Re: Restricted Exit Policy Port Suggestions?
In my opinion, more often then not DMCA takedown requests center around file-sharing and also more often then not the takedown requests actually have validity to them. There are certainly instances where takedown requests are incorrect but the frequency of them isn't high (again, my opinion). My $0.02, after having processed many a takedown request. If you want to exclude p2p, then I would bet that the amount of abuse reports would plummet. Cheers, Harry On Wed, 2010-08-11 at 08:44 -0400, and...@torproject.org wrote: On Wed, Aug 11, 2010 at 03:05:24AM -0700, mikepe...@fscked.org wrote 1.8K bytes in 55 lines about: : It's become clear that it is almost impossible to run an exit node : with the default exit policy in the USA, due to bittorrent DMCA abuse : spambots. I believe this means that we should try to come up with one : or more standard, reduced exit policy sets that allow use of the : majority of popular internet services without attracting bittorrent : users and associated spam. Giving in to the automated accusations of DMCA violations is a sad statement on the contemporary Internet. It seems the chilling effects of the DMCA are so palpable, no one wants to fight back any more, not users and not ISPs. See http://chillingeffects.org/ for more analysis and options on how to respond. Are there no ISPs/datacenters left in the USA willing to defend the First Amendment of the US Constitution and the user's legal protections under patent/trademark/copyright laws? : 1. Low Abuse (above list, possibly minus 465, 587 and 563) : 2. Medium Abuse (above list, plus IRC) : 3. High Abuse (default exit policy) I wouldn't call them varying levels of abuse, as the name alone implies exiting Tor traffic generates abuse. It doesn't. Many exit nodes run without incident for years. We could probably better study/poll exit node operators and ask how many abuse complaints or dmca notices they receive over time to get more data on this topic. And of course, everyone forgets their Tor exit relay will transmit TB of normal traffic without incident. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project infrastructure updates in response to security breach
Hi Roger, Thanks for the detailed explanation. It's always interesting to hear about how other go into the verification route when a compromise happens. Do you know the nature of the compromise? Was it against Tor itself or one of the other services running on the Directory Authorities? Just curious, as it sounds like each of the DA was running a different set of apps, but perhaps I read more into that then was said. Also, is there a need for hardware to be apart to physically partition services (i.e. svn,git,dns)? Or do you guys already have that covered? Cheers, Harry Roger Dingledine wrote: On Wed, Jan 20, 2010 at 04:43:44PM -0500, Roger Dingledine wrote: In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org Here are some more technical details about the potential impacts, for those who want to know more about Tor's innards: - #1: Directory authority keys Owning two out of seven directory authorities isn't enough to make a new networkstatus consensus (you need four for that), but it means you've only got two more to go. We've generated new v3 long-term identity keys for these two authorities. The old v3 long-term identity keys probably aren't compromised, since they weren't stored on the affected machines, but they signed v3 signing keys that are valid until 2010-04-12 in the case of moria1 and until 2010-05-04 in the case of gabelmoo. That's still a pretty big window, so it's best to upgrade clients away from trusting those keys. You should upgrade to 0.2.1.22 or 0.2.2.7-alpha, which uses the new v3 long-term identity keys (with a new set of signing keys). - #2: Relay identity keys We already have a way to cleanly migrate to a new v3 long-term identity key, because we needed one for the Debian weak RNG bug: http://archives.seul.org/or/announce/May-2008/msg0.html But we don't have a way to cleanly migrate relay identity keys. An attacker who knows moria1's relay identity key can craft a new descriptor for it with a new onion key (or even a new IP address), and then man-in-the-middle traffic coming to the relay. They wouldn't be able to spoof directory statements, or break the encryption for further relays in the path, but it still removes one layer of the defense-in-depth. Normally there's nothing special about the relay identity key (if you lose yours, just generate another one), but relay identity keys for directory authorities are hard-coded in the Tor bundle so the client can detect man-in-the-middle attacks on bootstrapping. So we abandoned the old relay identity keys too. That means abandoning the old IP:port the authorities were listening on, or older clients will produce warn messages whenever they connect to the new authority. Older Tor clients can now take longer to bootstrap if they try the abandoned addresses first. (You should upgrade.) - #3: Infrastructure services Moria also hosted our git repository and svn repository. I took the services offline as soon as we learned of the breach -- in theory a clever attacker could give out altered files to people who check out the source, or even tailor his answers based on who's doing the git update. We're in pretty good shape for git though: the git tree is a set of hashes all the way back to the root, so when you update your git tree, it will automatically notice any tampering. As explained in the last mail, it appears the attackers didn't realize what they broke into. We had already been slowly migrating Tor services off of moria (it runs too many services for too many different projects), so we took this opportunity to speed up that plan. A friendly anonymous sponsor has provided a pile of new servers, and git and svn are now up in their new locations. The only remaining Tor infrastructure services on moria are the directory authority, the mailing lists, and a DNS secondary. - #4: Bridge descriptors The metrics server had an archive of bridge descriptors from 2009. We used the descriptors to create summary graphs of bridge count and bridge usage by country, like the ones you can see at http://metrics.torproject.org/graphs.html So it's conceivable that some bad guy now has a set of historical bridge data -- meaning he knows addresses and public keys of the bridges, and presumably some of the bridges are still running at those addresses and/or with those public keys. He could use this information to help governments or other censors prevent Tor clients from reaching the Tor network. I'm not actually so worried about this one though, because a) we didn't have that many bridges to begin with in 2009 (you should run a bridge!), b) there seems to be considerable churn in our bridges, so last year's list doesn't map so well to this year's list), and c) we haven't been doing a great job lately at keeping China from learning bridges as it is. Hope that helps to explain, --Roger
Re: tor experimental???
