Re: Re: Tips for Windows Update Over Tor
All depends on if _all_ the various MS updates and mechanisms are properly signed/checked by the MS update mechanism. Otherwise, it's one massive MITM hole. I've no idea on that. Yes, they are. Also, the way to go would probably be a third-party utility that download all required updates to install them later, offline. One that I can think of is c't Offline Update: http://www.heise-security.co.uk/articles/80682 Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Re: Re: Re: Re: My tor exit node is STILL gone from the node list
I haven't had the time and sufficient knowledge to work out what's wrong, but for some reason the node is back online for a 'record' of nearly 48 hours now: http://torstatus.blutmagie.de/router_detail.php?FP=d3eb313299a0082a4a4e10e0eb758e4f0163f4f0 I didn't change anything and the ISP didn't inform me about any changes on their side. -Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Re: Re: Re: My tor exit node is STILL gone from the node list
Hi list, hi Lee, It at least shouldn't be a problem for TOR, because it has worked with that setup for months. Unless you know for sure that nothing has changed on the path between your server and all the directory servers you don't know if path MTU discovery being broken (if it really is) is a new problem or not. I have again spoken to my ISP and they say routing is fine. What all do the directory servers need to do/see before marking your server as a good exit? It'd be nice to know what they can't do that's keeping your server from being marked as a good exit.. I'm interested in that as well. I still cannot get it to be flagged 'Running' reliably. Would TOR logging on my side help on this? I guess not? Appreciate any help, I'm sure you don't mind getting 4MB/s exits back. ;-) Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Tor Exit Node Notice (was: Re: Re: My tor exit node is STILL gone from the node list)
Hi Timo, besides the routing stuff I saw that on the mentioned IP (see above) there's a nice disclaimer-like website that impresses me. I'm still not sure whether to pimp my node to be an exit node or not (due to the supressing that happens here in Germany). However, this suits me well. Is this a usual practice for TOR admins, and if yes, is there a multilingual approach? I basically got it from https://tor-svn.freehaven.net/svn/tor/trunk/contrib/tor-exit-notice.html and slightly modified the template. Feel free to use it. I don't know of any multilingual approaches, but I guess it would be nice to have that. -- Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
My tor exit node is STILL gone from the node list
Hi list, I am still struggling to get my server back on the list of Tor nodes. For several months it was among the top 5 nodes, pumping 15TB a month. I am paying a lot of money for that machine, and I don't see why it just doesn't work any more. Let me reiterate what's happening: Since April, the node disappears from the node list after a few hours of running. I have tried to change exit policies, node name, node keys, ports and IP (within the same subnet). After the IP change the node was listed (and used) for several hours before it vanished. There's nothing about in the log file. It seems as if the node is unreachable from some of the authority servers, but I have no idea what to do about that. My ISP says that routing is fine and everything should work as expected. I don't understand why the node stays listed for a few hours before disappearing. Can someone please help me get this 100EUR/mnth node up again? Information about the node: Current IP 89.248.169.109 (previously 89.248.169.108) Nickname kyirong2 (previously kyirong) Fingerprint D3EB 3132 99A0 082A 4A4E 10E0 EB75 8E4F 0163 F4F0 (Old fp: A8BD 32A9 C2F2 0C4F 8ED2 C26C E477 0A24 85E3 CD22) Tor 0.2.1.17-rc Debian DirPort 80, ORPort 8080 -- Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Re: Re: My tor exit node is STILL gone from the node list
Best of luck getting your provider to straighten out the routing. I have limited experience in running servers. From what I found out, my Xen dom0 is traceable (89.248.169.106), while the virtual host running TOR is not (89.248.169.109, vif-bridge). I can still access the web server running on 109 though. Is this a Xen misconfiguration? I can't think of anything that I have changed. -- Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Re: Re: Re: My tor exit node is STILL gone from the node list
Hi Lee, Have you talked to your provider about reachability? Earlier I couldn't do a traceroute to your machine now I can: I haven't spoken to them, no. What I did was reconfigure the firewall to allow ICMP. Could it be momentarily routing problems that cause this? At the moment, the node seems to be, too. -- Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Re: Re: My tor exit node is gone from the node list?
This problem seems to be related to your port 8010. From some locations your node presents an SSL certificate on port 443 but not on 8010. You might want to ask your ISP why that is the case. (A workaround might be to switch your OR port from 8010 to 443, but let's try to figure out the reason for the original problem first.) I have spoken to my ISP, they're not aware of any routing errors and do not filter. From my limited testing from multiple locations, I can always reach the server. Port 443 is already in use by the Apache web server. Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Re: Re: My tor exit node is gone from the node list?
Hello, How odd. It is still publishing descriptors, and the directory authorities are still testing its reachability. In particular, here are the six votes from the six directory authorities: [...] So that's why it's missing. But, why is it not considered reachable from three of them? I'm not sure. I am still trying to solve this. Since my last mail, I also let TOR regenerate the keys, so kyirong's fingerprint now is 849D 45A3 2335 5EB3 4F73 2EF5 DB43 0B90 6A21 DAAE (89.248.169.108, DirPort 80, ORPort 8010; uptime 24/7). It is still not listed. The node is reachable from multiple locations (judging from my limited way of testing). If someone can give me hints towards unreachable routes, I can ask my ISP about that. Any ideas on what to try next? -Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Re: Re: My tor exit node is gone from the node list?
Hi Andrew, Well, the obvious issue is that I can't get a connection to your ORPort. Your dirport responds fine. Since I posted the message to the mailinglist, I tried with a different ORPort (8010), which made the node reappear on the list for a while - but it is again gone now. The process is stilling running and actively writing to the debug log (the notice log doesn't change after the self-tests). Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
My tor exit node is gone from the node list?
Hi there, For several months, we've been running a tor exit node (kyirong/A8BD 32A9 C2F2 0C4F 8ED2 C26C E477 0A24 85E3 CD22). Since a few days, it seems to have vanished from the list of nodes, and I cannot make it reappear. Neither notice.log nor debug.log (when enabled) show any suspicious entries or error messages: Apr 28 15:22:08.357 [notice] Tor 0.2.1.14-rc (r19307) opening log file. Apr 28 15:22:08.417 [notice] Parsing GEOIP file. Apr 28 15:22:09.105 [notice] Your Tor server's identity key fingerprint is 'kyirong A8BD 32A9 C2F2 0C4F 8ED2 C26C E477 0A24 85E3 CD22' Apr 28 15:22:15.553 [notice] We now have enough directory information to build circuits. Apr 28 15:22:15.553 [notice] Bootstrapped 80%: Connecting to the Tor network. Apr 28 15:22:15.643 [notice] Bootstrapped 85%: Finishing handshake with first hop. Apr 28 15:22:16.409 [notice] Bootstrapped 90%: Establishing a Tor circuit. Apr 28 15:22:17.817 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Apr 28 15:22:17.817 [notice] Bootstrapped 100%: Done. Apr 28 15:22:17.817 [notice] Now checking whether ORPort 89.248.169.108:8080 and DirPort 89.248.169.108:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Apr 28 15:22:19.106 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Apr 28 15:22:38.504 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Nothing else shows up after that, while debug.log is constantly being written to. Also, traffic logs suggest that the node is not used as much as it could be. Whats up with that? Thanks, Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro