Re: Tor relay on vserver exeeding numtcpsock
Am Mittwoch, 12. Januar 2011, um 22:44:12 schrieb Moritz Bartl: Hi, You should probably contact the ISP first to see if they will raise the limit. Mine was low on file descriptors and they upped it generously 5 minutes later (on a cheap $20 vserver). Moritz Thanks for all your suggestions. This morning I contacted the HostEurope support. They were very friendly but refused to increase the parameter. They told me that the product is designed this way and they cannot change anything. They advised me to order a product with a higher number of tcp sockets. But even the high-end vserver product for EUR 70 ($90) per month only provides 1550 tcp connections (http://faq.hosteurope.de/index.php?cpid=13281). All these HostEurope vserver products are crippled regarding numtcpsock. Bottom line: HostEuropes vserver cannot be recommended for tor relays. I will update the wiki accordingly. I will move to another ISP. In the meantime I will play around with the ConstrainedSocksSize parameter to get the most out of the vserver. Moritz, from which ISP did you get this $20 vserver? Regards, Klaus -- Klaus Layer Walldorf, Germany GPG Fingerprint: 466D 12F8 28A3 D137 A77E FC3B 271C 2D79 6F5E 94C9 signature.asc Description: This is a digitally signed message part.
Re: forum hacks
Sorry, I missed that! :D On Jan 13 2011, Olaf Selke wrote: Hi, are folks from 27c3 trying to break into web forums today? Never got so many abuse complaints within a few hours in the last three years. regards Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BHDC11 - De-anonymizing Live CDs through Physical Memory Analysis
Hi,
(Now Cc'ing tails-dev mailing list.)
coderman wrote (12 Jan 2011 12:06:05 GMT) :
however, more than just wipe at shutdown is useful.
Ack. On second thought, it appears to me the current T(A)ILS wipe
memory on shutdown implementation does not necessarily protect
against the attacks that the mentioned talk will probably highlight.
It is likely that some other similar implementations in Live systems
are affected as well.
In short: we wipe *free* memory only, in order to keep the system in
working state and let the shutdown sequence finish its work afterwards
(i.e. actually halt or reboot the system). On the other hand, data
saved in the {union,au}fs ramdisk branch is not free memory and might
thus be recovered. A security announce about this is being worked on
(explaining this problem and the possible consequences to
non-technical users is, well, tricky).
explicit ordered zeroisation is handy. (starting with keys and key
schedules, working cipher state, then on to user data, before
completing a full pass or three. this takes a smart kexec or other
ham fisted - still worth the effort.)
The kexec idea seems brilliant to me: this is the best way I can think
of to run the memory wipe process inside an environment where almost
all of the memory is considered as being free.
I have thus started implementing this idea in T(A)ILS. Thanks to
Debian's initramfs-tools and kexec-tools, drafting an early prototype
was quite easy. Stay tuned, more to come soon.
in any case, this begs the question of best practice in solid state
remanence avoidance. it would make a good FAQ entry, perhaps...
T(A)ILS specification and security design document (draft almost ready
to be published to a wild, unsuspecting world) intends to propose a
set of best practices in this field.
Bye,
--
intrigeri intrig...@boum.org
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Do not be trapped by the need to achieve anything.
