Re: Is gatereloaded a Bad Exit?

[Anders Andersson]

On Fri, Feb 11, 2011 at 6:58 AM, John Case c...@sdf.lonestar.org wrote:
 No, there is no _technical_ reason to operate an exit in this fashion. There
 is no reason, from a myopic, borderline autistic view of the externalities
 involved, to run an exit in this fashion.

 However, I can think of many, many reasons to:

 - run a node with no contact information
 - run a node with an odd set of exits
 - run a node with plain (unencrypted) exits
 - run a node with odd (non standard port) exits

Can you please list some of the reasons for doing all of this at the
same time? Since you reply here I assume you have read the posts in
this very long thread, and Mike have already countered the given
reasons, from a non-technical perspective. It would be nice if you
could give an example that have not already been brought up, since you
seem to know some.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Best Hidden Service web server?

[Anders Andersson]

On Sun, Jan 9, 2011 at 7:37 AM,  hi...@safe-mail.net wrote:
  Original Message 
 From: Orionjur Tor-admin tor-ad...@orionjurinform.com

 Is it a bad idea to use an apache for a hidden serice?

 Not at all. I'm actually recommending it over any other because it's complex
 and has a lot of traps for you to fall into. That sounds ridiculous right?
 No it isn't, because that will force you to learn it and secure it, instead
 of just relying on a simple and easy to use webserver without having any
 intention of learning anything about security. Security should be your main
 concern and main focus as a hidden service operator, not taking the easy
 route and then lay back and think that your safe just because you installed
 a simple and lightweight webserver.

So you are actually recommending a piece of software with thousands of
options with no real idea what the default will allow, 90% of which
the average home-hoster will not need and will thus not test. And this
over, say, some minimalistic 1000 LOC static-page server? And this for
security?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: BDS VPNs hosting

[Anders Andersson]

On Fri, Dec 31, 2010 at 2:18 PM, Jordi Espasa Clofent
jespa...@minibofh.org wrote:
 2010-12-31 13:55, and...@torproject.org skrev:
 
 Do you allow IRC, torrents?

 We do not allow IRC servers, bittorrent, open proxies, or any other software
 that can degrade our network performance or allow for abuse.
 

 But after explaining to them that:

 * it's not an OPEN proxy because I only permit port 80 and 443 (http and
 https) and no more

 * I've limited the bandwidth (using BandwidthRate and AccountingMax
 directives) to assure the impossible degradation of the network performance

 ... they allow me to run Tor proxy. So, good for me and Tor network! For the
 moment I will stay will them.

To be honest, they can most probably use the or allow for abuse
clause to ban an exit node. This covers a lot of things. Running an
improperly configured email server, an unpatched old web server etc.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: tor-ramdisk 20101011 released for i686 only

[Anders Andersson]

On Mon, Oct 11, 2010 at 11:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
 On 10/11/2010 10:52 AM, Anthony G. Basile wrote:

 Hi everyone

 I want to announce to the list that a new release of tor-ramdisk is out.
 Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux
 distribution whose only purpose is to host a Tor server in an
 environment that maximizes security and privacy. Security is enhenced by
 hardening the kernel and binaries, and privacy is enhanced by forcing
 logging to be off at all levels so that even the Tor operator only has
 access to minimal information. Finally, since everything runs in
 ephemeral memory, no information survives a reboot, except for the Tor
 configuration file and the private RSA key, which may be
 exported/imported by FTP.


 Via FTP? It's probably not a good idea to export a private key without
 using encryption...

 All the best,
 Jake

My first thought as well. Pretty much every protocol invented is
better than FTP, in this case and most other cases.

Another question regarding the logging: I hope you include enough to
know if the node is working correctly or not. The logs that are
generated could also be deleted after a couple of minutes or an hour
as well, which might make it possible to log some more information if
necessary to verify functionality.

Great project though, a lot of people request this.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Rogue exit nodes - checking?

[Anders Andersson]

Unfortunately I
 cannot publish source codes because attackers can adapt own techniques
 (though it would be very difficult).

Yummy. Security through obscurity. Let's hope the bad guys doesn't
find out. Or do they already know?..
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: webdav as hidden service?

[Anders Andersson]

Yes, people have tried, there are working webdav stores out in onionland.

For linux you can use the davfs2 filesystem. It can be used through a
proxy, and work with Tor. It was very slow when I tried it though,
slower than usable because proxies, tunnels and sockets keep timing
out, so the filesystem just locks up and you have no idea what happens
because you don't get any feedback.

You cold use the filesystem-way to upload, and then use for example
wget for retrieving.

I think I also tried fusedav. Can't remember why I didn't continue
with that, might have been too unmaintained or broken.

// pipe



On Sat, Jun 12, 2010 at 10:38 PM, Kyle Williams
kyle.kwilli...@gmail.com wrote:
 Yes, you can use WebDAV as a hidden service.  FYI, Windows also has it's
 Web Client, aka WebDAV, built into most newer windows OS's.

