Re: any middlemen seeing DoS currently?
Il 11/11/2008 15:23, Geoff Down ha scritto: Crashed again after only 2 hours: I had to shut down my node temporarily due to high load. Jan
Re: Problems runing Tor on Vista x64
On Mon, Nov 10, 2008 at 11:51:45PM -0500, [EMAIL PROTECTED] wrote: On Mon, Nov 10, 2008 at 09:51:00AM +0100, [EMAIL PROTECTED] wrote 0.7K bytes in 16 lines about: : Nov 10 09:34:42.445 [err] Error from libevent: evsignal_init: : socketpair: No error It reads like libevent doesn't like something in the wow32 subsystem inside 64-bit vista. Do you get a drwatson crash dump? There are two errors here: - The above error message is totally useless. Future versions of libevent should give a better error for this case. - The error above usually happens when your firewall or antivirus software is blocking connections to 127.0.0.1 (that is, it's blocking connections from your computer to your computer). This is pretty broken. First, check if your firewall software is up to date. (This is windows, so you might need to randomly reboot.) Second, check whether you can tell it to allow Tor to connect to localhost. -- Nick
Re: Hidden service route
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Erilenz wrote: If I connect to a Tor hidden service am I right in thinking it goes like: Web browser - Tor client - Entry Node - Middle Node - Hidden Service No, that's not how it works. There are 6 nodes between you and the hidden service, three chosen by the hidden service, three chosen by you. See https://www.torproject.org/hidden-services for a description of the hidden service protocol. If I then change routelen to '2' in circuitbuild.c as per http://www.mail-archive.com/or-talk@freehaven.net/msg08747.html does that give me: Web browser - Tor client - Entry Node - Hidden Service Changing the route length should have minimal impact on performance. The step that takes time is to extend an existing circuit by another hop. I guess it has only minimal impact on performance whether you extend a 3-hop circuit to a fourth node, or a 2-hop circuit to a third node. You might want to try the latest alpha (0.2.1.7-alpha). It contains some improvements to speed up hidden services. - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJGbe/0M+WPffBEmURAoAiAKCX8/i7JiFGdZz1a7NwU6H8eW1hSQCfZ8yK fY50qwXYpSMStMMQnAQjhKw= =Cw2y -END PGP SIGNATURE-
determining which are the ORs a Tor circuit is using
Hello All I have a general question. I am using the default torrc (without specifying which ORs to select and letting the client determine the best ones for itself). Is there a way to detect which are the ORs the client picks up for the entry , middleman and exit nodes (rather than hacking into the source code of the tor client). I am using a rather dated version of the client - 0.1.2.18. Thanks Sambuddho
Hidden service route
Hi, If I connect to a Tor hidden service am I right in thinking it goes like: Web browser - Tor client - Entry Node - Middle Node - Hidden Service If I then change routelen to '2' in circuitbuild.c as per http://www.mail-archive.com/or-talk@freehaven.net/msg08747.html does that give me: Web browser - Tor client - Entry Node - Hidden Service -- Erilenz
Re: determining which are the ORs a Tor circuit is using
I taking the following route circuitbuild.c- circuit_send_next_onionskin- At the point where there is a check for if(!hop) I take the 'circ' pointer and - crypt_path_t pointer - extend_info_t pointer - nickname/addr Should that work ? Thanks Sambuddho On Tue, 2008-11-11 at 12:55 -0700, mrwigglet wrote: I know it is saved in the log files, although there may be an easier way to do it. There are lots of paths built that are in a waiting state, so you'd have to do some connecting the actual circuit being used with when it was built. I don't know of a built in way of doing this. On Tue, Nov 11, 2008 at 12:50 PM, Sambuddho Chakravarty [EMAIL PROTECTED] wrote: Hello All I have a general question. I am using the default torrc (without specifying which ORs to select and letting the client determine the best ones for itself). Is there a way to detect which are the ORs the client picks up for the entry , middleman and exit nodes (rather than hacking into the source code of the tor client). I am using a rather dated version of the client - 0.1.2.18. Thanks Sambuddho -- Nathan Evans Research Assistant Department of Computer Science University of Denver
Re: Version deprecated?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roger Dingledine wrote: Looks like gabelmoo isn't recommending quite the set of versions it should be recommending. That is, it's missing 0.2.0.29-rc, 0.2.0.30, 0.2.0.31. Whoops. They were missing in the config after moving gabelmoo to new hardware and recreating its config from an older backup. Fixed. - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJGVKN0M+WPffBEmURArOvAKC2J/kahX5XdxMLZyuNqfms5QobtQCgyXhe 4vuxB8hOdSioGzdKAKFD+j0= =bTkg -END PGP SIGNATURE-
Re: any middlemen seeing DoS currently?
Crashed again after only 2 hours: This was about 20 minutes beforehand, %CPU %MEM VSZRSS TT STAT STARTED TIME 0.0 1.639784 10400 ?? S 4:03AM 1:32.40 Nov 11 04:03:06.129 [Notice] Tor v0.2.0.31 (r16744). This is experimental software. Do not rely on it for strong anonymity. (Running on Darwin Power Macintosh) Nov 11 04:03:06.177 [Notice] Initialized libevent version 1.4.7-stable using method kqueue. Good. Nov 11 04:03:06.198 [Notice] Opening OR listener on 0.0.0.0:9001 Nov 11 04:03:06.219 [Notice] Opening Socks listener on 127.0.0.1:9050 Nov 11 04:03:06.299 [Notice] Opening Control listener on 127.0.0.1:9051 Nov 11 04:04:23.566 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Nov 11 04:04:53.299 [Notice] Performing bandwidth self-test...done. Nov 11 06:05:20.894 [Notice] We tried for 15 seconds to connect to '[scrubbed]' using exit 'johndoe'. Retrying on a new circuit. Should I be logging at info level? It's a lot of data... GD On 10 Nov 2008, at 03:19, Nick Mathewson wrote: On Fri, Nov 07, 2008 at 01:38:28PM +0100, Eugen Leitl wrote: I've seen continuous table state increase since about 3.5 hours. It went up from 1 k baseline to 5 k. Anyone else seeing this? Any alternative explanation to DoS? (ISP throttling?). Judging by the timing, I'd think it might be related to a bug we only uncovered on Friday. Why Friday? That was the first time that a directory authority's certificate expired before it could be replaced. The bug was that clients repeatedly asked directory caches for a new certificate over and over, without noticing that they were getting something expired and deciding to wait for a while. That bug should be fixed in newer versions of Tor. Also, all the authority operators should (if we can make them) get way more careful about checking certificate expiry times. -- Nick
Re: determining which are the ORs a Tor circuit is using
Btw, please pick only one mailing list to send your mail to. Your follow-up mail actually sent it to three lists, not just two. This is not cool. :) On Tue, Nov 11, 2008 at 02:50:14PM -0500, Sambuddho Chakravarty wrote: Hello All I have a general question. I am using the default torrc (without specifying which ORs to select and letting the client determine the best ones for itself). Is there a way to detect which are the ORs the client picks up for the entry , middleman and exit nodes (rather than hacking into the source code of the tor client). I am using a rather dated version of the client - 0.1.2.18. The traditional way to do this is to open your Tor's control port, and then attach a controller program (lika Vidalia, but you can write your own too with the torctl libraries) to ask questions like this. See doc/spec/control-spec.txt for many more details. For example, if you send setevents extended circ stream Then for streams you get lines like this 650 STREAM 17 NEW 0 www.google.com:80 SOURCE_ADDR=127.0.0.1:51279 PURPOSE=USER 650 STREAM 17 SENTCONNECT 5 www.google.com:80 650 STREAM 17 REMAP 5 72.14.235.104:80 SOURCE=EXIT 650 STREAM 17 SUCCEEDED 5 72.14.235.104:80 650 STREAM 18 NEW 0 www.google.com.tw:80 SOURCE_ADDR=127.0.0.1:51280 PURPOSE=USER 650 STREAM 18 SENTCONNECT 5 www.google.com.tw:80 650 STREAM 18 REMAP 5 72.14.235.99:80 SOURCE=EXIT 650 STREAM 18 SUCCEEDED 5 72.14.235.99:80 650 STREAM 17 CLOSED 5 72.14.235.104:80 REASON=END REMOTE_REASON=unknown and interspersed with that you get circ info like 650 CIRC 10 LAUNCHED PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00 PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator,$D3EAC880BECBE5F80DB4609F225D351CC4F72395 PURPOSE=GENERAL 650 CIRC 10 BUILT $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator,$D3EAC880BEC You can also do a command like getinfo circuit-status which will spit out a summary: getinfo circuit-status 250+circuit-status= 9 EXTENDED gremlin,pickaproxy 8 BUILT BostonUCompSci,$D0FF59689F9148D47B03DC03025853C80315A930,$D1C0C9FF2F88EB291DD436A1485DD471EB80D40F 6 BUILT gremlin,myrnaloy,godzilla,tor26 4 BUILT gremlin,SEC,vallenator 3 BUILT $43AF24071B400911629D5BC9FC20DE335F9DFC00,$8318A0A99B26785C6AB59FB3A290F6A04ADDD42C,vallenator 2 BUILT BostonUCompSci,$2682892CB12EDA0B69049C42A8483A680F70F56F,$83044401FD17BB48723049ED5BF7F1E9A9AB1A00,EviDancerDirServer 1 BUILT gremlin,SEC,$F701FBB7B5B70B765751D71DA8FE40E517223331 . --Roger
Re: is tor an email mixmaster?