| This way, you achieve everything.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Repeated messages from me
I apologize for sending repeated messages to this list. My K9 Android mail app on the cell phone seems to be out of control. Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Repeated messages from me
Olaf Selke, on 01/13/2011 01:42 PM, wrote: I apologize for sending repeated messages to this list. My K9 Android mail app on the cell phone seems to be out of control. Uh, maybe that's what they are really doing at 27c3! :-P -- http://www.predicatori.it/marco/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: System time in anonymity oriented LiveCDs
13/01/11 04:28, Roger Dingledine: If your Tor fetches its consensus from a directory authority, you're in better shape, insofar as the directory authorities are probably not your adversaries. But if we'd force this, we'd be distinguishable from other Tor clients to some extent, I suppose. Relays do these directory fetches in the clear, though, due to an earlier bug: https://trac.torproject.org/projects/tor/ticket/827 so we're back to the authentication and integrity question there. Clients set up a TLS connection first and tunnel their directory fetches over it, so they're in slightly better shape. Do your LiveCD users always have both ORPort set to 0? Yes, ORPort is set to 0 per default. However, a user could easily become and OR by fiddling around in Vidalia. The better answer is for Tor clients to read the time out of the NETINFO cells that are part of the v2 connection handshake we added in Tor 0.2.0.x. See section 4.2 of tor-spec.txt: https://git.torproject.org/tor/doc/spec/tor-spec.txt You mean that we should read this value when our Tor client makes its very first try to establish a connection to a directory server/mirror? How is this any safer than checking the consensus' valid-after/until values? The mirror we connect to could be compromised, and send us an appropriate timestamp and then replay any old consensus. Using the data in NETINFO cells has been sitting on the todo list for a while: https://git.torproject.org/tor/doc/spec/proposals/149-using-netinfo-data.txt but nobody's moved it forward. Perhaps somebody wants to pick this up and do it? :) I'm not sure I understand this proposition (alternatively I don't understand NETINFO cells). It says we don't want to simply trust the NETINFO cell timestamp and IP address blindly, but instead we want some sort of majority vote based on the NETINFO cell values of several nodes. I can understand how that makes sense for the timestamp, but the IP address? My understanding is that when a node sends a NETINFO cell, its IP address value should be the sending node's real IP address. Hence, how can looking at other nodes' NETINFO cells help validating the IP address? They should all be pair-wise different. Also, ideally you want to get an opinion from more than one directory authority. One design that I could imagine would be to, if we find a directory mirror or entry guard whose time disagrees with us, connect to a directory authority to get a stronger opinion. If the directory authority also disagrees, connect to a threshold of directory authorities and then memorize our relative clock skew based on the majority vote. How do you propose we'd do this? Remember: we have no directory information when we want to set the time, and the time needs to be set before we get the consensus (otherwise we cannot trust it). Is this a catch-22? signature.asc Description: OpenPGP digital signature
Re: Tor relay on vserver exeeding numtcpsock
On 12.01.2011 22:02, coderman wrote: On Wed, Jan 12, 2011 at 7:57 AM, Klaus Layer klaus.la...@gmx.de wrote: ... Error creating network socket: No buffer space available errors. The numtcpsocks parameter limit is set to 550 on the vserver. Before asking the ISP to increase the value I would like to ask you what a reasonable value of this parameter would be. 550 is ridiculous. it should be at least 4096, more if they are accomodating. here's some data for the machine running my four nodes: anonymizer2:~# netstat -tn | wc -l 54157 anonymizer2:~# netstat -tn | grep ESTABLISHED | wc -l 30708 regards Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor relay on vserver exeeding numtcpsock
2011/1/13 Olaf Selke olaf.se...@blutmagie.de: On 12.01.2011 22:02, coderman wrote: On Wed, Jan 12, 2011 at 7:57 AM, Klaus Layer klaus.la...@gmx.de wrote: ... Error creating network socket: No buffer space available errors. The numtcpsocks parameter limit is set to 550 on the vserver. Before asking the ISP to increase the value I would like to ask you what a reasonable value of this parameter would be. 550 is ridiculous. it should be at least 4096, more if they are accomodating. here's some data for the machine running my four nodes: anonymizer2:~# netstat -tn | wc -l 54157 anonymizer2:~# netstat -tn | grep ESTABLISHED | wc -l 30708 regards Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ Well, I don't think a cheap VPS is capable of creating this much connections anyways. I got a relay with a limit of 800kb/sec (I don't think a cheap VPS can do more traffic due to traffic limitations) and I got this: jan@puerta:~$ netstat -tn | wc -l 1002 jan@puerta:~$ netstat -tn | grep ESTABLISHED | wc -l 976 But I would agree that diversity is needed and good, and there are plenty of ISPs out there. I would advice to look for a smaller one. Those are often more helpful if you have got some special requests. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: geeez...