Thanks Roger, I should have been taking better care of this box but have been super busy. My bridge is back up and running :-) Cheers, Harry Roger Dingledine wrote: On Wed, Jan 20, 2010 at 03:11:01PM -0500, Harry Hoffman wrote: So, at some point in time the apt url I was using for tor ceased to exist: http://mirror.noreply.org/pub/tor/dists/experimental-0.2.1.x-intrepid/main/binary-i386/Packages.gz Did experimental become unstable? Your url is quite old. Since then, we've A) moved to deb.torproject.org, and B) renamed the experimental branch to experimental, so you don't need to name a branch. What happened in your case is that 0.2.1.x is the new stable. You might like https://www.torproject.org/docs/debian#ubuntu or https://www.torproject.org/docs/debian#development Hope that helps, --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] Problems With Outlook 2k2
isn't email (i.e. tcp/25) blocked by default as a exit policy? Programmer In Training wrote: As part of my attempts to write an article about using GPG and Tor with Outlook I set up a test email account. O says it connects just fine and sends/receives a test message, but when I attempt to send my own test message to another email address, I have nothing but connection time out issues. As soon as I get these issues sorted, I'll be posting the last in my series before bringing them together in a static web page. Also, it appears I cannot change how /just/ MSO connects to the internet without changing system wide settings, but I'm continuing to look into that aspect. Please reply off-list with suggestions or help. P.S. For those who aren't subscribed to my news feed, my article for setting up Thunderbird to us Tor and GPG. http://blog.joseph-a-nagy-jr.us/2010/01/getting-serious-about-security-email-and-you/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Conspiracy: Piratebay owned by CIA (TOR involved, also)
oh, sure this has been known for a long time. In fact, the CIA will even pay you (much like google adsense) per MB that you allow them to intercept upon exit. At $0.20USD/MB I was able to supplement my regular income. Soon I'll be able to quit my regular job. It's like all of those emails say, let your computer work for you! Cheers, Harry PS - Why does Baphomet have breasts? ;-) Timo Schoeler wrote: http://joyn.org/conspiracy/ThePiratebay-owned-by-CIA.html
Re: Conspiracy: Piratebay owned by CIA (TOR involved, also)
Um, sorry... any references made to actually receiving money from a government organization for capturing traffic were meant as a joke. The article was so ludicrous that it (IMO) deserved a humorous response. Too many conspiracy theories going on now-a-days. Cheers, Harry krishna e bera wrote: Could someone post the contact addresses for cashing in? And perhaps some proof that they do (or do not) pay? On Tue, Jun 23, 2009 at 03:55:57PM +0200, Timo Schoeler wrote: thus Tom Hek spake: On Jun 23, 2009, at 15:01 PM, Harry Hoffman wrote: At $0.20USD/MB I was able to supplement my regular income. Soon I'll be able to quit my regular job. It's like all of those emails say, let your computer work for you! You get payed $0.20USD/MB? I only got an offer of 0,05 euro/MB from the AIVD (the Dutch intelligence service). Maybe I should think about moving to the VS.. -Tom :D Well, I just bought a nice house at the sea side in south west Portugal (paid by BND, for my exit nodes running ;). SCNR
Re: Information at exit node.
Hi Brent, At the very least the src ip (although this would be another tor server), src port, dst ip, dst port, protocol (tcp), timestamp. If the traffic is unencrypted (i.e. you browse to www.google.com) then you can also add application protocol (i.e. HTTP) and payload (i.e. GET / HTTP/1.1 Host: www.google.com) HTH, Harry Brent Clark wrote: Hiya Still kinda new to Tor, so my questions is, what information can exactly be gathered by an exit node? If someone can help me understand, if would be appreciated. Kind Regards Brent Clark
thoughts???
Just came across this: http://hosted.ap.org/dynamic/stories/T/TEC_PUNISHING_PROXIES?SITE=ILEDWSECTION=HOMETEMPLATE=DEFAULT Cheers, Harry
Re: Metasploit Decloak Project v2
Interesting, it works with Open Office on Linux revealing the true ip addr. There's a option in OO to use a proxy, it was set to system at the time and I tried just using foxyproxy. But yeah, like someone else mentioned, using iptables to redirect all attempts so that you don't have to worry about a app mis-behaving is a good idea. Cheers, Harry On Sun, 2008-12-14 at 19:26 -0600, H D Moore wrote: On Sunday 14 December 2008, Roc Admin wrote: It doesn't seem like there are any new attack vectors but I wanted to pass it along to see if anyone had comments. I am looking for feedback as well -- right now, the reporting side is pretty weak, but that should improve this evening. Roger pointed me at the torbutton design notes, so I will continue adding coverage/techniques there. This test should work on all browsers regardless of security settings or scripting. No test requires javascript, which should give an accurate view for folks who run noscript/torbutton. My own testing with torbutton shows it to be really solid (only tor exit and tor exit's DNS servers show up). -HD
DNS queries through the Tor network
Hi, Just curious to get some expert opinions from the tor maintainers about how to deal with the new DNS vulnerabilities being discussed[1]. Is anyone testing whether or not the DNS servers available via exit nodes are patched? Cheers, Harry [1] http://isc.sans.org/diary.html?storyid=4765
RE: How do we defeat exit node sniffing?
Why do you think it would be embarrassing? I'm fairly certain that some exit nodes have been setup as research projects. On Thu, 2008-06-05 at 21:49 -0700, Wesley Kenzie wrote: snip Or BostonUCompSci? It would be kind of embarrassing to Boston University wouldn't it, if they were found to be sniffing? It is probably too much to expect at this point, though, that a list of trusted exit nodes will be publicly compiled. I think you have to do your own investigations and come up with your own list. /snip