On Monday 10 November 2008, Erilenz wrote: * on the Sun, Nov 09, 2008 at 10:43:29AM -0800, Christopher Davis wrote: someone has setup an open SMTP relay as hidden service: oogjrxidhkttf6vl.onionport: 587 May be, it works. I did not test it. :-( Unfortunately, this doesn't seem to be running. The idea is interesting, though. It would be prudent to enable spam filtering and/or hashcash for a service like this, of course. Yeah. I've heared that relay mentioned several times before, but I've never been able to connect to it. I can connect to other hidden services fine. You're the first other person I've come across that has either confirmed it working or not working. There's no hidden service directory available any more for this service. Long time ago I wrote a small tool to check for hidden services. It consists of a shell script an a C program. Compile the program and then run the shell script with the .onion-URL as a parameter. Find the souces below. Bernhard ___SHELLSCRIPT___ #!/bin/sh if [ -z $1 ] ; then echo usage: $0 hidden_service_hostname exit 1 fi TDIR=http://moria.seul.org:9032; HPID=`echo $1 | cut -d . -f 1` rm $HPID /dev/null 21 wget -q $TDIR/tor/rendezvous/$HPID if [ ! -f $HPID ] ; then echo could download \$HPID\ from directory \$TDIR\ exit 1 fi ./getdesc $HPID ___/SHELLSCRIPT___ ___C-SOURCE___ #include stdio.h #include unistd.h #include arpa/inet.h #include time.h #include string.h #define FRAME_SIZE 2048 int main(int argc, char *argv[]) { char buf[FRAME_SIZE]; char timestr[32]; char *ptr = buf; int len, intro, i; time_t ts; struct tm *tm; read(0, buf, FRAME_SIZE); len = ntohs(*((uint16_t*) ptr)); ptr += len + 2; ts = ntohl(*((uint32_t*) ptr)); tm = localtime(ts); strftime(timestr, 32, %c, tm); ptr += 4; intro = ntohs(*((uint16_t*) ptr)); ptr += 2; printf(key_len = %d\ntimestamp = \%s\ (%ld)\nintro_point_cnt = %d\n, len, timestr, ts, intro); for (i = 0; i intro; i++) { printf(intro_point[%d] = \%s\\n, i, ptr); ptr += strlen(ptr) + 1; } return 0; } ___/C-SOURCE___ signature.asc Description: This is a digitally signed message part.