 Security Note:  If you're using Windows and shitty browser like Internet
 Explorer, then it's possible for your Username, Domain/Workgroup, and
 various other little tidbits of information to be leaked out using WebDav.

 Best regards,

 Kyle

 startx wrote:
 hi.

 i was wondering if anybody has tried to set up a webdav
 directory as a hidden service?

 on the server site this should be relatively straight forward:
 webdav is technically nothing else then a http service
 and apache/mod_webdav would handle that probably the same way
 it would handle the vhost for a hidden service.

 however, is there any webdav client which could be used for that?
 firefox does afaik not support webdav (at least not on linux)
 and i would have no idea how to torify nautilus (gnome).
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Family specifications (was: Re: perfect-privacy.com, Family specifications, etc)

[Anders Andersson]

On Thu, May 20, 2010 at 1:31 PM, Moritz Bartl t...@wiredwings.com wrote:
 On 20.05.2010 13:28, Oguz wrote:
 I too do not understand this. Already an evil entry node can list all
 nodes that it does _not_ control in its family option to try to force
 circuit through the nodes it controls, though it would obviously be a
 dead give away listing many unrelated nodes as within the family. Is
 there a check when a node declares itself to be in a family the
 descriptor of the other family members are checked to confirm?

 From what I understand, yes, at the moment both partners have to list
 each other. That's what the fuss is all about, because this becomes hard
 to manage when you run a lot of nodes.

A two-line shell script run automatically with ssh?
1) sed -i 's/^MyFamily .*/MyFamily [new servers]/' /etc/tor/torrc
2) killall -HUP tor

Difficult? Come on, this can all be automated in 10 minutes if they
keep a list of the servers they have access to.

If you're already operating multiple servers, you will need to have
methods like this anyway, when other things change.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: nameserver stats

[Anders Andersson]

Qualified guess: These might be so-called BitTorrent trackers.

These tracker URLs are embedded in torrent files that you download.
You can download these torrent files from various sources, not
necessarily (even rarely) from the site itself. When you load these
torrents into a BitTorrent client, the client tries to contact all the
trackers embedded in the file, and will probably try every 5 minutes
or so. Smarter clients would give up or use incremental/exponential
back-off, but there are probably enough dumb clients out there to
compensate.

The sad thing is that people try to use Tor for BitTorrent, though of
course there might be a use for BitTorrent on Tor so I hope it's not
just for sharing the random average movies and music.





On Wed, May 19, 2010 at 5:48 AM, Dyno Tor dyno...@gmail.com wrote:
 Yup, BT=BitTorrent.    I don't know the sites by personal experience,
 they just seemed to have BT like names.  Strange that there's such a
 correspondence, but it isn't particular to your server -- I replicated
 your results on a handful of tests, from both my exit and a local
 non-tor IP.  Perhaps these are domains that have been shutdown via
 court order or over zealous domain registrars?  Still, I'd think
 people would stop trying to connect to them after a bit, but
 trackedbyet.info is the 6th most popular DNS name, and it doesn't
 resolve!


 On Tue, May 18, 2010 at 6:20 AM, Olaf Selke olaf.se...@blutmagie.de wrote:
 Dyno Tor wrote:
 Interesting.  Olaf, I notice BT destinations seem mapped to nxdomain
 or servfail.

 BT stands for BitTorrent, right?

 Do you do this purposely to reduce abuse reports, or is
 that done by your upstream provider?

 neither, the nameserver running on this machine does caching only
 knowing nothing but the root servers from its config. So there's no
 upstream provider's ns used. I can't explain the nxdomain and servfail
 mapping.

 Olaf
 ***
 To unsubscribe, send an e-mail to majord...@torproject.org with
 unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

 ***
 To unsubscribe, send an e-mail to majord...@torproject.org with
 unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Reducing relays = reducing anonymity ? Tortunnel.

[Anders Andersson]

 Just wondering if anybody from the Tor Project has contacted the author to
 express the concerns with tortunnel.  Particularly about it being
 detrimental to the Tor network.

 Jim

The author is a security researcher, the tool is ages old and
abandoned, as far as I know it doesn't work right away unless you
change some of the code, and it was written to check what tor exit
nodes where running sslstrip or in other ways were messing with the
traffic.

I'm not really sure what this fuzz is all about. I wonder how many
people actually use it these days.

Also, *if* Tor can be used in this way, it will be. If no white-hat
will write code to do it, the black-hats will, and the only difference
is that you'll be unaware of the tool.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: [GSoC] Improving Snakes on a Tor

[Anders Andersson]

 The way
 to do better at that one is to teach users and service providers about
 end-to-end authentication and encryption.

 From what I've seen I don't think there is any realistic hope for any
 significant number of web pages to be served with end-to-end encryption (not
 sure what your reference is to end-to-end authentication) in the foreseeable
 future.

 Jim

I take it that you don't consider HTTPS to be end-to-end encryption
then? Because I don't see why it would be unlikely for at least
sensitive websites to switch to HTTPS.