Moritz Bartl mor...@torservers.net wrote: On 12.01.2011 22:05, Fabian Keil wrote: Some of my equipment got seized a few months ago. Good luck on getting it back then! Thanks. I'm also not sure how the police would try to seize equipment and fail (assuming the equipment is actually there). Explosives? ;-) Did you run a Tor exit at home? I'm not sure if they come and seize your home computer if the Tor server is hosted in a data center. Olaf seems not to have run into big trouble yet (or maybe he was quick on replacing the hardware). The exit node that triggered the raid is hosted by Strato. I'm running it there since 2006. The friendly local police man who usually deals with the occasional abuse cases has a generic description of Tor that includes the IP addresses of my exit nodes and can forward that information to whomever is interested without having to contact me every time. This arrangement worked rather well so far. For reasons unknown to me the investigation that lead to the raid was handled by a different police department, though, and apparently the police men involved prefer to investigate a bit differently. They also didn't seem that fond of Tor in general. Fabian signature.asc Description: PGP signature
Re: geeez...
Hi! On Thu, Jan 13, 2011 at 3:01 AM, Roger Dingledine a...@mit.edu wrote: This is related to the if you remove Tor from the world, you're not really reducing the ability of bad guys to be anonymous on the Internet idea. This could be then analog argument as saying that if you remove one weapon factory from the world, that there would be no difference? But one after another and there will be. I cannot buy an argument saying that because situation is bad there should be no small improvements where there could be. various other techniques people have developed over the years to deal with abuse. Then tell me which techniques have we developed which prevent pedophiles to use hidden Tor services? Which techniques have we developed which prevent somebody to blackmail somebody else over Tor network and stay anonymous? Which techniques have we developed which can help found out which are other people in terrorist group and trace their communication, once we discover they use Tor? It depends where your jerks are coming from. If your jerks are all obeying every law and showing up from their static non-natted IP address, then yes, routing address is definitely related to identity. But if your jerks have ever noticed this doesn't work so well for them, they may start using other approaches and suddenly you're back needing to learn about application-level mechanisms Because current protocols were done just to solve technical problems and not also law or other society problems. For example, HAM operators and their networks had, before they started their packets networks, already laws in place requiring them that each packet should also contain call-sign of responsible person/station. OK, in this particular case (as far as I know) this is not cryptographically enforced (but this is a technical thing) but it still shows that laws like this can work. So if countries (like they cooperate on ACTA) would declare that it is illegal to send or route or relay any packet without information about responsible person for it things would be much different. So saying that currently technology does not support this and so it does not matter is just because it was not required to support this. But there is nothing preventing that laws would be changed in this way. Probably also many lobbies are doing in this direction. Adding another required field to IPv6 is not so hard. Making it cryptographically secure a bit more. Do all work on teach people about identity thefts (which would become even more profitable) even harder. Because of this those are not arguments I could agree upon. They are true, but it could be also otherwise. I would like to hear good arguments why even if we would have in place all possible technical means to identify originators (or possibility to turn this on if we decide so) it would be still proper to not go along this path. I can see arguments for this only possible with basing the argument on human rights and similar values we might share. But then there are conflicts of those rights, security vs. freedom. Mitar *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: geeez...
