else's spam.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
injecting fake information into BitTorrent
like they used to do with Napster .. except that BitTorrent handles this
much better. The fallout from that is companies get a bunch of bogus
complaints.
My 0.02.
Cheers,
Michael Holstein
Cleveland State University
it.
The response is probably then
catalogued for some future court case.
As are all of the bogus notices and supporting documentation that
nothing has ever occupied that IP address.
Cheers,
Michael Holstein
Cleveland State University
Could you bind your exit traffic to IPs outside your University's
primary block?
Not sure what you mean by bind to outside IP, but our network is a
contiguous /16. We would have to register for extra /24s from ARIN, and
that costs money.
Cheers,
Michael Holstein
Cleveland State University
. It was the theft of academic journals (and
that doing so jeopardized our subscriptions) that did it in.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talk
Perhaps the best choice would be the one used by the most people.
http://www.eff.org/deeplinks/2010/01/tracking-by-user-agent
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord
Why couldn't your exit policy just block the IPs of the journal sites?
Because there's 1000 of them (and each would be a /32). It was
discussed in another thread at the time, and the developers led me to
the conclusion that such hugely long exit policies were a bad idea.
Cheers,
Michael
The main cause was the screen resolution.
Running TOR and leaving javascript enabled sort of defeats the point,
doesn't it?
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord
the need for your own ASN (because you're
multi-homed, etc.) then you *become* the ISP. This is completely
impractical for an end-user, but it's how Universities (and the like)
get away with hosting the nodes .. there's nobody else to complain to
but the entity itself.
Cheers,
Michael Holstein
funded by their respective states.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
relate tangentially to
the request but aren't specifically requested(*).
(*) : IANAL, check with your company lawyers in all cases when answering
legal process, etc.
A forward-going request is known as a Title III Order AKA wiretap.
These are quite rare by comparison.
Regards,
Michael Holstein
.
Cheers,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
.
And sniff/steal the session cookie.
Regards,
Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org
://download.intel.com/design/network/ProdBrf/27905403.pdf
Cheers,
Michael Holstein
Cleveland State University
.. I'm sure our side of the pond actively does the same.
Sneakier mice, better mousetraps.
Lather, rinse, repeat.
while().
Cheers,
Michael Holstein
Cleveland State University
Noticed today that gmail is again requiring
new account creation to use SMS verification.
Tried with a number of exits. Anyone else?
There are email-SMS gateways .. do the reverse not exist?
What about SMS-SIP services? .. eg :
http://www.iptel.org/ser/doc/modules/sms
entirely
in header-source forged UDP packets, but as best practices dictate (not
the everybody follows them) .. one should filter egress of packets with
a source address not within your netblock.
Cheers,
Michael Holstein
Cleveland State University
,
Michael Holstein
Cleveland State University
that appears to come from you, but isn't the real
you) .. all they care about is what comes out of your pipe.
Anyway .. good luck, and keep up the good fight!
Cheers,
Michael Holstein
Cleveland State University
with it.
Michael Holstein
Cleveland State University
pirates at PRQ have come up
with (Relakks .. www.relakks.com).
Cheers,
Michael Holstein
Cleveland State University
with the
TOR-you. So could your web-based email if you've EVER used it from an
identifiable location.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
It reminds me of some of the stuff out of the Matrix... hackers casing
damage by manipulating the code of the Matrix, Machines moving in and
out of everything...
Greetings professor .. would you like to play a game?
nodes are on academic sites).
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
of non-legitimate email coming from
anonymous routers makes TOR a pretty easy target.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
I've got my OR set up to be a bridge, and everything seems to be going
ok. However, I suspect that my ISP (Cox Communications) may be blocking
HTTP port 433, as I can't get a confirmation on it.
Well geez .. that's easy .. just tell us your IP address and we'll see
if we can telnet to port
-A INPUT -p tcp --dport (torDirPort) -m recent --update --seconds 60
--hitcount 1 --rttl --name TORdir -j DROP
(adapted from a SSH bruteforce mitigation rule to do a similar thing..)
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
I have what may perhaps seem like a strange question.
Is there any commonly used software for encrypting and
decrypting web pages?
Yes, SSL .. and it's been around for quite a while.
Let me explain that a little better: imagine a web
site which has content destined for specific
Despite my bias, an embedded java app
would not work since it would be
controlled (provided) by the hostile
server right?
