Re: [tor-talk] How can I select a specific exit node?

2011-12-18 Thread Ville H 

On 19.12.2011 1:30, Matthew R wrote:

It appears that StrictExitNodes no longer works.  However, when I use
StrictNodes to select an exit node, this also does not appear to work.

How can I edit my torrc file to select a particular exit node?



AllowDotExit 1

After that you can connect to any address like this 
http://google.com.EXITNODENAME.exit/

___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] "If you have access to certain tools, you can completely ignore Tor."

2011-12-18 Thread Chris 
>
>>> From:
>>> http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/
>>>
>>> Wired: How much can one do with IP addresses that have been run through
>>> Tor?
>>>
>>> SR: If you have access to certain tools, you can completely ignore Tor.
>>> You
>>> can trap your subject's IP address without wasting your time busting
>>> through Tor. Without revealing too many tricks, for example, it's easy
>>> enough to send someone an e-mail that broadcasts location info back to
>>> a
>>> server. Someone operating a trap website can grab Evan's cookies and
>>> see
>>> his entire browser history and his current IP address. With only a
>>> minimal
>>> amount of work, you can determine where Evan is viewing a website from.
>>>
>>> Does this make any sense?  I assume that what the PI means is that if
>>> you
>>> send an e-mail to a non-webmail client (like Thunderbird) which does
>>> not
>>> go
>>> via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
>>> from the website.  However, if the victim uses webmail then surely all
>>> responses would go via Tor?
>>>
>>> Or does he mean something else?
>> This is exactly why users should be running through an account where
>> non-Tor traffic is blocked. Such attacks can't be performed as the
>> application either goes through Tor or does not get out to the Internet
>> at
>> all.
>>
>> The problem right now is that the TBB makes it difficult to set it up
>> this
>> way. Tor and the TBB (firefox, plug-ins, etc) need to be separate pieces
>> in order to have then run under different user accounts with different
>> levels of permissions.
>>
>> There also needs to be better commercial ties for Tails or any other
>> similar distribution so that users can easily resolve compatibility
>> issues.
>>
> It is quite easy to configure Thunderbird to run through tor using
> Vidalia, without leaking DNS requests either...then the "received from"
> IP address will be the exit node. (instructions here
> )
>
> It's a bit slower of course, but with SSL security, there's no reason
> why it wouldn't be just as secure (at least up to your web mail
> server)... once it's on the open Internet, it's free for all ;)
>

An incorrectly configured application should not leak anything. That is
why a distribution like Tails is needed where the applications are already
configured and it is harder to make these potentially dangerous changes.
There are way too many technical people who don't know what they are doing
making these configuration changes. The less technical users are making
really stupid choices too. I'm talking about downloading applications from
random sources (megadownload) and similar.


___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] "If you have access to certain tools, you can completely ignore Tor."

2011-12-18 Thread Joe Btfsplk 

On 12/18/2011 5:33 PM, Matthew R wrote:

From:
http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/

Wired: How much can one do with IP addresses that have been run through Tor?

SR: If you have access to certain tools, you can completely ignore Tor. You
can trap your subject’s IP address without wasting your time busting
through Tor. Without revealing too many tricks, for example, it’s easy
enough to send someone an e-mail that broadcasts location info back to a
server. Someone operating a trap website can grab Evan’s cookies and see
his entire browser history and his current IP address. With only a minimal
amount of work, you can determine where Evan is viewing a website from.

Does this make any sense?  I assume that what the PI means is that if you
send an e-mail to a non-webmail client (like Thunderbird) which does not go
via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
from the website.  However, if the victim uses webmail then surely all
responses would go via Tor?

Or does he mean something else?
I didn't read the entire article yet, but have read of some similar 
claims like

Someone operating a trap website can grab Evan’s cookies and see
his entire browser history
Even if partly true, this is one reason I don't understand why TBB has 
default settings to allow all cookies, seeing as how its main goal is 
anonymity.  Devs are very concerned about not writing anything to cache, 
but not concerned about cookies.


Tor wasn't developed for constant, everyday use by millions w/ the idea 
that anonymity could be provided for the masses.  It probably never will 
achieve that.  Authorities & hackers will always be looking for holes.  
People much smarter than me say if you're that concerned about true 
anonymity, you'd better encrypt everything.  Cookies & browsing history 
are another matter.


