Re: Re: Re: My tor exit node is STILL gone from the node list
Hi list, hi Lee, > > It at least shouldn't be a problem for TOR, because it has worked with that > > setup for months. > Unless you know for sure that nothing has changed on the path between > your server and all the directory servers you don't know if path MTU > discovery being broken (if it really is) is a new problem or not. I have again spoken to my ISP and they say routing is fine. > What all do the directory servers need to do/see before marking your > server as a good exit? It'd be nice to know what they can't do that's > keeping your server from being marked as a good exit.. I'm interested in that as well. I still cannot get it to be flagged 'Running' reliably. Would TOR logging on my side help on this? I guess not? Appreciate any help, I'm sure you don't mind getting 4MB/s exits back. ;-) Alexandru -- - www.posta.ro - Romanias first free webmail since 1998! _ - powered by www.posta.ro
Planning to build private network
I am currently planning to build a private TOR network for 50 users. The goal of the network is to provide anonymous browsing and access to hidden services for the group while trying to avoid the low speeds seen in the public network. The users will not be using the the network for file sharing or high bandwidth applications like streaming media. The group currently uses the public network, and 12 are hosting relays. The main complaint from the group is that the public network is too slow for comfortable use of some internet applications. (No big surprise) I have a few questions. 1) Will a private network address the speed concerns if built properly? I have read considerable amounts on the subject of TOR's speed, and understand that the number of relays is not the overriding concern. 2) If the answer to 1 is yes (i believe it is), what would be the optimum number of relays to ensure privacy and speed? Is there a formula that determines the number of relays need for X number of users, with a say a 3 hop path? What about hidden services? If there a rule of thumb for determining the number of exits to relays? 3) What would the minimum specs of a individual relay be? How much bandwidth per relay should we strive for? 4) Assuming we build it properly, and do not abuse it, what kind of speeds can we expect from the network? Thanks -T
RE: Please help me test my hidden service
I've tried a few times since you posted to reach this site, without success - 'Domain does not resolve'. Tor 0.2.1.18 is the client, and I can reach the Hidden Wiki (on the second attempt at least). GD > Date: Mon, 3 Aug 2009 16:42:57 -0400 > From: 2600den...@gmail.com > To: or-talk@freehaven.net > Subject: Please help me test my hidden service > > Hey Folks, > > I posted a while ago saying I was making a how-to manual for newbies on > how to set up (reasonably) secure hidden services. I'm almost done but I > want to release my server for testing to see if I missed anything > obvious. This is a pretty standard LAMP install running in a virtual > machine. The OS is Ubuntu on both. > > The site is at http://76jejbkd7gtm5jbb.onion > > There's a drupal install at /drupal and a wordpress install (currently > not working due to forwarding issues) at /wordpress. > > Feel free to poke around all you want, just please don't do anything > that would stop other users from accessing the machine such as DoS > attacks. If you somehow break through, please stay off my home network ; ) > > I haven't allowed users to add content because... well.. you know what > would happen with that in onionland. If you want to add content just > throw me an email and I'll make you an account. I figure that way I have > somebody to blame if stuff goes horribly wrong. My PGP key is included > if you roll that way. > > I'm also interested to hear people's