Re: determining which are the ORs a Tor circuit is using
Hello Roger Thanks a lot. I thought I had emailed to a wrong group initially so I emailed to all the groups. Sorry about that spamming. Ill go through this and get back. Thanks Sambuddho On Tue, 2008-11-11 at 17:32 -0500, Roger Dingledine wrote: Btw, please pick only one mailing list to send your mail to. Your follow-up mail actually sent it to three lists, not just two. This is not cool. :) On Tue, Nov 11, 2008 at 02:50:14PM -0500, Sambuddho Chakravarty wrote: Hello All I have a general question. I am using the default torrc (without specifying which ORs to select and letting the client determine the best ones for itself). Is there a way to detect which are the ORs the client picks up for the entry , middleman and exit nodes (rather than hacking into the source code of the tor client). I am using a rather dated version of the client - 0.1.2.18. The traditional way to do this is to open your Tor's control port, and then attach a controller program (lika Vidalia, but you can write your own too with the torctl libraries) to ask questions like this. See doc/spec/control-spec.txt for many more details. For example, if you send setevents extended circ stream Then for streams you get lines like this 650 STREAM 17 NEW 0 www.google.com:80 SOURCE_ADDR=127.0.0.1:51279 PURPOSE=USER 650 STREAM 17 SENTCONNECT 5 www.google.com:80 650 STREAM 17 REMAP 5 72.14.235.104:80 SOURCE=EXIT 650 STREAM 17 SUCCEEDED 5 72.14.235.104:80 650 STREAM 18 NEW 0 www.google.com.tw:80 SOURCE_ADDR=127.0.0.1:51280 PURPOSE=USER 650 STREAM 18 SENTCONNECT 5 www.google.com.tw:80 650 STREAM 18 REMAP 5 72.14.235.99:80 SOURCE=EXIT 650 STREAM 18 SUCCEEDED 5 72.14.235.99:80 650 STREAM 17 CLOSED 5 72.14.235.104:80 REASON=END REMOTE_REASON=unknown and interspersed with that you get circ info like 650 CIRC 10 LAUNCHED PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00 PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator,$D3EAC880BECBE5F80DB4609F225D351CC4F72395 PURPOSE=GENERAL 650 CIRC 10 BUILT $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator,$D3EAC880BEC You can also do a command like getinfo circuit-status which will spit out a summary: getinfo circuit-status 250+circuit-status= 9 EXTENDED gremlin,pickaproxy 8 BUILT BostonUCompSci,$D0FF59689F9148D47B03DC03025853C80315A930,$D1C0C9FF2F88EB291DD436A1485DD471EB80D40F 6 BUILT gremlin,myrnaloy,godzilla,tor26 4 BUILT gremlin,SEC,vallenator 3 BUILT $43AF24071B400911629D5BC9FC20DE335F9DFC00,$8318A0A99B26785C6AB59FB3A290F6A04ADDD42C,vallenator 2 BUILT BostonUCompSci,$2682892CB12EDA0B69049C42A8483A680F70F56F,$83044401FD17BB48723049ED5BF7F1E9A9AB1A00,EviDancerDirServer 1 BUILT gremlin,SEC,$F701FBB7B5B70B765751D71DA8FE40E517223331 . --Roger
Re: Introducing Torsocks - Transparent socks for Tor
I found another problem in torsocks bash script. There is missing backslash in sed construction around . torsocks off. More in googlecode issue http://code.google.com/p/torsocks/issues/detail?id=1 Bye, Marek 2008/10/26 slush [EMAIL PROTECTED] Hi, nice work! I tried and works perfectly. Just one typo. in src/usewithtor.in - there is missing # on line four. It works, but print warning in runtime. If is anybody interested, on http://www.slush.cz/torsocks_1.0-beta-1_i386.deb is DEB package (made by checkinstall tool) for Debian (tested on unstable) and Ubuntu (tested on 8.10). Marek 2008/10/26 Robert Hogan [EMAIL PROTECTED] Linux users may be familiar with the various patches for tsocks that make it safe for use with Tor. https://wiki.torproject.org/noreply/TheOnionRouter/TSocksPatches Torsocks takes all of the patches to tsocks listed at the link above: http://code.google.com/p/torsocks/source/browse/trunk#trunk/patches applies some other enhancements: http://code.google.com/p/torsocks/source/browse/trunk/ChangeLog and incorporates them into a new project: http://code.google.com/p/torsocks/ Torsocks allows you to use most socks-friendly applications in a safe way with Tor. Once you have installed torsocks, just launch it like so: usewithtor [application] So, for example you can use ssh to a some.ssh.com by doing: usewithtor ssh [EMAIL PROTECTED] or launch pidgin by doing: usewithtor pidgin You can download the current build at: http://torsocks.googlecode.com/files/torsocks-1.0-beta.tar.gz Torsocks is released under the GNU GPL licence v2. As far as I can make out this is compatible with the original tsocks and all subsequent patches. -- e-mail/jabber/msn: [EMAIL PROTECTED] icq: 360-737-802 | skype: on request phone: (+420) 724 249 422