You could sign the applet with a key provided to your clients, since
you're using a distribution model where you have known end-users (as you
need their keys to
Is there a mechanism to use HTTPS to
preencrypt web pages so that they
are encrypted on the server (and so the
server does not have the keys to decrypt
them!)
Not using HTTPS per-se, but you can use SSL to encrypt files.
My initial constraints are that once the data
is put on the
of complaints
mine generated, but I still have copies of the various subpoenas I got (*).
Good luck in any case!
Cheers,
Michael Holstein CISSP GCIA
Cleveland State Unviersity
(*): ultimately, it wasn't all the legal problems that made me take down
our node, it was the fact that I couldn't stop
I've been running a server (phrenograph) on a Comcast connection in
the Washington, DC, area for a few months now, and I haven't heard
anything from Comcast about it.
I guess I should have been more clear .. I ran the tor node on an
academic network, and we have our own ASN, so there's no
Are you sure OpenWRT on a Linksys can't handle the states with 32 MBytes RAM,
and a 0.2..0.5 MBit/s upstream?
Yeah, but the standard store-bought WRT54G (ver 6) is only 8mb.
Linksys uses Linux (Vxworks for its more braindead types of routers which
I know nothing about), but the default
What exactly is happening? Somebody is using your Tor exit node to
access a website (yahoo mail) and using that to send spam? And this is
being traced back to you by the spam being traced back to Yahoo, and
Yahoo checking their webmail logs and finding your exit node's IP?
Look at a Yahoo!
http://your.router.ip
username: blank
password: admin
Go to the advanced tab - forwarding
set up two applications, ORport, DIRport .. select TCP, select 9001 and
9030, and point them to whatever IP you have on your linux box.
Make sure you tell TOR to advertise your external IP address via
Don't forget the side effect - that the more questionable material we
filter the more remains to be used in legal ways.
You're missing the point.
If you live under a repressive regime whereby you feel legally obligated
to filter the exit traffic, you should be using the client, not running
be easy to implement in a
proxy, and the TCP mangling because it'd be easy with NetFilter).
Performance-wise, you'd want to cache the list of nodes/can't-do's in
memory, since you wouldn't want that stuff written to disk (ever). That
might be the Achile's heel in my idea.
Cheers,
Michael
Some times ago we have a thread about SORBS and many exit nodes were
listed in this DNSBL with the attribut trojan hacked. Conclusion of
the thread was: They have no glue!
Yeah .. well SORBS is to be taken with a grain of salt.
Google sometimes does not work with several exit nodes and
Mrtg motoring of my box clearly shows what's going on with throughput
and cpu load. Thus I'm bothering this mailing list with more enhanced
multithread capabilities, taking better advantage from multiple cores.
Two ideas :
run multiple instances (and use family option), and let each instance
.. then you generally get a 1-year ban from that company.
On the plus side, getting canceled by them gets you out of your contract
agreements. Play your cards right and keep mis-spelling your name when
you sign-up, and you can switch between cable and DSL forever.
Cheers,
Michael Holstein CISSP GCIA
ranges
Cheers,
Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University
(gaak .. make that 759 queries, 709 NXDOMAIN, and 48 that appear somehow
.. the rest of what's below is correct).
~Mike.
Michael Holstein wrote:
SORBS marks TOR servers as zombie spammers I believe.
Um, in the interest of settling this argument :
grep router cached-routers |grep -v
about the earlier screw-up. Mea culpa.
Michael Holstein CISSP GCIA
Cleveland State University
(while we're on the subject..)
Using the same testing method, AHBL's standard dnsbl lists 14 of the
routers, but they have a second one (tor.ahbl.org) that lists 823 of
them (only 63 return NXDOMAIN).
It's also not rocket science to run a client (or wget the directory from
router/tor) and
I've seen a VM that routes all traffic over TOR, invisibly to the O/S.
(Not sure what they do about UDP).
Developed at Georgia Tech.
One better .. TOR on OpenWRT on a Linksys router.
Tor at the *hardware* level.
~Mike.
checking for libevent directory... configure: error:
Could not find a linkable libevent. You can specify an
explicit path using --with-libevent-dir
./configure --with-libevent-dir=/usr/local/lib
that got it working for me (also Ubuntu 6.10 here, but the gnome variety)
Poor kids DON'T!!!
Okay .. we're seriously off-topic here, but many a person's rights are
trampled because :
it's for the children...
There is no okay form of censorship. A spade is a spade is a spade.
If you believe in censoring this or that, under any guise, then maybe
TOR isn't the
being the one based on OpenBSD (Anonym.OS).
Other general recommendations :
Firefox (dump cookies on exit, no cache, etc)
NoScript plugin (no javascript)
FlashBlock plugin (no flash)
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Have a look over here :
http://gemal.dk/browserspy/
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Bryan Fordham wrote:
on a more general note: Does anyone actually have an example of how
javascript can compromise your anonymity? Not it can obtain your
IP-type stuff
I have yet to see an example of pure JavaScript code that can read an
end-user's IP address. Any code I've seen returns either localhost or
127.0.0.1.
Bear in mind you need not get javascript to return the results of
something like ipconfig /all to work .. all you need do is create a
non
because that's the first place
folks will look.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
Sam Creasey wrote:
I know I've seen this discussed on here, and it's pretty much just a
FAQ at this point, but somehow my google skills are failing me...
Does anyone have a link
the SIG_WHATEVER
will have to be either the same UID as what started TOR, or root .. a
security concern since I'm guessing you want to do some web $foo with it
and PHP.
Regards,
Michael Holstein CISSP GCIA
Cleveland State University
Mr. Blue wrote:
Hello,
I am new here and am trying to utilize
True, but that's configurable in most sensible browsers.
In Firefox, check out the stuff in about:config
specifically the general.useragent.* stuff.
Better yet, get the User Agent Switcher plugin.
~Mike
devel wrote:
Hello,
In some cases when OS version or architecture are not popular, I
for examples .. I've
posted one (SXW format) that has worked for $3_letter_agency subpoenas.
4. Since my machine has about 22K/s bandwidth, how likely is it that I
will be badly backlogged / overtargetted?
Set the BandwidthMax and Min to appropriate values and sleep easy.
Cheers,
Michael
nodes, given a copy of
the current directory : http://belegost.mit.edu/
Please let me know if I can be of further assistance.
Regards,
Michael Holstein CISSP GCIA
IST Information Security
Cleveland State University
xiando wrote:
Subject: EZZI.net Abuse Warning
Date: Tuesday 23 januar 2007 22:39
However, I don't know what that -HUP is about.
man signal
(-HUP is 'hangup' .. )
are separate
from your normal one.
Then just set up a shortcut to involke the second instance using the
-ProfileManager switch, and select the 2nd profile.
GeorgeDS wrote:
On Tue, 2007-01-02 at 13:23, Michael Holstein wrote:
The reason I suggested seperate Firefox profiles is you can have the
anonymous
this problem on a similar **Linux**
system, I'd like to know how.
Thank you,
George Shaffer
On Wed, 2007-01-03 at 08:51, Michael Holstein wrote:
It's easy.
Start your first instance of firefox as usual. Start the second one like
this : /path/to/firefox -ProfileManager and create a new profile (call
Most exit nodes disallow port 25 (smtp) because NOT doing so would make
TOR a spammer's paradise. If you know a relay-server that runs smtps or
uses an alternate smtp port, use that.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University.
Job wrote:
Hello,
I just got Tor
So if i use a web based email and use firefox with Tor to access it with
my normal settings(the settings that I always use when i use the
Internet) so not a totally separate profile.The receiver still wont be
able to trace me right?
Well .. sort of. The problem is cookies from the likes of
will be able to trace me but not
receivers of emails as I am not sending any at that moment.
Michael Holstein schreef:
ps: am i correct that if i use a webbased email account(for example
gmail) without pop3 and I use (Torified)Firefox to acces it I CAN
send emails out without the receiver being
what about http://www.showmyip.com
It will tell you if you're using a TOR node (and which one, as well as
its exit policy)
~Mike.
Robert Hogan wrote:
Hi all,
http://lefkada.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1
https://tns.nighteffect.com/
https://torstat.xenobite.eu/
All of the above
What about the Department of the Navy that initially funded it? I
wonder if it was pointed out in these meeting that it was the DoD that
wanted this in the first place through the Office of Naval Research
and DARPA?
Simple. It's okay for them to be sneaky to avoid *US* (the citizens)
from
i am new to tor and was wondering if it is possible to setup tor in a private
intranet without gateways to the internet? i have to
assume it is, but where would i find documentation and code to build such a
system?
