Re: Advanced traffic shaping with iptables?
On Tue, Sep 25, 2007 at 02:32:44AM +0200, Linus L?ssing wrote: > Hi there! > My problem is, that I'm sharing the Bandwidth of my ADSL Internet > connection (50KiB/s upload) with TOR and some other applications (i.e. > online games, VPN-Server, small Teamspeak-Server, VoIP) as well. I've > read, that with iptables I could priorise the packages. At the moment > I'm just offering 25KiB/s, cause I need at least 25KiB/s for the other > applications. But for the most time, I'm using none of the other ones, > so I could theoretically offer 50KiB/s for TOR at these moments. It > would be really, really helpfull, if I could set up a bandwidth rule for > TOR with iptables, so I would get at least 10KiB/s but it could get all > the bandwidth, that would be wasted (remember the Task-Manager for > CPU-Usage-Priority, I need something like "low priority" for the > bandwidth). Maybe someone has already built something like this as a > shell script for example? Or maybe some links to good explained > tutorials would be usefull as well. Any help to get this done is > appreciated. See http://archives.seul.org/or/talk/Aug-2007/msg00192.html for such a script. I've not tested it myself, so YMMV. the documentation on trafic shaping under linux is here: http://lartc.org/ Cheers! pgpZ8vDN1tI3o.pgp Description: PGP signature
RE: Advanced traffic shaping with iptables?
> TOR with iptables, so I would get at least 10KiB/s but it could get all > the bandwidth, that would be wasted (remember the Task-Manager for > CPU-Usage-Priority, I need something like "low priority" for the > bandwidth). Maybe someone has already built something like this as a > shell script for example? Or maybe some links to good explained > tutorials would be usefull as well. Any help to get this done is > appreciated. > Greetings, Linus > PS: Or would this sort of dynamic bandwidth-offer harm the TOR-network > in any way, could this make things sort of "unstable", especially for > established and active routes? Burst bandwidth wouldn't hurt the network. If you want bandwidth shaping, I'd suggest using pf (Open/FreeBSD) for traffic shaping. iptables + tc never did the job for me and it's the reason I tried pf in the first place. Pf has incredibly legible syntax and reading the pf faq will get you up and running in no time.
Advanced traffic shaping with iptables?
Hi there! My problem is, that I'm sharing the Bandwidth of my ADSL Internet connection (50KiB/s upload) with TOR and some other applications (i.e. online games, VPN-Server, small Teamspeak-Server, VoIP) as well. I've read, that with iptables I could priorise the packages. At the moment I'm just offering 25KiB/s, cause I need at least 25KiB/s for the other applications. But for the most time, I'm using none of the other ones, so I could theoretically offer 50KiB/s for TOR at these moments. It would be really, really helpfull, if I could set up a bandwidth rule for TOR with iptables, so I would get at least 10KiB/s but it could get all the bandwidth, that would be wasted (remember the Task-Manager for CPU-Usage-Priority, I need something like "low priority" for the bandwidth). Maybe someone has already built something like this as a shell script for example? Or maybe some links to good explained tutorials would be usefull as well. Any help to get this done is appreciated. Greetings, Linus PS: Or would this sort of dynamic bandwidth-offer harm the TOR-network in any way, could this make things sort of "unstable", especially for established and active routes?
