Re: gwget and tor?

[kr]

Hi,

> thanks can you please explain how to use this?

save as e. g. "wget_anon" (edit the user-agent header line or delete all
header lines), chmod 750 wget_anon and than $ wget_anon URL. Or with the
FlashGot extension (as an example):
Add-> Name: wget_anon
Executable path: /path/wget_anon
Command line argument: [URL]

> and is it possible to make several downloads simultaniously?

as i said, i'm using it for a download of one file, but you can type
wget_anon URL1
wget_anon URL2 ...
or expand the variable or with FashGot you can click several files or
use the "FlashGot All" function to suck a whole webpage. Perhaps another
ml member has better or additional ideas :)

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: gwget and tor?

[kr]

Hi,

i'm using this little script for one-time wget downloads over privoxy &
tor in the terminal or as a "download manager" together with the
FlashGot Firefox extension:

#!/bin/dash

wget \
-e http_proxy=http://127.0.0.1:8118/ \
-e https_proxy=http://127.0.0.1:8118/ \
--tries=3 \
--no-dns-cache \
--inet4-only \
--directory-prefix=/opt/downloads \
--no-check-certificate \ *
--no-cookies \
--user-agent="Mozilla..." \
--header="Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \
--header="Accept-Language: en-us,en;q=0.5" \
--header="Accept-Encoding: gzip,deflate" \
--header="Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \
$1

* depends on your needs - you can check certificates with the opposite
and further "certificate" options.

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: "RequestPolicy": can people take a look at it?

[kr]

Hi,

> A smart security person pointed me to the "RequestPolicy" firefox 
> extension. I've had it on my todo list for a month but haven't found 
> time to look at it. Anybody here want to take a look, give it a spin,
>  decide if it solves an important problem, figure out how well it
> coexists with Noscript and Torbutton, etc?

I have RP installed beside NoScript, but without Torbutton.
It coexists very well with NoScript, you can allow/disallow all requests
to external "base domains", "full domains" and "full addresses", but
Scripts etc. from such domains and adresses are only allowed/disallowed
with the additional actions & functions from NoScript. The author says,
that he sees RP as an addition to NoScript. The context menu / handling
 is like NoScript or FoxyProxy. No blacklists so far and the whitelists
are static - you cannot edit the entries or use wildcards /RegEx
(requested and added to his list of planned features). Perhaps RP's
functions could or will be incorporated in things like NoScript,
Torbutton...don't know.

I have written a short German-language review in

but you can follow
 too ;)

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/

Re: Scroogle is allowing Tor again [Was: Re: Strange problem with Tor/Scroogle]

[kr]

Hi,

> I think Scroogle's blocking of Tor exit nodes may have been a mistake in
> setting up block lists somewhere; I can access it again through Tor.
> 
> Anyone else want to confirm?

forwarded with David Brandts permission:


Date: Wed, 1 Oct 2008 10:33:41 -0700 (PDT)
From: Daniel Brandt <[EMAIL PROTECTED]>
Subject: RE:Scroogle & Tor

Scroogle's six servers have been under an around-the-clock flooding
that is coming through Tor. Until today, this has been going on for
eight days without any let-up.

They came into Scroogle in the form of one of three GET requests
for a search. They use DNS lookups of www.scroogle.org because
they hit only our servers that were currently in our DNS. Curiously,
they also picked up our favicon.ico consistently, which in restrospect
seems to suggest a misconfigured machine. Anyway, it slowed to a crawl
about ten hours ago.

The three search terms requested are easy to catch:

1)  damian+conway+perl
2)  osman+semerci+-fired
3)  issam+fares+-kanaan

We lifted our Tor blocks about an hour ago. Only a few per hour are
coming through by now, which we are handling directly based on the
search terms instead of trying to block all Tor exit nodes.

Originally we thought that someone was using Scroogle to scan for
possible Tor exit nodes. We chose to use null-route blocking to
defeat this, because a "Forbidden" would merely confirm that the
circuit found its intended destination.