Yep .. just setup your own DirServer. See :
There have been various TOR exit nodes that have been behaving badly
lately (check the tor-talk list) .. some are doing frames, popups, etc
.. there is a list of bad nodenames somewhere on that list (can't find
it at hand..)
Personally, I wouldn't use any exit node in China .. use the
I agree that being behind someone else's firewall is a problem as the
user may not understand the implications of this and thus advertise an
impossible exit policy.
Suggestion for the coders .. make the client test itself and adjust the
exit policy on the fly.
4. A couple dozen _fast_ 24x7 exit nodes are run by
trusted operators (read: known personally by Nick or
Roger) on a local machine the operators control.
The $3_letter_agency would just *love* to have a dozen places (or 2
people) they already know about to serve the subpoenas.
7. All Tor
Depending on what constitutes authentication (and encryption). If the
encryption adds integrity to the authentication (if not there already)
and prevents an eavesdropper from being able to trivially learn what
is needed to masquerade as you, then it has value against adversaries
not
what prevents government from running Tor (exit) points and sniffing
exit (incoming) traffic on them?
Nothing .. but the incoming traffic (between nodes 2 and 3) would be TLS
and encrypted.
(this is what I thought was happening when I saw a .cn exit node)
~Mike.
what about configuring your SMTP/POP3 port to something else?
Sure .. if you can find a MTA that will do that (and of course you could
always set one up, but that'd totally defeat the purpose of trying to
hide the path).
Really, you're better off with tools like Mixmaster. The alternative
There is no way in Windows to redirect all DNS queries over Tor
at a system level yet. Only at an application level.
You can use TorDNS to accomplish that.
http://sandos.ath.cx/~badger/tordns.html
/mike.
Why not just install the User Agent Switcher plugin for firefox?
http://releases.mozilla.org/pub/mozilla.org/extensions/user_agent_switcher/user_agent_switcher-0.6.8-fx+fl+mz.xpi
Does the same thing on the fly.
~Mike.
Anothony Georgeo wrote:
---
*CONCEPT*
There has been bit of
iptables -t nat -A POSTROUTING -p tcp -d ip of journal --dport 80 -j DNAT
--to-destination ip of you webserver
FreeBSD here, but I'll try something along those lines.
Still, I would also agree that rejecting *:80 would be the best until
this IP as authentication issue is resolved.
Since the
Thus making Tor suck for everyone. The better approach would be to just
say reject *:80 or reject *:* or something like that. Your node is
still useful as a middleman and wouldn't actively harm clients.
Everyone how? .. it'd just affect people trying to access a specific set
of academic
suggestions?
Regards,
Michael Holstein CISSP GCIA
Cleveland State University
There are methods (and they are used) to read data from a overwritten
disk.
Has anyone tried creating a (ro) flash-boot linux system for TOR with
all the (rw) stuff mounted in RAM ?
Such a device would raise the bar quite a bit, no? (AFIK, there is no
data remanence problem with DRAM ..
\%r\ %s %b common
Complete docs :
http://httpd.apache.org/docs/1.3/logs.html#accesslog
Perhaps I'm missing something, but if all you want to do is have an
Apache server that dosen't log what comes in, there are much easier ways
than using Privoxy (et.al.) to do it.
Cheers,
Michael Holstein
The idea is a system wide solution that allows any user group to
install any semi-random PHP/MySQL frob without having to hack around
trying to find and disable its IP logging.
Then do as Dan just suggested and forward it using your firewall ..
advantage there is you can still ban a user if
: the orport appears to be unreachable.
I really don't know how the connection works in VMWare environments.
Do I have to forward the orport to the VMWare IP or to my Windows IP?
Also, does it need bridged, NAT or host-only mode in VMWare?
Michael Holstein schrieb:
Okay, I just tried out a different
So the problem is that a motivated adversary can subpoena or simply
ask DoubleClick to hand over their IP/cookie logs. If you are using
Tor for /everything/, then what they get from DoubleClick for that
email address is just a Tor IP, no harm no foul. However, if the user
had set up a filter that
SwitchProxy lets you manage and switch between *multiple proxy
configurations* quickly and easily. You can also use it as an anonymizer
to protect your computer from prying eyes.
Main bummer about that is it's a global setting. I wish I could control
the proxy settings per TAB, not globally --
81 matches
Mail list logo