ideas on how exactly to test the > security of this server without handing out shell logins (or is that > exactly what I should do?). > > Any feedback is appreciated. > > Thanks, > Ringo > > > -BEGIN PGP PUBLIC KEY BLOCK- > Version: GnuPG v1.4.9 (GNU/Linux) > > mQGiBEniUKIRBADfn8kULsRd3si+zPnVbeVp4C/cjxfOxvPURPjRMDPRZPuDuEI5 > QIiMP+lZs0Y1BS/zubrwJ/R+knZW0dfkCbd0IBqhtcci4ZiDXRCNxxYow0MysweG > sbZE0QY4T2u40ffOLs9m/ENiDebUxknTyAg8/Jim9aBdEDgurCc7HCX+iwCghfLh > 1POMWQRkXB4zUmXQfp+u+0MD/j5SUN6ct6fH4ex3L/WeIHRA+PZXBEpQv5HCwcYO > 9VAtS0KYTtrBePXuhabjmiyhWIVsPHa8A+5RW3ONkK4gQ71E7sh2nu44p0rOSVkz > 9/ZQiHVCjxZJNhvCsabIFT2/G8OFo2XPnJ0+8Gfluueb5a/HKArUWHIvkws82kQ5 > 75RJBACJp436/Bvk/CpKDkIG8v/4dQkyNKhv5AEAbx3jNjdOAxNSK0tBaQAulgCk > GFNkk+wpv6OWaawgQzFh71KvmEswSLObXk+S6WZgC+Epy4XmfzzDG/gIHD0VuBQ+ > 2D8JzFT/TiDMu6wdYu4kgDg5sO4a5Yzn7xoYMF5YWzXnPKhXi7QacmluZ28gPHJp > bmdvQGhhY2tibG9jLm9yZz6IZgQTEQIAJgUCSeJQogIbIwUJAeEzgAYLCQgHAwIE > FQIIAwQWAgMBAh4BAheAAAoJEFUc7QiIWsvrdtkAn3KtPdxxC/qWmmIFZ4Nc4cFE > as42AJoDwdk/N9I3sPvc91wTTlbsKhoHLrkEDQRJ4lCiEBAAs2JYGr1k1Dgi3DMy > h0ziX+22tIWWyIJoGKWKFspA7nGeniOBodLBvR+POtqqGCh+bkm9I0X/YMF9oVcP > xXBql7H6E4JSgtCk7xtohDpLlfcCpsddVxcJdXYLynTUMcmJtCER0bCNIkTmYoV7 > uNXAqmUNAp4zaI70yWsidpAVHme0+sBUYNinfBdlcaMddzslbDtRV7yGKgvW3E5e > hPNTJ0pWF6WJg4VsEOFoP7pldtQ4YWScskvuCk957K4t4Of3QZs13Nn9sQZleFJU > E2L1bxEHuSqY/f1F/pbKmc7in8qkoBBAyhUbzCNxxELdof3uJpBy0pw0468GvSyb > Z4jyh2XFvxFFAcelzc453y9GOylIC0OQczkrzOa6QrIWQSmeCzn/byjLoi+TRFve > usRmJn5H9MJg+k+mG5LJM2mcyQJU2UOPDvSurKmk50vByBED6Qn5CvhXJp18H6Uk > 2r+PICG4h8aN9KZpSrMAqYggyKgAxHTlCaQzGCwvJGiX6lx6iIm2GLoqeHdRHZZX > 9XognVcbTwUWJkL0LR9nhm5U0GhFGM9eRdLw89C/Z/s1/Q/QLjoDh60qXcYo+vFS > 5bJtiT52HnlA002opyi+Zn5mk9aXQiksOJruIdNw1rvJSe+uAIYQeBv+rinxzAyL > 4f/p/+vvgnfgkEc2G1hLuGTvWMsAAwYP+gIhIgQ6UwQ0Bu1gyRN88Gs9H0fnQ74Z > RmFXDgUtpn1YrFzFfTNegQh8vvgo1pXV4ZDPc0w9Cs8QHrspnkYrvSymAEmwYtGd > nvnAVVROIJfN5d140Z1FJXCgFp/3m2SAX1omYyN3/5WX9ef1uaYWub48kSdqfHlr > xe8Z15nXQ9E6WMgDtP5jXpfCkAnweW6/WSGRrHlRyBUevCTyRSZ4dwtim0GHsls9 > VbfDYWJVxiKWdgjtjg+PfsXrdQG2KICEHXprS9/tYCheWaHP4couXVHDPUNMGK/w > HSYXbr0/xA0i0JHpRzVCDweKZ32hgbYkTXp0U7ArBYLtbfpWlB8uWHFFAIS5yJQL > YMwc8/qFCgl5fUGMk4ZLTgbftQo/sfcOAIPQl2nVjhnvzucj8PgBBaJgH9ORTpW6 > 89zIzOtfXfju0dq4LC6Xj4h6SA/duh8dEiBzewNJ1FwnlrywvaQjsVdx5+5RolAk > gZKcT4hHCj+s2vCAyF5R70rfKkZkKhMuUzEWc4R4AzbkmI1eTtEl/FJVCzBsJRan > HC+YMgCdf2ujTxvBltytpWrs0nvzFVY6+RyihQsqlV6KeOtDBTv38a8Q5gdARK0j > 5og+X3SWHW0p29PSKk6a3NeSB08J0wlXsrNOJ/JXlYw/yIifZdgl6fO8V7rPBoQt > xIQB5UKSXj8YiE8EGBECAA8FAkniUKICGwwFCQHhM4AACgkQVRztCIhay+vXkQCf > beWbtPmJOWbXn+9LEaJTqcN73REAn2MmtesdDs24QjWfZeTfc8dyEZ2n > =O0oE > -END PGP PUBLIC KEY BLOCK- _ Get free photo software from Windows Live http://www.windowslive.com/online/photos?ocid=PID23393::T:WLMTAGL:ON:WL:en-US:SI_PH_software:082009
DKIM problem (was: Tor on Ubuntu Jaunty)
* Ted Smith [2009-08-04 17:28]: > On Tue, 2009-08-04 at 16:24 +0200, gabrix wrote: Hi, sorry to use the list for this, but I can't see gabrix' mail address. Dear gabrix, could you please fix your DKIM configuration (enter a key in your DNS or remove the DKIM signature from your mails). Because right now my mailserver doesn't accept your mails because it can't get your DKIM key: alita dkim-filter[914]: n74I9fJO017279: key retrieval failed (s=stigmate, d=gabrix.ath.cx) sm-mta[17279]: n74I9fJO017279: Milter: data, reject=451 4.3.2 Please try again later $ dig stigmate._domainkey.gabrix.ath.cx TXT stigmate._domainkey.gabrix.ath.cx. 60 IN CNAME gabrix.ath.cx. $ dig gabrix.ath.cx TXT $ Thanks, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
Re: copyright abuse through tor