Then we thought that whoever is doing this is anti-Tor as much as
anti-Scroogle, and that it was an attempted denial of service.

Now we think it was an out-of-control machine and that it was
turned off earlier today.

-- Daniel Brandt

Date: Wed, 1 Oct 2008 12:48:07 -0700 (PDT)
From: Daniel Brandt <[EMAIL PROTECTED]>
Subject: Re: Scroogle & Tor

Sure, please post it on the mailing list, and convey our apologies
to Tor users who were inconvenienced.

If it happens again, we will try to just block on the abuser's
search terms. We no longer suspect that anyone is stupid enough
to use Scroogle to scan for exit nodes, because they should
realize that if we let these get through to Google, then our
six servers might get blocked by Google. We know for a fact that
Google has the ability to block all of our servers from all of
their various data centers in about 30 minutes flat; all it takes
is for someone in a position of authority at Google to decide that
it's time to stop being tolerant toward Scroogle. (We have never
had any arrangements with Google whatsoever, and they already
know the IPs of our six servers as they appear at the 270+ Google
IP addresses we use.)

But if some Tor abuser wanted to vary the search terms by using
a dictionary lookup, this would be impossible to intercept.
In such a situation, we'd have to block all the exit nodes again.
At least we're now set up to do this effortlessly, because we've
had eight days of training. During that time we wrote and debugged
programs for automatic Tor exit-node blocking across all six
servers.

If the consensus among Tor experts is that this was a misconfigured
Tor server (we don't use Tor so we haven't a clue), we hope someone
can figure out how it happened, and also figure out how to prevent
this sort of accidental misconfiguration. Otherwise, Tor will
eventually get a bad name once script kiddies discover how much
fun this is, and it will no longer happen accidentally.

Something very similar happened to Scroogle in July, but it was at
a much lower level of activity, and seemed to happen during U.S.
business hours only, instead of around the clock. That's why we
think it may worth investigating by Tor experts, especially from
an  "ease of misconfiguration" standpoint, and possibly even from
an "early detection" standpoint.

-- Daniel

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/

Re: Strange problem with Tor/Scroogle

[kr]

Hi,

> No answer here, but I have been baffled by this strange behavior with
> Scroogle, as well, the last week or so. Wonder what's up?

I have sent them an e-mail three days ago because of this issue and
asked, if they are blocking Tor, but got no answer.

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/

mixmaster policies (was Re: Update to default exit policy)

[kr]

Hi,

one question related to the port 465/587 thread.

Could it be useful to open at least the ports for mixmaster remailers,
capable of submission via TLS, SSL connections or SMTP (2525)?

reject private:*
# drooper.mixmin.net (banana)
accept 88.198.22.131:587
accept 88.198.22.131:2525
accept 88.198.22.131:465
# .ecn.org (cripto)
accept 85.18.113.11:587
accept 85.18.113.11:465
# mail.cyberiade.it (cyberiad)
accept 85.18.107.240:587
accept 85.18.107.240:465
# mail2.frell.eu.org (frell)
accept 213.239.201.102:587
accept 213.239.201.102:2525
accept 213.239.201.102:465
# mail1.frell.theremailer.net (frell)
accept 85.177.248.156:587
accept 85.177.248.156:2525
accept 85.177.248.156:465
# remailer-debian.panta-rhei.eu.org (panta)
accept 81.189.102.241:465
# mx1.investici.org (paranoia)
accept 82.94.249.234:587
accept 82.94.249.234:465
# mx2.investici.org (paranoia)
accept 204.13.164.180:587
accept 204.13.164.180:465
# mx3.investici.org (paranoia)
accept 217.150.252.179:587
accept 217.150.252.179:465
# mx4.investici.org (paranoia)
accept 216.17.130.5:587
accept 216.17.130.5:465
# mx5.investici.org (paranoia)
accept 82.117.37.71:587
accept 82.117.37.71:465
reject *:*

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/