Under current US & other nations' laws, it's possible that gov'ts have 
already forced developers of any software -  incl. Tor - to put in 
backdoors.  And in fact, say it's illegal for the devs of any software 
to outright disclose such.  In general, most gov'ts aren't going to 
allow devising ways that criminals can easily & completely avoid 
detection.  (No, Tor isn't only used by criminals - but gov'ts don't 
care).  And if they determine such software / networks could provide 
99.9% anonymity, w/ no way for them to crack it or no backdoors, they'd 
probably outlaw it.


I don't know that it has happened w/ Tor, but it certainly has in other 
cases.  If you want true anonymity, don't use the internet, unless 
you're very well educated in all things related to internet anonymity 
(hard for one person to do), and taking extreme, well founded measures 
to thwart those seeking to identify you or your location, gather info, 
etc.  Plus, it would be a full time job constantly testing your methods 
& keeping up w/ newest ways others could crack your system.  A handful 
of people might have the ability (& almost none the time) to do this.

if you send an e-mail to a non-webmail client (like Thunderbird) which does not 
go
via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
from the website
Could you clarify the question?  As Phillip mentioned, Tbird can be 
Torrified, but I've never been impressed or convinced that the methods 
are fool proof by any means.
Web beacons (web bugs) can be stopped in a few ways, that is probably 
more reliable than any overall anonymity on the web.


___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] "If you have access to certain tools, you can completely ignore Tor."

2011-12-18 Thread Phillip 

>> From:
>> http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/
>>
>> Wired: How much can one do with IP addresses that have been run through
>> Tor?
>>
>> SR: If you have access to certain tools, you can completely ignore Tor.
>> You
>> can trap your subject's IP address without wasting your time busting
>> through Tor. Without revealing too many tricks, for example, it's easy
>> enough to send someone an e-mail that broadcasts location info back to a
>> server. Someone operating a trap website can grab Evan's cookies and see
>> his entire browser history and his current IP address. With only a minimal
>> amount of work, you can determine where Evan is viewing a website from.
>>
>> Does this make any sense?  I assume that what the PI means is that if you
>> send an e-mail to a non-webmail client (like Thunderbird) which does not
>> go
>> via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
>> from the website.  However, if the victim uses webmail then surely all
>> responses would go via Tor?
>>
>> Or does he mean something else?
> This is exactly why users should be running through an account where
> non-Tor traffic is blocked. Such attacks can't be performed as the
> application either goes through Tor or does not get out to the Internet at
> all.
>
> The problem right now is that the TBB makes it difficult to set it up this
> way. Tor and the TBB (firefox, plug-ins, etc) need to be separate pieces
> in order to have then run under different user accounts with different
> levels of permissions.
>
> There also needs to be better commercial ties for Tails or any other
> similar distribution so that users can easily resolve compatibility
> issues.
>
It is quite easy to configure Thunderbird to run through tor using
Vidalia, without leaking DNS requests either...then the "received from"
IP address will be the exit node. (instructions here
)

It's a bit slower of course, but with SSL security, there's no reason
why it wouldn't be just as secure (at least up to your web mail
server)... once it's on the open Internet, it's free for all ;)

___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] "If you have access to certain tools, you can completely ignore Tor."

2011-12-18 Thread Chris 
> From:
> http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/
>
> Wired: How much can one do with IP addresses that have been run through
> Tor?
>
> SR: If you have access to certain tools, you can completely ignore Tor.
> You
> can trap your subject’s IP address without wasting your time busting
> through Tor. Without revealing too many tricks, for example, it’s easy
> enough to send someone an e-mail that broadcasts location info back to a
> server. Someone operating a trap website can grab Evan’s cookies and see
> his entire browser history and his current IP address. With only a minimal
> amount of work, you can determine where Evan is viewing a website from.
>
> Does this make any sense?  I assume that what the PI means is that if you
> send an e-mail to a non-webmail client (like Thunderbird) which does not
> go
> via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
> from the website.  However, if the victim uses webmail then surely all
> responses would go via Tor?
>
> Or does he mean something else?

This is exactly why users should be running through an account where
non-Tor traffic is blocked. Such attacks can't be performed as the
application either goes through Tor or does not get out to the Internet at
all.

The problem right now is that the TBB makes it difficult to set it up this
way. Tor and the TBB (firefox, plug-ins, etc) need to be separate pieces
in order to have then run under different user accounts with different
levels of permissions.

There also needs to be better commercial ties for Tails or any other
similar distribution so that users can easily resolve compatibility
issues.