Jan Suhr schrieb: > Hi doc! > We, the German Privacy Foundation, regularly receive several of such > requests regarding file sharing. Usually we reply the requestor > explaining that the IP address belongs to one of our Tor servers. Also > we explain what Tor is and that we don't have any logs thus could not > answer their request. > I would advice you to send them a similar reply. Lets see if this is > sufficient. Otherwise it could be important to prove that you are > running a Tor server (I understood you are running it at home?) yes, the server runs at my home > . But > lets see... > > Please feel free to contact me directly to prepare a specific answer or > discuss the further procedure. > > Best regards > Jan > > Hello Jan, first, many thanks for your response and to offer your help. Let me explain the current state regarding the abuse: since saturday i'm in contact with a lawyer from the CCC, who provided to help me. He wrote a letter to the lawyer's office wich accused me, appending a status from the server descriptors for the said day of abuse. Furthermore he appended a mail from an employee of the torproject, confirming that my ip was running a tor-exit node. Now we are waiting for an answer from the lawyer's office. So far i realised: it's not enough to say 'i'm running a tor-exit node', you must proof that a tor-node was / is running on a given ip. On this way, many thanks and regards to CCC for the fast help! Jan, i will write you a personal mail in correlation to this issue Once again, sorry my bad english
Re: VoIP telephony building like Tor
Hi Praedor! On Tue, 4 Aug 2009 09:58:04 -0400, Praedor Atrebates wrote: > Sigh. Tor is political by its very existence and design. It is NOT a neutral > entity. Its very existence is for political reasons. It's a matter of terminology. I hope we all (subscribers of this list) can agree on some technical goals such as anonymity, untraceability, privacy, access to blocked sites. This is relevant for design of Tor, its operation, configuration of Tor, Privoxy etc. Call it political or not. OTOH discussions about government, is it totalitarian or is it behind some journalist murders etc., are very flammable and adds _nothing_ valuable to technical side. If you have better term for this instead of 'political' please propose. Maybe 'non-technical'? Alexander Cherepanov
Re: copyright abuse through tor
Hi doc! We, the German Privacy Foundation, regularly receive several of such requests regarding file sharing. Usually we reply the requestor explaining that the IP address belongs to one of our Tor servers. Also we explain what Tor is and that we don't have any logs thus could not answer their request. I would advice you to send them a similar reply. Lets see if this is sufficient. Otherwise it could be important to prove that you are running a Tor server (I understood you are running it at home?). But lets see... Please feel free to contact me directly to prepare a specific answer or discuss the further procedure. Best regards Jan -- Jan Suhr German Privacy Foundation e.V. https://www.privacyfoundation.de/ Anonymous e-mail: https://www.awxcnx.de/jansuhr.msg
Project Introduction: ARM
Hi, throughout the summer I've been on a project called 'arm' (anonymizing relay monitor). It's a terminal monitor for Tor relays providing bandwidth/cpu/memory usage, relay configuration, event log, connection details, etc. The project is intended for command-line aficionados, ssh connections, and anyone stuck with a tty terminal for checking their relay's status. More information (including screenshots) is available at ' www.atagar.com/arm'. If this strikes your fancy you can snag a copy of the project with: svn co https://tor-svn.freehaven.net/svn/arm/trunk/ I hope others find it a handy utility. It should be stable so if you manage to make it crash (or have a feature request) then please let me know! Email is best but I'm also usually on the Tor irc channels (my nick is 'atagar'). However, I'm about to head off to the PETS conference so I might be a little slow to respond the next few days. Cheers! -Damian
Re: Tor on Ubuntu Jaunty
On Tue, 2009-08-04 at 16:24 +0200, gabrix wrote: > Ted Smith ha scritto: > > On Tue, 2009-08-04 at 08:49 +0200, Matej Kovacic wrote: > >> Hi, > >> > >> I added APT line for Ubuntu Jaunty Tor installation: > >> http://mirror.noreply.org/pub/tor jaunty > >> > >> I also added GPG key of Peter Palfrader (key ID=94C09C7F). > >> > >> However, I got this error: > >> > >> W: GPG error: http://mirror.noreply.org jaunty Release: The following > >> signatures were invalid: KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 > >> KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 > > > > You have to add this to your Apt keyring, not your personal keyring. Did > > you do that? You should probably be using the apt-key program. > > gpg --keyserver pgp.gabrix.ath.cx --recv-keys 17637003 > gpg -a --export 17637003 | sudo apt-key add - > sudo apt-get update > > The above is if 1217637003 is the key but it doesn't look like ... > OK ? You can also just do: sudo apt-key adv --recv-key --keyserver to put the key directly into apt's keyring. signature.asc Description: This is a digitally signed message part
Re: Which proxy to use?
coderman ha scritto: > On Sat, Aug 1, 2009 at 9:19 AM, Mr. Blue wrote: >> My requirements are: >> >> 1) It must have privoxy's functionality: hide-tor-exit-notation header >> filter to remove the Tor exit node notation in Host and Referer headers. > > exit notation as used this way is a deprecated feature. it will be > removed at some point. you really want the controller to direct an > exit for you, if you need it, rather than some mangled domain names > implying the choice. > > >> 2) Must be capable to run as a reverse proxy. >> ... > > what are you trying to do, exactly? > > best regards, > > I think he's trying to hide the fact is using tor to access sites might have blacklisted tor exit nodes or simply just hide he's using tor . Gab -- pub 1024D/80231A90 2008-07-01 Key fingerprint = 54AC C632 B35E FB9B 6D9F 108D DBE6 5425 8023 1A90 signature.asc Description: OpenPGP digital signature
Re: Which proxy to use?
- Original Message - From: coderman To: or-talk@freehaven.net Date: Tue, 4 Aug 2009 08:03:14 -0700 Subject: Re: Which proxy to use? > On Sat, Aug 1, 2009 at 9:19 AM, Mr. Blue wrote: > > My requirements are: > > > > 1) It must have privoxy's functionality: hide-tor-exit-notation header > > filter to remove the Tor exit node notation in Host and Referer headers. > > exit notation as used this way is a deprecated feature. it will be > removed at some point. you really want the controller to direct an > exit for you, if you need it, rather than some mangled domain names > implying the choice. I see, so I must stop using it and start choosing exit node by controler? Do you mean sending directives to tor on port 9051? If it is so, then just give me a link to doc, on that and I will rewrite my PHP app. > > > > 2) Must be capable to run as a reverse proxy. > > ... > > what are you trying to do, exactly? I wana have ONE proxy app installed Well, curently, I am using privoxy, which achieves a) exit notattion striping, but it can not act as a b) reverse proxy. So I need proxy with ability for both things, as said.
Re: Which proxy to use?
On Sat, Aug 1, 2009 at 9:19 AM, Mr. Blue wrote: > My requirements are: > > 1) It must have privoxy's functionality: hide-tor-exit-notation header filter > to remove the Tor exit node notation in Host and Referer headers. exit notation as used this way is a deprecated feature. it will be removed at some point. you really want the controller to direct an exit for you, if you need it, rather than some mangled domain names implying the choice. > 2) Must be capable to run as a reverse proxy. > ... what are you trying to do, exactly? best regards,
Re: Which proxy to use?
