new middleman
Does this look good, or do I have to change anything? https://tns.nighteffect.com/router_detail.php?FP=f0af51625a9306417dc20d9fefea614c7ebf722d Regarding thread http://archives.seul.org/or/talk/Sep-2006/msg00107.html did any of the German tor *middleman* operators get any nasty mail or visits from officials? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Block directory authorities, is it possible?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I live in China and was/am having difficulties in using Tor, the problem is: it takes quite a long time to build a circuit for the first time I start Tor on my Windows machine. I think it is because of the earthquake that destroys the fibers at the seabed near Taiwan at the end of 2006, communications to the US were almost blocked, to the EU were jammed. So it is very difficult to download a new network-status from a directory authority. Excerpt from dir-spec.txt: Clients discard all network-status documents over 24 hours old. [...] When a client has no live network-status documents, it downloads network-status documents from a randomly chosen authority. Well, Tor will finally recover here when the fibers are repaired. But this reminds me of a possible attack against the Tor network, say, if the notorious Great Firewall of China blocks *all* the connections to *all* the directory authorities (currently 5 I believe), then Tor will will become completely useless in China. Considering the number of directory authorities, this doesn't seem to be infeasible. (In fact, I think this is easy to some extent.) Am I understanding correctly? Are there any actions Tor can take? After all, we cannot simply assume this will not happen in the future. Regards, Hanru -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFp1fdtHG285r2MGoRAkZnAKDWSHhGeywm1ZzOrzVAFFNuW0sTCwCgxecY /BIbP7ezozl8aiuCnWaSCFM= =ToDN -END PGP SIGNATURE-
Re: new middleman
Hi, does it really run tor version 0.1.0.16 ? May be, its time to upgrade, or does you have a reason for using the old version for a new middle-man? Eugen Leitl schrieb: Does this look good, or do I have to change anything? https://tns.nighteffect.com/router_detail.php?FP=f0af51625a9306417dc20d9fefea614c7ebf722d Regarding thread http://archives.seul.org/or/talk/Sep-2006/msg00107.html did any of the German tor *middleman* operators get any nasty mail or visits from officials?
Re: new middleman
On Fri, Jan 12, 2007 at 10:53:22AM +0100, K. Neß wrote: Hi, does it really run tor version 0.1.0.16 ? May be, its time to upgrade, or does you have a reason for using the old version for a new middle-man? Allright, the ubuntu packages are apparently way out of date. Thanks for pointing that out. I've fixed things accordingly to http://www.brainonfire.net/2006/10/08/upgrade-tor-latest-version-ubuntu/ Raising maximum number of filedescriptors (ulimit -n) to 8192. Starting tor daemon: tor... Jan 12 11:30:00.512 [notice] Tor v0.1.1.26. This is experimental software. Do not rely on it for strong anonymity. Jan 12 11:30:00.513 [notice] Initialized libevent version 1.1a using method epoll. Good. Jan 12 11:30:00.513 [notice] connection_create_listener(): Opening OR listener on 0.0.0.0:9001 Jan 12 11:30:00.514 [notice] connection_create_listener(): Opening Directory listener on 0.0.0.0:9030 done. Firewall is reporting traffic (cool, never knew there's RRD graphs in there as well). Anything else? (This thing is a pure middleman, remember). Eugen Leitl schrieb: Does this look good, or do I have to change anything? https://tns.nighteffect.com/router_detail.php?FP=f0af51625a9306417dc20d9fefea614c7ebf722d Regarding thread http://archives.seul.org/or/talk/Sep-2006/msg00107.html did any of the German tor *middleman* operators get any nasty mail or visits from officials? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: Block directory authorities, is it possible?
At 04:41 AM 1/12/2007, Pei Hanru wrote: Well, Tor will finally recover here when the fibers are repaired. But this reminds me of a possible attack against the Tor network, say, if the notorious Great Firewall of China blocks *all* the connections to *all* the directory authorities (currently 5 I believe), then Tor will will become completely useless in China. Considering the number of directory authorities, this doesn't seem to be infeasible. (In fact, I think this is easy to some extent.) Am I understanding correctly? Are there any actions Tor can take? After all, we cannot simply assume this will not happen in the future. You are correct that this is a vulnerability now. We're developing a blocking resistance strategy that should ameliorate this risk. Perhaps one of the developers will comment on this further. Thanks! Shava Nerad Executive Director The Tor Project http://tor.eff.org/ http://blogs.law.harvard.edu/anonymous/ [EMAIL PROTECTED] +1 617-776-2659 +1 617-767-6735 (cell) skype: shava23
Bandwidth limits
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I selected a new subject line since this isn't on topic anymore (letter from the feds). I noticed in the German version the help text is not completely displayed so the user doesn't know what that limit is really about (and the help icon is talking about the old limit, the INcoming traffic limit only). So I switched to English and it tells me to put in my upload speed. So I tried out 40 kb/s maximum and 20 kb/s minimum and get the following error message each time I start my (middleman) server: Jan 12 16:54:38:703 [Warning] bandwidthrate unreadable or 0. Failing. Jan 12 16:54:38:703 [Warning] router_rebuild_descriptor(): Couldn't allocate string for descriptor. Jan 12 16:54:38:921 [Warning] bandwidthrate unreadable or 0. Failing. Jan 12 16:54:38:921 [Warning] router_rebuild_descriptor(): Couldn't allocate string for descriptor. Jan 12 16:54:40:187 [Warning] bandwidthrate unreadable or 0. Failing. Jan 12 16:54:40:203 [Warning] router_rebuild_descriptor(): Couldn't allocate string for descriptor. It goes on and on like that. I looked at the torrc file and it correctly saved what I typed in: BandwidthBurst 40960 # A token bucket limits the average incoming bandwidth on this node to the # specified number of bytes per second. BandwidthRate 20480 If I put in 3 digit numbers (for example 300 kb/s and 200 kb/s) I don't get the error message. However, my bandwidth is completey taken by Tor and denies any other internet activities unless I had all the time of the world available. ;) Sincerely, Enigma - -- German Tor mailing list / surveillance and anonymity: http://www.anti1984.com GPG key ID: 4096R/602492EA [EMAIL PROTECTED] schrieb: On Thu, Jan 11, 2007 at 11:24:07PM +0100, [EMAIL PROTECTED] wrote 1.9K bytes in 51 lines about: : Yeah I read that but I can't find any option for that in Vidalia, was : it integrated into Vidalia yet or just in Tor? Sadly, I don't know how : to set options for Tor without Vidalia. ;) It only appears under Settings - Server - Relay Traffic for the Tor Network - Bandwidth Limits tab. At least, this is the path in my version of Vidalia (0.0.10). -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRaewDKwicbNgJJLqAQLEYQ//dDXQmdJzUGgfxC2D3ZThak83eBg2nRzE 7eSBxKnlK4gU6wZ/71YNh4Y1azWeqC5M/bVDitWllohm6hO1jxNLCrP0cgziBrNX ASTPIPeVjoN9J9ZkeeTynqr9wJaWrWfpTugrorn/W4l1Kui5CDDXTU7zU2iMoQuo diuJqw21Y014YZ+h3cEYI4wPjfMSWdckPlsHSjFwuIAXHoiVtFh7gQpz3DBGBUPJ DKObEq/j1rVa91s+xZCkMYO0JjvqbzVykosRi+snDFXmc4zvQ8hiqtE88oxzE+5j sfPo023ehIIK91Yy5XPKEtLfVLdDsgzHte3azq4RNyfWusY87fU/1blbgm9s0FCw 0hIbIO/YYGpRK4SNzfVGdxmIE8bnlLQfyXQi4pYg78WJ4Gg90wwDCDpjGKSYeWAo AwhvB3341VCH+c43aFPNrMJu66bu9tmzjX0IjjNwZQfGWYyK9Jussm67V9E2cAJB 41l5RA9fxhn8B5U9hmBgqoDPFGGARlbs8cV3OFhWfeZmWBKFck9Yufmia2kIF6jz 6tnU1CnHoP02IDLsAGYgbynxhby1/HVPwMc0ckJIgIQYN97VK4OauoisgSjabYE5 i3bMgd2XwhzuF+bPvZSAUuTkGJX7v8VoPjzTkGJ34L6wU23hdpk32QFHrIbStwEl zV35OJnWGvE= =FBtk -END PGP SIGNATURE-
Re: Bandwidth limits
On Fri, Jan 12, 2007 at 04:58:05PM +0100, Enigma wrote: So I switched to English and it tells me to put in my upload speed. So I tried out 40 kb/s maximum and 20 kb/s minimum and get the following I've waited a bit before the new server stabilized traffic before I tried placing a VoIP call on the same DSL line. Unthrottled, the result was unusable. Even with 40 KB limits it took a while (some 20-30 sec into the call) it took a while before stuttering subsided, and only occasional faint artifacts were heard. I'm trying BandwidthRate 30 KB BandwidthBurst 30 KB now, but I welcome other solutions. I could use pfSenses TrafficShaper to throttle select ports, but it would still no good if the DSL FIFO was full. I think I'm going to titrate the value for a while, until I've got something I can live with. If I put in 3 digit numbers (for example 300 kb/s and 200 kb/s) I don't get the error message. However, my bandwidth is completey taken by Tor and denies any other internet activities unless I had all the time of the world available. ;) http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#LimitBandwidth suggests disabling DirPort if all else fails: If you have an asymmetric connection (upload less than download) such as a cable modem, you should set BandwidthRate to less than your smaller bandwidth (Usually that's the upload bandwidth). (Otherwise, you could drop many packets during periods of maximum bandwidth usage -- you may need to experiment with which values make your connection comfortable.) Then set BandwidthBurst to the same as BandwidthRate. Since the BandwidthRate and BandwidthBurst options only look at incoming bytes currently, you may find that if you're still seeing too much outgoing traffic, you should turn off your DirPort; most users don't need to do this though. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: Bandwidth limits