Re: Set up a webproxy to TOR - tor-proxy.net
On Mon, Sep 24, 2007 at 09:25:47PM +0100, Robert Hogan wrote: > On Monday 24 September 2007 02:22:34 Ricky Fitz wrote: > > Am Sonntag, den 23.09.2007, 20:50 -0400 schrieb [EMAIL PROTECTED]: > > > On Mon, Sep 24, 2007 at 12:42:31AM +0200, Ricky Fitz wrote: > > > > It is running on the same server my TOR-Server is running (called > > > > GrossATuin). > > > > > > Does your proxy use a separate Tor client, do you exclude your node as > > > as an entry? > > > > No, it does not use a seperate Tor-Client. Therefore it doesn't make > > sense to exklude my node. It uses the Tor-Session which runs as a > > tor-node. So if you spy on the traffic of the server, you will not be > > able to see, which traffic is from routing traffic for acting as a > > server, and which from acting as a client. I think that's safer than > > using a second client. > > > > So is your cgi-proxy routing everything to an instance of privoxy/polipo > running on your machine or directly to the tor socks port? > > If it is routing everything to privoxy/polipo, what configuration are you > using? > > I think it is this sort of detail that phobos has in mind. > > > > > I was wondering recently about the security implications of such a setup. > > > > > > I was thinking of using a vpn to access my Tor server. From there, all > > > vpn traffic would be proxied through another tor instance running in > > > client mode with no bw limitations. Would that be more secure because a > > > tor server is already running there or less secure because, if in some > > > way, the traffic from the two instances could be differenciated and the > > > vpn connections would make the whole system less secure because they > > > would allow timing and statistical attacks relating vpn traffic to the > > > second tor traffic? > > > > I really don't know, if it will be possible to identify the > > vpn-connection because of the data which is transferred. But it would be > > possible, to see that there is another service running than tor. Also, > > what Bluestar is doubled. If we build a VPN from my server to yours, not > > only me is theoretical able to spy on the traffic, but also you. (Not > > that I want to say I do not trust you, but it kills the advantages of > > onion-system. > > > > I think the answer is 'less secure'. That vpn link to bluestar88 is used only > by you and it contains all your anonymous traffic on one little pipe over the > internet. Unless the link is padded to camouflage inactivity that has to make > things easier for an observer. I came to the same conclusion. A tor client connection from my home to the Tor network at least uses many entry guards. It makes that many more "little pipe" to sniff for an observer if he wants to get the global trafic patterns. The security implications would be different if used by many users as a service like XeroBank must do. I'm sure they do use just one instance thou, they don't have the same bandwidth limitation requirements. Thanks for the input. pgpc5kl8rdTo7.pgp Description: PGP signature
Re: Set up a webproxy to TOR - tor-proxy.net
On Monday 24 September 2007 02:22:34 Ricky Fitz wrote: > Am Sonntag, den 23.09.2007, 20:50 -0400 schrieb [EMAIL PROTECTED]: > > On Mon, Sep 24, 2007 at 12:42:31AM +0200, Ricky Fitz wrote: > > > It is running on the same server my TOR-Server is running (called > > > GrossATuin). > > > > Does your proxy use a separate Tor client, do you exclude your node as > > as an entry? > > No, it does not use a seperate Tor-Client. Therefore it doesn't make > sense to exklude my node. It uses the Tor-Session which runs as a > tor-node. So if you spy on the traffic of the server, you will not be > able to see, which traffic is from routing traffic for acting as a > server, and which from acting as a client. I think that's safer than > using a second client. > So is your cgi-proxy routing everything to an instance of privoxy/polipo running on your machine or directly to the tor socks port? If it is routing everything to privoxy/polipo, what configuration are you using? I think it is this sort of detail that phobos has in mind. > > I was wondering recently about the security implications of such a setup. > > > > I was thinking of using a vpn to access my Tor server. From there, all > > vpn traffic would be proxied through another tor instance running in > > client mode with no bw limitations. Would that be more secure because a > > tor server is already running there or less secure because, if in some > > way, the traffic from the two instances could be differenciated and the > > vpn connections would make the whole system less secure because they > > would allow timing and statistical attacks relating vpn traffic to the > > second tor traffic? > > I really don't know, if it will be possible to identify the > vpn-connection because of the data which is transferred. But it would be > possible, to see that there is another service running than tor. Also, > what Bluestar is doubled. If we build a VPN from my server to yours, not > only me is theoretical able to spy on the traffic, but also you. (Not > that I want to say I do not trust you, but it kills the advantages of > onion-system. > I think the answer is 'less secure'. That vpn link to bluestar88 is used only by you and it contains all your anonymous traffic on one little pipe over the internet. Unless the link is padded to camouflage inactivity that has to make things easier for an observer. -- Browse Anonymously Anywhere - http://anonymityanywhere.com TorK- KDE Anonymity Manager - http://tork.sf.net KlamAV - KDE Anti-Virus- http://www.klamav.net
Re: Servers and the "Named" flag (was Re: time needed to register a serve)
On Sun, Sep 23, 2007 at 04:37:27PM -0400, Roger Dingledine wrote: > > Once upon a time (2003 era), you needed to be manually approved or you > wouldn't be able to join the network. The primary reason was that we > needed to verify that your server was reachable, working, etc. Then > we got more than a dozen servers, including servers run by people we > didn't know, and we automated the process of testing reachability at the > directory authorities. Then we started to allow unnamed servers to join > the network and play pretty much the same role. > Not that it matters much for present purposes, but I would say that these primary reasons were actually clear ancillary benefits that grew to be the important reasons. The original motivation for putting this man-in-the-loop element in there by design was a kluge to have a simple if weak check on the number of servers run by a single authorities rather than to make sure servers were up and running properly (which was an issue whether you were known or not). In practice this started as Roger-has-to-know-you-out-of-band. Once we were pleased to scale beyond that being feasible, we (i.e., Roger) were still manually deciding whether to take a server into the network, so could avoid or manage-as-it-arose multiple servers obviously controlled by the same person, and we could have warm fuzzies that we made it at least a bit more work if someone wanted to do this non-obviously. Throughout this process, even when everyone was known, there will still interactions of the we-don't-seem-to-be-able-to-reach-you or we-don't-seem-to-be-able-to-make-circuits-through-you type. But, as the authorization aspect came to be less manageable and wasn't a functional issue, it ceased being something that was addressed at all in joining the network. I think even before Weasel took over this job from Roger it had entirely moved to an issue of functionality rather than preserving anonymity that was being addressed by having registration. As scaling continued, whether for server reachability/functioning or for authorization of who could join what to the network, this moved beyond what Weasel or anyone could feasibly manage in this way. We ultimately arrived at the current situation. The automation and usability of configuration continues to improve steadily (if much too slowly for the impatient). Managing who is in the network and/or their control of path endpoints is something that remains much trickier since the nature of the network is itself evolving. And what is theoretically justified, practical, and doesn't break some other aspect is itself very murky and the subject of ongoing research. aloha, Paul
Re: Servers and the "Named" flag (was Re: time needed to register a serve)
Interesting, while the server config page clearly says the email may not be answered, it does not indicate that the email will most likely never be ACTIONED. If it is the intention to not register names for servers, then that should be clearly stated in the Server configuration guide. It sounds like it's time to delete Step Four: 'Let us know about your server', since for all intents and purposes, the feature has been abandoned. I for one would like to see some protection given to the names assigned to long-term stable routers . . . but that may just be a personal preference of mine, I like to know which server ops take the time to actually register their servers :) Robert On Sep 23, 2007, at 1:37 PM, Roger Dingledine wrote: On Tue, Sep 18, 2007 at 03:06:53AM -0500, Scott Bennett wrote: Does anyone have a sense of the current processing delay in registering a server? I ask only because I sent off the registration information to [EMAIL PROTECTED] last Thursday evening, 13 Sept., and my server is still showing up in the status documents without the "Named" flag in them. It's not a big deal; I'm just curious. Processing of flight instructor certificate renewals is now said to take more than six months, and the certificates have to be renewed every 24 months. (Your tax dollars at work, of course. :-) Alas, we've pretty much stopped assigning the Named flag to servers. This is because it's a time-sink to manually go through and make sure the server is actually acting correctly, go put the keys in the right place, etc. There have been some proposals to make it easier, e.g. https://tor.eff.org/svn/trunk/doc/spec/proposals/113-fast-authority- interface.txt and at some point we should do one of them. See also the discussion under http://archives.seul.org/or/dev/Apr-2007/msg00040.html I'm a fan of solution #2 in the above url: there's no reason why a human needs to be in the loop, and if we don't know the operator on the other end, the "Named" flag doesn't mean what it meant in 2003 when we created it anyway. Once upon a time (2003 era), you needed to be manually approved or you wouldn't be able to join the network. The primary reason was that we needed to verify that your server was reachable, working, etc. Then we got more than a dozen servers, including servers run by people we didn't know, and we automated the process of testing reachability at the directory authorities. Then we started to allow unnamed servers to join the network and play pretty much the same role. The only main difference at this point is from the client perspective: if you manually specify a non-named server in your torrc or using the foo.exit syntax, your Tor will complain to you (well, to your logs) and suggest a hex digest that you should use instead. Now, there is an argument for letting people remember nicknames rather than hex digests. But I would eventually like to see some sort of graphical "server picking" interface that most users would use, and it would be smart enough to know the hex digest of the picked server. If, that is, we need any sort of server picking to be happening at all -- most users I hear from who need to specify a specific server rather than just let Tor pick for them seem to be doing it to get around crude access controls on websites or other services, and I'm not sure that's an arms race I want to get into. There are other problems that need to be solved from a usability angle. For example, if the nickname Alice picks is already registered, then when she tries to sign up her server, it will print a mysterious message in her logs ("there are logs? what's a log?") and her server won't be useful. We need to make that simpler somehow, and the simplest approach for now (by default) is to not have many Named servers. My preferred solution would be to add an "Unnamed" flag that servers get when they're using a nickname that is already registered -- the server will continue to be a fine server, but it will be invisible from the perspective of referring to servers by nickname. And lastly, one of the crucial reasons for maintaining contact with server operators is so they feel appreciated, and so we have an opportunity to answer their questions, address their concerns and problems, etc. Maintaining communication with the server community helps it to grow and be stable. We are doing a poor job at that currently. A few years ago I realized that I could choose between answering a whole lot more mail (and having the number of good Tor servers keep going up) and getting more development work done on Tor. Since Tor is nowhere close to done, the latter was the clear choice -- as long as there is *some* sort of Tor network, that's good enough for testing the new scalability/anonymity/performance features and bugfixes. Peter Palfrader then stepped up to answer mail for a while, but he soon found it to be a flood too. My fix at the
Re: [Polipo-users] Testing Polipo on Windows
On Mon, Sep 24, 2007 at 01:49:23PM +0200, [EMAIL PROTECTED] wrote 1.8K bytes in 48 lines about: : > However I'm a bit limited in what I can do. All I have at present is the : > mingw compiler and windows-xp under vmware. : : It looks like we're all struggling to support an obsolete OS that none : of us use any longer. It reminds me a little of the ``#ifdef VMS'' : fetish we used to have in the nineties. WinXP isn't obsolete yet. It has a very large installed base. Generally, what works under XP has worked with WinNT, Win2000, and Vista as well. I have win98 in a vm as well, I could test that as a truly obsolete OS. Much like Tor, it appears none of the polipo developers nor testers use Windows as their main OS. Unfortunately, our users typically use Windows as their main OS. This means we do have to support and maintain the Windows code and issues. I'm happy to test and maintain Windows packages for Polipo and Tor. I'm can't maintain the Windows code however, just provide good bug reports of what is broken. -- Andrew
Re: [Polipo-users] Testing Polipo on Windows
[CC-ing or-talk, in case somebody there has already heard about this Windows thing] >> 1. I'm seriously thinking about removing the native Windows code, >> unless I find a maintainer. > That worries me a bit, It's not like Polipo development breaks things daily. If the Mingw code starts rotting, you'll get plenty of advance notice (months). For now, I'm simply doing my best not to break anything, but not actively testing under Windows. But it does make me uneasy to have this blob of code in Polipo which I'm not able to maintain. Unless this changes, I am unwilling to commit to anything. > it's part of Hv3's plan for world domination. World domination is my plan. Please pick a different one. > And I can test it informally as part of Hv3 a bit. I think that would be more effective if Hv3 used a pristine copy of Polipo rather than a local copy, and tracked the head branch regularly -- this would make you notice faster if anything broke. Of course, if there were one or two Windows users willing to check every release candidate for Windows-specific regressions, that would do a lot to make me more comfortable. > However I'm a bit limited in what I can do. All I have at present is the > mingw compiler and windows-xp under vmware. It looks like we're all struggling to support an obsolete OS that none of us use any longer. It reminds me a little of the ``#ifdef VMS'' fetish we used to have in the nineties. Juliusz
Re: Set up a webproxy to TOR - tor-proxy.net
Hi Andrew, thanks first four your long answer! > I have a few concerns about your proxy setup and service. First off, > you should disclaim that this site and service isn't an official > project of Tor. People may confuse your url with the real Tor and > think they are getting the same anonymity properties. Although the Layout is much different, you are right, there could be some confusion. I will add a hint, that it is no official project of TOR. > Second is a concern over the last bullet point at the bottom > of http://tor-proxy.net/impressum.html. It appears to say that you are > recording IP address and browser in a log file. Additionally, the log > file is purged when 48 hours old. Why log at all? Simply disable all > logging in relation to the proxy service on the server. The default > Tor log settings should be sufficient. I suppose there is a misunderstanding. I am not logging anything about the proxy-service (like output of tor, privoxy, etc.). Only logging is made by a simple counter, included in the frontpage (index.php) for me to get some informations about how much people are using the service. There is no possibilty to use the data to find out, which sites users were accessing through the proxy, and if they were using the proxy at all. But I suppose it would be possible to change the counter that way, that it does not collect IP-Adresses at all, or delete it immediatly after counting the user. > Third, can you publish the source code that runs the proxy site? It > appears you are using php and CGI:Proxy code to interface with Tor. > Feel free to choose a FSF-approved license, such as the GPL or > 3-clause BSD, and publish the source for the site, along with any dependent > software and licenses as required by their license terms. The project works with CGIProxy of James Marshall ( http://jmarshall.com/tools/cgiproxy/ ). Did you mean that with the source code, that runs the proxy? Of course I could mention some more technical details like configuration-files etc. > Fourth, in order to be more transparent, you should publish the > configuration of the proxy. A clear description, whether text or > graphical, will help increase the trustworthiness of the service. Yes, good idea. I will do so. > Fifth, you probably want to publish the fingerprint of your > self-signed ssl cert, or look into getting a cert signed by a browser > accepted CA. This is weak, but possibly better than nothing. Thinking about using cacert.org as mentioned by Bluestar. > Sixth and final, if you decide to put ads on the site or become a > commercial entity, please contact The Tor Project before doing so. We > cannot allow a commercial entity to confuse users about Tor. As an > open source project, the disclaimer in the first paragraph may be > enough to not confuse users. Well, first I will never take money for using that service. I also wrote that in the FAQ. I think it isn't fair to all the other ones who are running nodes, and which the service relies on. Second, at the moment there is no need for me to put ads on the site, because server-costs are okay for me. If service would get very popular, and server-costs are getting higher, than probably it will be neccessary to do so, but thats totaly unclear. I would say, we can think about that, when the moment comes. Hopefully I answered some questions, Regards, Ricky. -- "Falls Freiheit überhaupt etwas bedeutet, dann bedeutet sie das Recht darauf, den Leuten das zu sagen, was sie nicht hören wollen." - George Orwell, aus dem Nachwort zu "Animal Farm", 1945 - GPG-Fingerprint: 10D6 7B8F 1F7C 7CB1 2C4E 930E AFD2 FDF3 A10B D302 GPG-Key-ID: AFD2FDF3A10BD302 http://www.lawlita.com/pgp-schluessel/ signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Set up a webproxy to TOR - tor-proxy.net
BlueStar88 schrieb: > > Ricky, you should try > > http://www.cacert.org/ > or you may try the free SSL-service at http://cert.startcom.org/ It is accepted by Mozilla browsers by default. Your proxy may became a nice service for some users. Greetings
Re: Set up a webproxy to TOR - tor-proxy.net
[EMAIL PROTECTED] schrieb: > On Mon, Sep 24, 2007 at 12:42:31AM +0200, [EMAIL PROTECTED] wrote 0.9K bytes > in 40 lines about: > : I just wanted to let you know, that I have set up a Webproxy to the > : TOR-Network, for letting people get the advantages of TOR who are not > : able to install TOR for themselves. [...] > Fifth, you probably want to publish the fingerprint of your > self-signed ssl cert, or look into getting a cert signed by a browser > accepted CA. This is weak, but possibly better than nothing. Ricky, you should try http://www.cacert.org/ They provide *free* certificates by email verification and an optional trust concept. A root-certificate to include into the clients webbrowser is available too, which can be offered to the users for download and installation. On some linux distros this root certificate is already included, or available as package at least. As they're working on getting into the Mozilla Firefox by default, it seems basically to be a good idea to try them... Greets -- BlueStar88 PGPID: 0x36150C86 PGPFP: E9AE 667C 4A2E 3F46 9B69 9BB2 FC63 8933 3615 0C86 signature.asc Description: OpenPGP digital signature