What? No one knows or...? --- On Sat, 8/1/09, Mr. Blue wrote: > From: Mr. Blue > Subject: Which proxy to use? > To: or-talk@freehaven.net > Date: Saturday, August 1, 2009, 9:19 AM > My requirements are: > > 1) It must have privoxy's functionality: > hide-tor-exit-notation header filter to remove the Tor exit > node notation in Host and Referer headers. > > 2) Must be capable to run as a reverse proxy. > Will be used in front of Web server > Like: > reverse proxy IP 5.5.5.5 > http server IP 10.10.10.10 > And it is imperativ that, to client, web page looks > completely, like it has been served directly from IP 5.5.5.5 > based on all headers. (striping needed?) > Basically reverse proxy and firewall are on one IP that > shall be requested by others and all others services on > other IPs, like web on one IP and database on second > IP/machine etc... > > > Which proxy is best for this? > And for that recommended proxy, could I get a working > config(someone copy paste snips from theirs config that is > already using this) to achieve 1) and 2) with coments for > each line? > > Thx in advance!
Re: Tor on Ubuntu Jaunty
Ted Smith ha scritto: > On Tue, 2009-08-04 at 08:49 +0200, Matej Kovacic wrote: >> Hi, >> >> I added APT line for Ubuntu Jaunty Tor installation: >> http://mirror.noreply.org/pub/tor jaunty >> >> I also added GPG key of Peter Palfrader (key ID=94C09C7F). >> >> However, I got this error: >> >> W: GPG error: http://mirror.noreply.org jaunty Release: The following >> signatures were invalid: KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 >> KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 > > You have to add this to your Apt keyring, not your personal keyring. Did > you do that? You should probably be using the apt-key program. gpg --keyserver pgp.gabrix.ath.cx --recv-keys 17637003 gpg -a --export 17637003 | sudo apt-key add - sudo apt-get update The above is if 1217637003 is the key but it doesn't look like ... OK ? Gab -- pub 1024D/80231A90 2008-07-01 Key fingerprint = 54AC C632 B35E FB9B 6D9F 108D DBE6 5425 8023 1A90 0x80231A90.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: VoIP telephony building like Tor
Sigh. Tor is political by its very existence and design. It is NOT a neutral entity. Its very existence is for political reasons. On Monday 03 August 2009 06:19:23 pm Alexander Cherepanov wrote: > Hi Scott! > > On Wed, 29 Jul 2009 02:16:29 -0500 (CDT), Scott Bennett wrote: > > On Sat, 25 Jul 2009 22:04:11 +0400 "Alexander Cherepanov" > > > > wrote: > >>You wrote to or-talk@freehaven.net, "Vlad \"SATtva\" Miller" on Sat, 25 Jul 2009 06:59:43 -0500 (CDT): > >>> On Sat, 25 Jul 2009 18:12:52 +0700 "Vlad \"SATtva\" Miller" wrote: > James Brown (25.07.2009 00:16): > >> > >>[skip] > >> > > Very many Russian people were killed, unlawful arrest or simply > > disappear last 4 - 5 years from activity our new Government... > > Please, please, keep political FUD off the list. > >>> > >>> Given that what he wrote is about a) events reported in the press > >>> internationally and b) one of the highest priority justifications for > >>> having a tor development project in the first place, *your* comment > >>> would appear to be a non sequitur. Perhaps you should have changed > >>> your Subject: line to reflect whatever OT issue you wished to discuss > >>> instead of what was already being discussed. > >>> The OP has requested information, and several of us now have tried > >>> to find information that he might be able to use to his advantage in > >>> the situation he believes he faces. If you have additional information > >>> along these lines, please post it. > >> > >>I'm sure that Vlad is happy to see the ongoing discussion of technical > >>questions raised by the OP. He just asked to keep political FUD off > > > > He gave no such indication in the single line of text that > > constituted his followup and to which I was following up. > > Ok, I cannot guarantee that he is happy about technical questions:-) > But he clearly toalks about non-technical points. > > >>the list. And I'm completely agree with him, IMHO unfounded (and > >>founded probably also:-) talks about bloody regime are not for this > >>mailing list. YMMV. > > > > Please reread what I wrote that you have quoted above. It doesn't > > matter whether you support or oppose the OP's political views. > > Sure. But only while he keeps his political views for himself and > doesn't bring them to this list. > > > The point > > is that the OP made apparent reference to events reported both in the > > press in Russia and in the international press as a reason *he* was > > afraid and wanted to use tor. That should be more than sufficient > > information for anyone on this list to understand the OP's motivation for > > asking his questions. > > Just to be sure: you talk about banning Skype? No problem here, it's a > valid concern, it's in the news, in the press, on TV etc. > > The problem is the rhetoric such as quoted at beginning of this mail. > OP started the thread talking about bloody regime. IMHO it already is > beyond the acceptable line. But then he continues about killed people > etc. in the following mails. That very much brings the politics to the > list and adds nothing to the technical side of discussions. > > >>As for banning Skype in Russia, AFAICT it's FUD also. Everything seems > >>to be based on some discussions in The Russian Union of Industrialists > >>and Entrepreneurs (just hysterics by mobile operators loosing market > >>share?). It's somewhat troubling but I'm not sure it's worth much > >>discussion until there are some concrete details. > > > > Fair enough. However, if Phil Zimmermann had waited until the FBI > > had its Carnivore system up and running, along with further development > > already in progress, we probably would never have gotten PGP or its > > successors. He dropped all of his paying work for many months in order > > to design, code, test, and release PGP 1.0, all justified *in his own > > mind* on the basis of what he had heard or read that the FBI was talking > > about doing. > > One doesn't need to wait for additional reasons to switch away from > Skype. It's proprietary and closed technology with all accompanying > problems. BTW last news are about eBay possibly closing Skype entirely > which is quite in line with its proprietary nature. So no question > here. > > If someone is concerned about possibility of banning Skype or VoIP in > general s/he can start with research how VoIP is banned in those > countries in which it's already banned. There are some examples in > http://en.wikipedia.org/wiki/VoIP#Legal_issues . > > >>What the OP proposes is also somewhat strange. Build the possibility > >>to "call to ordina[r]y telephones" into Tor? Sure, just add some PSTN > >>exit nodes... > > > > Yeah, well, that is certainly unnecessary. Specific applications > > should be developed outside of tor by interested parties. I already > > worry that tor itself will become too large and complex to be kept safe > > to use. There are already various telephone appl
Re: Tor on Ubuntu Jaunty
On Tue, 2009-08-04 at 08:49 +0200, Matej Kovacic wrote: > Hi, > > I added APT line for Ubuntu Jaunty Tor installation: > http://mirror.noreply.org/pub/tor jaunty > > I also added GPG key of Peter Palfrader (key ID=94C09C7F). > > However, I got this error: > > W: GPG error: http://mirror.noreply.org jaunty Release: The following > signatures were invalid: KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 > KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 You have to add this to your Apt keyring, not your personal keyring. Did you do that? You should probably be using the apt-key program. signature.asc Description: This is a digitally signed message part
Re: Please help me test my hidden service
Hi Scott, On Tue, Aug 4, 2009 at 10:26 AM, Scott Bennett wrote: > For that matter, it's probably best *not* to run most kinds of hidden > services on tor relays precisely because tor relays are well known through > the directory. Running a hidden service on a client-only tor would be the > safest way because clients are not listed anywhere as such. There might be > a place for running a hidden service on a bridge, but it would have to be > for something not terribly dangerous to the hidden service operator because > bridges *are* known to the bridge authorities and thus must be considered to > be listed somewhere. Something like a web service that is also accessible > directly and publicly and that presents no known danger to its operator (e.g., > the various tor status pages) can reasonably be run on a tor relay node, > a bridge, or a client. Just trying to figure out what you are saying here: A hidden service has it's own identifier and to my knowledge, there is no link between the hidden service and the node that is running it, you seem to suggest otherwise? If there is a link between the hidden service and the node that is running it, then I wonder how *hidden* a hidden service actually is ... since at that point it is just "a service running on node x" and the term hidden service would be kind of deceiving. Just because the node running it is a relay or a bridge, does that make it less hidden? If there is no link between the service and the node, I don't see how. Greetings, Nils -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you.