How about using ToS filtering so all your traffic (like voip) gets higher priority that tor? On 1/12/07, Eugen Leitl [EMAIL PROTECTED] wrote: On Fri, Jan 12, 2007 at 04:58:05PM +0100, Enigma wrote: So I switched to English and it tells me to put in my upload speed. So I tried out 40 kb/s maximum and 20 kb/s minimum and get the following I've waited a bit before the new server stabilized traffic before I tried placing a VoIP call on the same DSL line. Unthrottled, the result was unusable. Even with 40 KB limits it took a while (some 20-30 sec into the call) it took a while before stuttering subsided, and only occasional faint artifacts were heard. I'm trying BandwidthRate 30 KB BandwidthBurst 30 KB now, but I welcome other solutions. I could use pfSenses TrafficShaper to throttle select ports, but it would still no good if the DSL FIFO was full. I think I'm going to titrate the value for a while, until I've got something I can live with. If I put in 3 digit numbers (for example 300 kb/s and 200 kb/s) I don't get the error message. However, my bandwidth is completey taken by Tor and denies any other internet activities unless I had all the time of the world available. ;) http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#LimitBandwidth suggests disabling DirPort if all else fails: If you have an asymmetric connection (upload less than download) such as a cable modem, you should set BandwidthRate to less than your smaller bandwidth (Usually that's the upload bandwidth). (Otherwise, you could drop many packets during periods of maximum bandwidth usage -- you may need to experiment with which values make your connection comfortable.) Then set BandwidthBurst to the same as BandwidthRate. Since the BandwidthRate and BandwidthBurst options only look at incoming bytes currently, you may find that if you're still seeing too much outgoing traffic, you should turn off your DirPort; most users don't need to do this though. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: Bandwidth limits
On Fri, Jan 12, 2007 at 09:14:30AM -0700, Ringo Kamens wrote: How about using ToS filtering so all your traffic (like voip) gets higher priority that tor? I've had a case in the (distant) past where an 0wned server of mine on a residential ADSL line had a ridiculous ping (some 20-30 s, IIRC), due to running a DDoS against some unknown target. (In fact, this is how I discovered I had a system penetration problem). Assuming this is an ADSL FIFO (assuming, there is such a thing, I'm unfamiliar with my ISP's infrastructure) which is outside of my control TrafficShaping wouldn't do much in the call's beginning, until the FIFO would drain enough for the packet loss rate to subside, which is what I presume is happening. I think I will titrate the Bandwidthrate and Bandwidthburst first, before mucking with firewall's traffic prioritization (I'm running PfSense's Traffic Shaper wizard's default configuration right now, which is probably suboptimal). -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: Bandwidth limits
Enigma wrote: I selected a new subject line since this isn't on topic anymore (letter from the feds). I noticed in the German version the help text is not completely displayed so the user doesn't know what that limit is really about (and the help icon is talking about the old limit, the INcoming traffic limit only). So I switched to English and it tells me to put in my upload speed. So I tried out 40 kb/s maximum and 20 kb/s minimum and get the following error message each time I start my (middleman) server: Jan 12 16:54:38:703 [Warning] bandwidthrate unreadable or 0. Failing. Jan 12 16:54:38:703 [Warning] router_rebuild_descriptor(): Couldn't allocate string for descriptor. Jan 12 16:54:38:921 [Warning] bandwidthrate unreadable or 0. Failing. Jan 12 16:54:38:921 [Warning] router_rebuild_descriptor(): Couldn't allocate string for descriptor. Jan 12 16:54:40:187 [Warning] bandwidthrate unreadable or 0. Failing. Jan 12 16:54:40:203 [Warning] router_rebuild_descriptor(): Couldn't allocate string for descriptor. It goes on and on like that. I looked at the torrc file and it correctly saved what I typed in: BandwidthBurst 40960 # A token bucket limits the average incoming bandwidth on this node to the # specified number of bytes per second. BandwidthRate 20480 If I put in 3 digit numbers (for example 300 kb/s and 200 kb/s) I don't get the error message. However, my bandwidth is completey taken by Tor and denies any other internet activities unless I had all the time of the world available. ;) Sincerely, Enigma (note, OpenPGP reports signature verification failed, bad signature) -- GnuPG key ID is 0x84189146 on subkeys.pgp.net signature.asc Description: OpenPGP digital signature
Re: Block directory authorities, is it possible?
Thus spake Pei Hanru ([EMAIL PROTECTED]): Hi all, I live in China and was/am having difficulties in using Tor, the problem is: it takes quite a long time to build a circuit for the first time I start Tor on my Windows machine. Am I understanding correctly? Are there any actions Tor can take? After all, we cannot simply assume this will not happen in the future. If the problem right now is just IP blocking you can try the tor option HttpProxy which will route your dirserver traffic through an http proxy you specify. Unfortunately, certain areas have begun blocking by the /tor/ url postfix that dirservers use, independent of IP. There is an option in 1.2.x/SVN to tunnel this traffic via other tor nodes (via SSL), but I believe it is prone to exploding at this point in time. -- Mike Perry Mad Computer Scientist fscked.org evil labs