___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] "If you have access to certain tools, you can completely ignore Tor."

2011-12-18 Thread Matthew R 
From:
http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/

Wired: How much can one do with IP addresses that have been run through Tor?

SR: If you have access to certain tools, you can completely ignore Tor. You
can trap your subject’s IP address without wasting your time busting
through Tor. Without revealing too many tricks, for example, it’s easy
enough to send someone an e-mail that broadcasts location info back to a
server. Someone operating a trap website can grab Evan’s cookies and see
his entire browser history and his current IP address. With only a minimal
amount of work, you can determine where Evan is viewing a website from.

Does this make any sense?  I assume that what the PI means is that if you
send an e-mail to a non-webmail client (like Thunderbird) which does not go
via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
from the website.  However, if the victim uses webmail then surely all
responses would go via Tor?

Or does he mean something else?
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] How can I select a specific exit node?

2011-12-18 Thread Matthew R 
It appears that StrictExitNodes no longer works.  However, when I use
StrictNodes to select an exit node, this also does not appear to work.

How can I edit my torrc file to select a particular exit node?

For example:

StrictNodes 1
ExitNodes name_of_node_here

Thanks!
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] New arm version doesn't show connections

2011-12-18 Thread Stephan Seitz 

On Sun, Dec 18, 2011 at 11:36:46AM -0800, Damian Johnson wrote:

I'm a little surprised that this feature has been around so long
without these issues coming up before. :)


Well, it worked on my system with arm version 1.4.2.4, so I think that 
something must have changed in the code as well to trigger this bug. ;-)

At least my system didn’t change (no new kernel, no new libc).

Shade and sweet water!

Stephan

--
| Stephan Seitz E-Mail: s...@fsing.rootsland.net |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |


signature.asc
Description: Digital signature
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] New arm version doesn't show connections

2011-12-18 Thread Damian Johnson 
> Just for your information:
> I have running TOR on debian 6 and ubuntu 8.04. Only on ubuntu 8.04 the
> connection list is empty.

Thanks, Stephan and I have been talking off-list and it sounds like
there's a few gotchas braking the connection resolution besides the
tor change...
- proc contents on some platforms have a layout I wasn't expecting -
guess it's not as standardized as I thought
- non-proc resolvers in his case are failing due to both the LANG
environment variable (translating 'ESTABLISHED') and having a full tor
path rather than just the base name

I'm a little surprised that this feature has been around so long
without these issues coming up before. :)

As for the tor change, I've reopened the ticket for it...
https://trac.torproject.org/projects/tor/ticket/3313#comment:17
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] New arm version doesn't show connections

2011-12-18 Thread Klaus Layer 
Damian Johnson  wrote on 15.12.2011:
> You can work around this by setting "DisableDebuggerAttachment 0" in
> your torrc. I'll change arm later to disable the connection page when
> this is on and warn the user about it.

Just for your information:
I have running TOR on debian 6 and ubuntu 8.04. Only on ubuntu 8.04 the 
connection list is empty.

Regards,

Klaus



signature.asc
Description: This is a digitally signed message part.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] tor-exit running ntop

2011-12-18 Thread Fabio Pietrosanti (naif) 
Quick test for tor-exit running ntop

cd /tmp
wget -q -O  /tmp/Tor_ip_list_ALL.csv
http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv

nmap -iL Tor_ip_list_ALL.csv -p3000 -sS -sV -PI -T Insane  -oM ntop.out

root@server /tmp # grep -i ntop ntop.out

Host: 46.4.228.233 (static.233.228.4.46.clients.your-server.de) Ports:
3000/open/tcp//ntop-http//Ntop web interface 3.3/

Host: 46.105.26.14 (vps18077.ovh.net)   Ports:
3000/open/tcp//ntop-http//Ntop web interface 4.0.3/

Host: 194.14.172.60 (194-14-172-60.cust.pirateisp.net)  Ports:
3000/open/tcp//ntop-http//Ntop web interface 3.3/

Host: 194.14.172.62 (194-14-172-62.cust.pirateisp.net)  Ports:
3000/open/tcp//ntop-http//Ntop web interface 3.3/

Host: 213.239.213.4 (linsol2.tuxsolutions.de)   Ports:
3000/open/tcp//ntop-http//Ntop web interface 3.2/

Maybe they are running sniffers or just traffic statistics?

-naif
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk