its simplicity, Torlock saved me at least twice when I forgot to switch Torbutton on. With best regards, Irratar. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torlock - a simple script to prevent outgoing packets from bypassing Tor.
You might want to look at JanusVM. On Mar 1, 2010 7:05 AM, Irratar irrata...@gmail.com wrote: Hello. I have created a simple Bash script to prevent any data from bypassing Tor when Tor is running. I started it to use just for myself, but now I think it will be better to share it with other users of Tor. This script, named Torlock, does the following things when used to start Tor: - Creates a special user named torlock by default (if you run it first time or have removed that user after previous Tor session). - Uses Iptables to block network access for everyone except for torlock. - Setuids to torlock and starts Tor. Tor will be started in background mode, and its output redirected to a file. When used to stop Tor, it stops Tor, unlocks network access, and (optionally) removes torlock user. More information is in included text file. Even more can be obtained by reading the script. It is small, simple, and easy to make sure it's not backdoored. The script can be downloaded from Sourceforge: http://sourceforge.net/projects/torlock/files/ Inspite of its simplicity, Torlock saved me at least twice when I forgot to switch Torbutton on. With best regards, Irratar. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torlock - a simple script to prevent outgoing packets from bypassing Tor.
Helli Irratar, Sound good for me and can be sure very useful... I will wait what's things Tor devs before give a try but thanks to share with us :D Best Regrads Stars signature.asc Description: This is a digitally signed message part.
Re: Torlock - a simple script to prevent outgoing packets from bypassing Tor.
On 03/01/10 11:38, Kyle Williams wrote: You might want to look at JanusVM. I can't quite tell; I'm guessing that JanusVM uses a VPN(TUN/TAP) to redirect all host packets to the VM - thereby blocking any loose packets? (any non-TOR interaction with the ISP - which may be a hotspot)? TIA [] This script, named Torlock, does the following things when used to start Tor: - Creates a special user named torlock by default (if you run it first time or have removed that user after previous Tor session). - Uses Iptables to block network access for everyone except for torlock. - Setuids to torlock and starts Tor. Tor will be started in background mode, and its output redirected to a file. When used to stop Tor, it stops Tor, unlocks network access, and (optionally) removes torlock user. [] Nice! Thank You *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torlock - a simple script to prevent outgoing packets from bypassing Tor.
This may be interesting for you as well: this is, what iptables-save produces on an Amnesia system: # Generated by iptables-save v1.4.2 on Mon Mar 1 18:22:07 2010 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [133:8080] :OUTPUT ACCEPT [134:8341] -A OUTPUT -d 192.168.0.0/16 -j RETURN -A OUTPUT -d 10.0.0.0/8 -j RETURN -A OUTPUT -d 172.16.0.0/12 -j RETURN -A OUTPUT -d 127.0.0.0/9 -j RETURN -A OUTPUT -d 127.128.0.0/10 -j RETURN -A OUTPUT -m owner --uid-owner debian-tor -j RETURN -A OUTPUT -p tcp -m owner --uid-owner ntpdate -m tcp --dport 123 -j RETURN -A OUTPUT -p udp -m owner --uid-owner ntpdate -m udp --dport 123 -j RETURN -A OUTPUT -p tcp -m owner --uid-owner ntpdate -m tcp --dport 53 -j RETURN -A OUTPUT -p udp -m owner --uid-owner ntpdate -m udp --dport 53 -j RETURN -A OUTPUT -d 127.192.0.0/10 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040 -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040 COMMIT # Completed on Mon Mar 1 18:22:07 2010 # Generated by iptables-save v1.4.2 on Mon Mar 1 18:22:07 2010 *filter :INPUT ACCEPT [15615:7102432] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -d 192.168.0.0/16 -j ACCEPT -A OUTPUT -d 10.0.0.0/8 -j ACCEPT -A OUTPUT -d 172.16.0.0/12 -j ACCEPT -A OUTPUT -d 127.0.0.0/8 -j ACCEPT -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT -A OUTPUT -p tcp -m owner --uid-owner ntpdate -m tcp --dport 123 -j ACCEPT -A OUTPUT -p udp -m owner --uid-owner ntpdate -m udp --dport 123 -j ACCEPT -A OUTPUT -p tcp -m owner --uid-owner ntpdate -m tcp --dport 53 -j ACCEPT -A OUTPUT -p udp -m owner --uid-owner ntpdate -m udp --dport 53 -j ACCEPT -A OUTPUT -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Mon Mar 1 18:22:07 2010 They allow ntp connections since Tor really likes an accurate date/time. They also do some .onion related stuff that I dont get (this might be the 172.16.0.0/12?) I dont know much about iptables and Linux in