Re: frequent empty/closed connections
On Mon, 03 Aug 2009 09:21:53 -0400 The Doctor wrote: >Scott Bennett wrote: > >> Empty server or forwarder response. >> The connection has been closed but Privoxy didn't receive any data. >... >> Does anyone else get these, too? I suspect that the problem may be in >> privoxy, rather than tor, but haven't yet figured out a test for that >> hypothesis. Any ideas? > >I've been seeing this behavior off and on for a few months now, but not >so often that I felt like tracking it down. Generally, I just reload >the page and everything's fine. > Sometimes it takes several reload attempts to get it to work, though. It also thoroughly bollixes automatically refreshed pages like the small GOES East images I like to keep handy and updated to most recent half hour. Any other automated accesses, such as through curl, wget, et al. are also screwed when it happens. If someone has an idea of how to prove that the problem is in privoxy and not in tor, I can try to file a bug report there. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Please help me test my hidden service
"For that matter, it's probably best *not* to run most kinds of hidden > services on tor relays precisely because tor relays are well known through > the directory. Running a hidden service on a client-only tor would be the > safest way because clients are not listed anywhere as such." I actually thought the opposite was true. If somebody is running a hidden service that's transferring lots of data, somebody listening to their connection would be able to tell that lots of traffic was going through the Tor network. If this person had a middleman relay, this would be easy to explain. I guess it depends on the person's situation. Thoughts? "Best you learn how to protect your butt *before* opening it up to the > world, no? Have you thought about running your service inside a jail or a > virtual machine? That would make it much easier to wall it off from the > rest of your computer and home network." It's inside a virtual machine and the account it's using on the host machine has been limited fairly well IMO. > A jail or a VM can certainly help you there by limiting the ability > of shell accounts to access the world at large, especially when combined > with the application of a decent packet filter on the host system. Something deep inside me says it would be a horrible idea to give out shell access but it's in a virtual machine (which I'm not attached to if I lose) and the host firewall won't let it send anything out that doesn't go through Tor. Maybe it wouldn't be so dangerous after all. Solidarity, Ringo
Re: Please help me test my hidden service
On Mon, 03 Aug 2009 16:42:57 -0400 Ringo <2600den...@gmail.com> wrote: >I posted a while ago saying I was making a how-to manual for newbies on >how to set up (reasonably) secure hidden services. I'm almost done but I >want to release my server for testing to see if I missed anything >obvious. This is a pretty standard LAMP install running in a virtual >machine. The OS is Ubuntu on both. > >The site is at http://76jejbkd7gtm5jbb.onion I trust that, once you have figured out how to make it work properly, you will generate new keys for your currently not-so-very-hidden service, now that you've identified the connection between the URL above and yourself. :-) For that matter, it's probably best *not* to run most kinds of hidden services on tor relays precisely because tor relays are well known through the directory. Running a hidden service on a client-only tor would be the safest way because clients are not listed anywhere as such. There might be a place for running a hidden service on a bridge, but it would have to be for something not terribly dangerous to the hidden service operator because bridges *are* known to the bridge authorities and thus must be considered to be listed somewhere. Something like a web service that is also accessible directly and publicly and that presents no known danger to its operator (e.g., the various tor status pages) can reasonably be run on a tor relay node, a bridge, or a client. > >There's a drupal install at /drupal and a wordpress install (currently >not working due to forwarding issues) at /wordpress. > >Feel free to poke around all you want, just please don't do anything >that would stop other users from accessing the machine such as DoS >attacks. If you somehow break through, please stay off my home network ; ) Best you learn how to protect your butt *before* opening it up to the world, no? Have you thought about running your service inside a jail or a virtual machine? That would make it much easier to wall it off from the rest of your computer and home network. > >I haven't allowed users to add content because... well.. you know what >would happen with that in onionland. If you want to add content just >throw me an email and I'll make you an account. I figure that way I have >somebody to blame if stuff goes horribly wrong. My PGP key is included Again, a jail or a VM would help you contain any damage, and a backup of the jail's or VM's environment would make it very easy and fast to restore it to the way you set it up. >if you roll that way. > >I'm also interested to hear people's ideas on how exactly to test the >security of this server without handing out shell logins (or is that >exactly what I should do?). A jail or a VM can certainly help you there by limiting the ability of shell accounts to access the world at large, especially when combined with the application of a decent packet filter on the host system. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Tor on Ubuntu Jaunty
On Tue, August 4, 2009 08:49, Matej Kovacic wrote: > I added APT line for Ubuntu Jaunty Tor installation: > http://mirror.noreply.org/pub/tor jaunty > W: GPG error: http://mirror.noreply.org jaunty Release: The following > signatures were invalid: KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 > KEYEXPIRED 1217637003 KEYEXPIRED 1217637003 probably unrelated, but aren't you missing a "main" at the end of the apt source line? ciao -- Marco Bonetti BT3 EeePC enhancing module: http://sid77.slackware.it/bt3/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x86A91047