Re: determining which are the ORs a Tor circuit is using
Hello On Tue, 2008-11-11 at 17:32 -0500, Roger Dingledine wrote: Btw, please pick only one mailing list to send your mail to. Your follow-up mail actually sent it to three lists, not just two. This is not cool. :) On Tue, Nov 11, 2008 at 02:50:14PM -0500, Sambuddho Chakravarty wrote: Hello All I have a general question. I am using the default torrc (without specifying which ORs to select and letting the client determine the best ones for itself). Is there a way to detect which are the ORs the client picks up for the entry , middleman and exit nodes (rather than hacking into the source code of the tor client). I am using a rather dated version of the client - 0.1.2.18. The traditional way to do this is to open your Tor's control port, and then attach a controller program (lika Vidalia, but you can write your own too with the torctl libraries) to ask questions like this. See doc/spec/control-spec.txt for many more details. For example, if you send setevents extended circ stream Then for streams you get lines like this 650 STREAM 17 NEW 0 www.google.com:80 SOURCE_ADDR=127.0.0.1:51279 PURPOSE=USER 650 STREAM 17 SENTCONNECT 5 www.google.com:80 650 STREAM 17 REMAP 5 72.14.235.104:80 SOURCE=EXIT 650 STREAM 17 SUCCEEDED 5 72.14.235.104:80 650 STREAM 18 NEW 0 www.google.com.tw:80 SOURCE_ADDR=127.0.0.1:51280 PURPOSE=USER 650 STREAM 18 SENTCONNECT 5 www.google.com.tw:80 650 STREAM 18 REMAP 5 72.14.235.99:80 SOURCE=EXIT 650 STREAM 18 SUCCEEDED 5 72.14.235.99:80 650 STREAM 17 CLOSED 5 72.14.235.104:80 REASON=END REMOTE_REASON=unknown and interspersed with that you get circ info like 650 CIRC 10 LAUNCHED PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00 PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator PURPOSE=GENERAL 650 CIRC 10 EXTENDED $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator,$D3EAC880BECBE5F80DB4609F225D351CC4F72395 PURPOSE=GENERAL 650 CIRC 10 BUILT $43AF24071B400911629D5BC9FC20DE335F9DFC00,ratator,$D3EAC880BEC Does this correlate to the place in the code in the file circuitbuilt.c where you are signalling a circiut to go from closed state to open state. circuit_send_next_onion_skin() { .. if (!hop) { /* done building the circuit. whew. */ circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN); log_info(LD_CIRC,circuit built!); circuit_reset_failure_count(0); if (!has_completed_circuit !circ-build_state-onehop_tunnel) { or_options_t *options = get_options(); has_completed_circuit=1; /* Log a count of known routers here */ log(LOG_NOTICE, LD_GENERAL, Tor has successfully opened a circuit. Looks like client functionality is working.); } Thanks Sambuddho You can also do a command like getinfo circuit-status which will spit out a summary: getinfo circuit-status 250+circuit-status= 9 EXTENDED gremlin,pickaproxy 8 BUILT BostonUCompSci,$D0FF59689F9148D47B03DC03025853C80315A930,$D1C0C9FF2F88EB291DD436A1485DD471EB80D40F 6 BUILT gremlin,myrnaloy,godzilla,tor26 4 BUILT gremlin,SEC,vallenator 3 BUILT $43AF24071B400911629D5BC9FC20DE335F9DFC00,$8318A0A99B26785C6AB59FB3A290F6A04ADDD42C,vallenator 2 BUILT BostonUCompSci,$2682892CB12EDA0B69049C42A8483A680F70F56F,$83044401FD17BB48723049ED5BF7F1E9A9AB1A00,EviDancerDirServer 1 BUILT gremlin,SEC,$F701FBB7B5B70B765751D71DA8FE40E517223331 . --Roger
Re: determining which are the ORs a Tor circuit is using
On Tue, Nov 11, 2008 at 06:43:47PM -0500, Sambuddho Chakravarty wrote: For example, if you send setevents extended circ stream Does this correlate to the place in the code in the file circuitbuilt.c where you are signalling a circiut to go from closed state to open state. circuit_send_next_onion_skin() That's one of the places. grep for calls to control_event_circuit_status() for what the various circ events correspond to. (One of them is called from circuit_has_opened(), which is very near the piece of code you pasted. And that's the only place right now that signals a circuit has finished building.) --Roger
Ping: Kyle Williams: TorVM
Kyle, recently saw your latest contribution: TorVM. Could you discuss the essential differences between TorVM and JanusVM? Looking forward to giving this a try!! Thanks, Jack Straw