general, but maybe this helps. M.K. Am Montag, den 01.03.2010, 15:04 + schrieb Irratar: Hello. I have created a simple Bash script to prevent any data from bypassing Tor when Tor is running. I started it to use just for myself, but now I think it will be better to share it with other users of Tor. This script, named Torlock, does the following things when used to start Tor: - Creates a special user named torlock by default (if you run it first time or have removed that user after previous Tor session). - Uses Iptables to block network access for everyone except for torlock. - Setuids to torlock and starts Tor. Tor will be started in background mode, and its output redirected to a file. When used to stop Tor, it stops Tor, unlocks network access, and (optionally) removes torlock user. More information is in included text file. Even more can be obtained by reading the script. It is small, simple, and easy to make sure it's not backdoored. The script can be downloaded from Sourceforge: http://sourceforge.net/projects/torlock/files/ Inspite of its simplicity, Torlock saved me at least twice when I forgot to switch Torbutton on. With best regards, Irratar. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] more censorship, government-issued spyware coming to France
Scott Bennett schrieb: Perhaps more people in Europe will have to relearn the hard way why the right of the people to keep and bear arms must be held inviolate. yes! 7.62mm full metal jacket http://twitpic.com/15p8wr yrs Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Path-spec - fast circuits
Thus spake ilter yĆ¼ksel (ilteryuk...@gmail.com): No, you can only select 'Dual' flagged exit nodes (Exit+Guard) for the guard position. Hence it doesn't make sense to have a Wge weight. You said that only but, depends on your changes for dir-spec, it seems that we can select dual flagged, non-flagged and guard-flagged nodes for the guard position as below; Wgg - Weight for Guard-flagged nodes in the guard position Wgm - Weight for non-flagged nodes in the guard Position Wgd - Weight for Guard+Exit-flagged nodes in the guard Position Wgm exists for bridges, which don't have the Guard flag. Therefore i couldn't understand why there isn't Wge integer value on your changes. I think it seems possible that we can select exit-flagged nodes in guard position if guards are scarce. What do you think? No, the proper way to handle this is to tune our algorithms that hand out the Guard flag to ensure that Guards are always plentiful. These algorithms are centralized and run on the directory authorities. On the otherhand did you simulate your changes? If yes, could you share results of the simulations? Not yet. I have verified that the formulas produce balanced results, and that my solutions do satisfy the system of equations. I plan on doing selection tests once the system is deployed to verify that clients are actually performing selection at the rates specified by the weights. Large scale simulations are hard to do. Ideally the academic groups that work on Tor in various universities could pool their efforts and maintain a common reference Tor Testing Network. It seems like every researcher is always making their own small Tor network of various sizes and load.. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpWWBznfFFXr.pgp Description: PGP signature
Full bandwidth is not used.
Dear Tor folks, my Tor server is running for over three days now, but the average bandwidth usage shown by ARM [1] is only 100 KB/s for uploaded and downloaded. The usage increased during the first two days but has stagnated now. I am using the default `/etc/tor/torrc` so bandwidth should be limited by 5 MB/s by default, which is also show by ARM. Bandwidth (cap: 5 MB, burst: 10 MB): I am only seeing the following warnings. xx:xx:xx [WARN] Rejected invalid g^x xx:xx:xx [WARN] Rejecting insecure DH key [0] xx:xx:xx [WARN] DH key must be at least 2. Testing the bandwidth by for example downloading a big file shows that higher bandwidth is available. Tor 0.2.0.35 OR Port: 443 Dir Port: 80 Could you please help me how I can find out, what is limiting Tor to use the full available bandwidth. Thanks, Paul [1] http://www.atagar.com/arm/ signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Full bandwidth is not used.
Hello, Well i am not sure but look like you must first upgrade your Tor version to the last sable minimum 0.2.1.24 who i think will first fix the xx:xx:xx [WARN] Rejecting insecure DH key [0] xx:xx:xx [WARN] DH key must be at least 2. I am not 100% sure about that but pretty sure. A devs will for sure rightanswer you :D SwissTor signature.asc Description: This is a digitally signed message part.