// pipe
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor Exit Node Sponsorship - looking for partners

[Anders Andersson]

On Wed, May 12, 2010 at 6:20 PM, Moritz Bartl t...@wiredwings.com wrote:

 I would also like theoretically to accept anonymous donations for a node
 (not for the VPN/webspace stuff of course), but the problem there is not
 so much accepting it (PSC, Ukash, Liberty Reserve etc), but making sure
 that the money comes in regularly to fund the node.

A thought: Currently there is a Donate! section on torproject.org,
that doesn't mention what the money is used for or how much money that
comes in. I think a lot more people would donate if they could see
that the money went directly to fast tor relays. Why not do something
similar, set up a pool that people can donate to, and put it up on
torproject.org. (I can see the issues with advertising it on the
website, but that's just a suggestion.)

// pipe
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

New GETINFO option, bytes

[Anders Andersson]

Hi. I added a new option for GETINFO, that will return the total
number of bytes that's gone through Tor since process startup. Just
exporting the internal stats_n_bytes_read/written.

This is very useful for retrieving statistics like bandwidth over
time, for use with tools like arm, vidalia, munin, and other
monitoring applications. The current method that use events is
difficult to use, since you have to listen all the time. With the new
method you can for example poll every minute to see how many bytes was
transferred in total since last you checked.

I wrote a plugin for munin that use this new feature, and it works great.

The patch is trivial, and you probably want to change the name of the
command if you want to use it. There might also be reasons that you
don't want to export and print uint64_t variables. I didn't take time
to check any tor internals guidelines.

// pipe
From d557fc9bc2ec749d4743e3e918289e55c4b9e459 Mon Sep 17 00:00:00 2001
From: Anders Andersson pipat...@gmail.com
Date: Tue, 23 Mar 2010 02:07:37 +0100
Subject: [PATCH] Added a new GETINFO item 'bytes'

---
 src/or/control.c |7 +++
 src/or/main.c|4 ++--
 src/or/or.h  |2 ++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/or/control.c b/src/or/control.c
index 771beae..d591065 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -1328,6 +1328,11 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
 *answer = tor_malloc(HEX_DIGEST_LEN+1);
 base16_encode(*answer, HEX_DIGEST_LEN+1, me-cache_info.identity_digest,
   DIGEST_LEN);
+  } else if (!strcmp(question, bytes)) {
+*answer = tor_malloc(42);
+tor_snprintf(*answer, 42, U64_FORMAT U64_FORMAT,
+ U64_PRINTF_ARG(stats_n_bytes_read),
+ U64_PRINTF_ARG(stats_n_bytes_written));
   }
   return 0;
 }
@@ -1810,6 +1815,8 @@ static const getinfo_item_t getinfo_items[] = {
Time when the accounting period ends.),
   ITEM(accounting/interval-wake, accounting,
Time to wake up in this accounting period.),
+  ITEM(bytes, misc,
+   Number of bytes read/written so far since Tor started.),
   ITEM(helper-nodes, entry_guards, NULL), /* deprecated */
   ITEM(entry-guards, entry_guards,
Which nodes are we using as entry guards?),
diff --git a/src/or/main.c b/src/or/main.c
index 74075b6..0e2b755 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -56,9 +56,9 @@ static int stats_prev_global_read_bucket;
 static int stats_prev_global_write_bucket;
 /* XXX we might want to keep stats about global_relayed_*_bucket too. Or not.*/
 /** How many bytes have we read since we started the process? */
-static uint64_t stats_n_bytes_read = 0;
+uint64_t stats_n_bytes_read = 0;
 /** How many bytes have we written since we started the process? */
-static uint64_t stats_n_bytes_written = 0;
+uint64_t stats_n_bytes_written = 0;
 /** What time did this process start up? */
 time_t time_of_process_start = 0;
 /** How many seconds have we been running? */
diff --git a/src/or/or.h b/src/or/or.h
index 737c197..75c43f9 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4192,6 +4192,8 @@ void accounting_set_bandwidth_usage_from_state(or_state_t *state);
 /* main.c ***/
 
 extern int has_completed_circuit;
+extern uint64_t stats_n_bytes_read;
+extern uint64_t stats_n_bytes_written;
 
 int connection_add(connection_t *conn);
 int connection_remove(connection_t *conn);
-- 
1.5.6.5

From 94b4451ff20ac8951ba7fa43edba1d4faa053505 Mon Sep 17 00:00:00 2001
From: Anders Andersson pipat...@gmail.com
Date: Tue, 23 Mar 2010 22:21:04 +0100
Subject: [PATCH] Documented the bytes option for GETINFO

---
 doc/spec/control-spec.txt |5 +
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt
index b60baba..17c59f6 100644
--- a/doc/spec/control-spec.txt
+++ b/doc/spec/control-spec.txt
@@ -498,6 +498,11 @@
with a $.  This is an implementation error.  It would be nice to add
the $ back in if we can do so without breaking compatibility.]
 
+bytes
+  Total number of bytes passed through the Tor node since startup, in the
+  form:
+read-bytes SP write-bytes CRLF
+
 accounting/enabled
 accounting/hibernating
 accounting/bytes
-- 
1.5.6.5