Hi,: What the hell are you talking about? The whole idea of Tor is anonymity, and you want Tor to make it easy to identify its users? Thomas Jefferson already answered your question: The man who would choose security over freedom deserves neither. If you want security over freedom, you're welcome to migrate to China or Iran. Thanks On 1/14/2011 9:27 AM, Mitar wrote: Hi! On Thu, Jan 13, 2011 at 3:01 AM, Roger Dingledinea...@mit.edu wrote: This is related to the if you remove Tor from the world, you're not really reducing the ability of bad guys to be anonymous on the Internet idea. This could be then analog argument as saying that if you remove one weapon factory from the world, that there would be no difference? But one after another and there will be. I cannot buy an argument saying that because situation is bad there should be no small improvements where there could be. various other techniques people have developed over the years to deal with abuse. Then tell me which techniques have we developed which prevent pedophiles to use hidden Tor services? Which techniques have we developed which prevent somebody to blackmail somebody else over Tor network and stay anonymous? Which techniques have we developed which can help found out which are other people in terrorist group and trace their communication, once we discover they use Tor? It depends where your jerks are coming from. If your jerks are all obeying every law and showing up from their static non-natted IP address, then yes, routing address is definitely related to identity. But if your jerks have ever noticed this doesn't work so well for them, they may start using other approaches and suddenly you're back needing to learn about application-level mechanisms Because current protocols were done just to solve technical problems and not also law or other society problems. For example, HAM operators and their networks had, before they started their packets networks, already laws in place requiring them that each packet should also contain call-sign of responsible person/station. OK, in this particular case (as far as I know) this is not cryptographically enforced (but this is a technical thing) but it still shows that laws like this can work. So if countries (like they cooperate on ACTA) would declare that it is illegal to send or route or relay any packet without information about responsible person for it things would be much different. So saying that currently technology does not support this and so it does not matter is just because it was not required to support this. But there is nothing preventing that laws would be changed in this way. Probably also many lobbies are doing in this direction. Adding another required field to IPv6 is not so hard. Making it cryptographically secure a bit more. Do all work on teach people about identity thefts (which would become even more profitable) even harder. Because of this those are not arguments I could agree upon. They are true, but it could be also otherwise. I would like to hear good arguments why even if we would have in place all possible technical means to identify originators (or possibility to turn this on if we decide so) it would be still proper to not go along this path. I can see arguments for this only possible with basing the argument on human rights and similar values we might share. But then there are conflicts of those rights, security vs. freedom. Mitar *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: geeez...
Thus spake Mitar (mmi...@gmail.com): This is related to the if you remove Tor from the world, you're not really reducing the ability of bad guys to be anonymous on the Internet idea. This could be then analog argument as saying that if you remove one weapon factory from the world, that there would be no difference? But one after another and there will be. I cannot buy an argument saying that because situation is bad there should be no small improvements where there could be. That's not what we're saying, but I suspect you may just be trolling. You're certainly straw-manning... various other techniques people have developed over the years to deal with abuse. Then tell me which techniques have we developed which prevent pedophiles to use hidden Tor services? Which techniques have we developed which prevent somebody to blackmail somebody else over Tor network and stay anonymous? Which techniques have we developed which can help found out which are other people in terrorist group and trace their communication, once we discover they use Tor? The same techniques that law enforcement use when these same sophisticated adversaries use black market compromised botnets: http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_digital_forgeries.html http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html In these cases, police need to do police work: gathering technical data and examining content for evidence to aid in the investigation; and infiltrating groups and performing stings (for which they often use Tor). It depends where your jerks are coming from. If your jerks are all obeying every law and showing up from their static non-natted IP address, then yes, routing address is definitely related to identity. But if your jerks have ever noticed this doesn't work so well for them, they may start using other approaches and suddenly you're back needing to learn about application-level mechanisms Because current protocols were done just to solve technical problems and not also law or other society problems. For example, HAM operators and their networks had, before they started their packets networks, already laws in place requiring them that each packet should also contain call-sign of responsible person/station. OK, in this particular case (as far as I know) this is not cryptographically enforced (but this is a technical thing) but it still shows that laws like this can work. So if countries (like they cooperate on ACTA) would declare that it is illegal to send or route or relay any packet without information about responsible person for it things would be much different. You think criminals obey the law? Both China and South Korea have instituted fully authenticated internet drivers licenses, and not only has cybercrime not vanished, it continues to flourish and profit from new markets that trade in these credentials and the use of authenticated connections through proxy. Even a fully cryptographically secured and authenticated Internet would still be *just* as vulnerable to abuse, all other things being equal. Grandma could even be required to have her iris scanned before entering her bunker to use her military-grade encrypted, authenticated PC that is otherwise disconnected from the Internet while her iris is not available. But as soon as she scans her iris, the malware on her machine would wake up and inform its masters that it is ready to do their bidding. The only way to really curtail these social problems is to properly address their root causes. Taking freedoms away seems like an easy quick fix, but in reality, there is no gain, only more insecurity. This is why Tor is not part of the problem. In fact, its use by law enforcement for stings, infiltration, and investigation indicates it is also part of the solution. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp8yzAPfXBDT.pgp Description: PGP signature
