logs archiveIRC Archive / Oftc / #tor / 2009 / November / 30 / 1
rodrigos
i will demonstrate the leak of an javascript browser porblem, that mean, a user is using tor, but doesnt enable the tool no-javascript, so an XSS or other exploit will compromise the User
darrob
rodrigos: if i understand you correctly this is not really news.
dsp
yeah, tor constantly warns users against having javascript enabled
rodrigos
so i need an exploit which can attack over javasrcipt, maybe an zeroday exploit, to demonstrate this, i know this issue is not new, but i will demonstrate it live for Beginners.
dsp
filtering of that stuff is left to other applications, like privoxy or whatever else
i hope you're doing it as a sort of "make sure you have well configured clients" demonstration and not as a "this is an attack on tor" demonstration, because it's really not
rodrigos
so i need your help, to solve this problem
dsp
http://blogs.zdnet.com/security/?p=114
rodrigos
dsp: thtats of course correct, but it is an attack against the anonymity
phobos
rodrigos: http://decloak.net
         

rodrigos
so i have installed an apache server ion my local machine on an virtual machine, and there is an php site, on there i will have the javascript exploit
phobos
is this with torbutton enabled in firefox 3.0.15 and javascript enabled?
spahan
hi, i use python and try connect to webservers trough Tor with socks5. This works as long i use DNS-Names, but not with IP Addresses. I always get connection refused errors. Any idea what im doing wrong? I use the vidalia bundle on macosx.
rodrigos
phobos: where can i find zero day exploits?
atagar
heh, you do realize that a zero day exploit is *by definition* not generally known, right?
rodrigos
ok, thats right, so .. a not very old exploit ...
atagar
rodrigos: I'd imagine the appropriate googling will yield your answer, but reguardless this is probably best a discussion for #nottor
rodrigos
ok thakns
user0815
can I use the tor control-port 9051 for remote connections?
I have a running tor-client on a linux-machine, but I installed vidalia on my other windows machine
so I want to use vidalia for a graphical tor-network watching
atagar
user0815: I'm kinda curious too - have you tried? If the control port does require a localhost connection then perhapse you could set up a socks proxy then use that.
user0815
atagar: thanks for your answer. On Preferences in Vidalia, I can configure the the remote computer who has running the tor-client.
I enter the right ip for my control-port, but I think my remote tor-client oly accepts connections from 127.0.0.1 instead of other machines
Clearly: When I use the telnet 127.0.0.1 9051 command on my linux-system (where the tor-client is installed), this works perfect
but If I try it from my window-machine with cmd.exe, he doesn't have an open port (9051)
atagar
just to make sure, you've ruled out all the blocking issues like firewalls, nat routing, etc - right?
user0815
that means, when I enter the address and control-port-number in Vidalia, he logical can't connect to my remote tor-client, because telnet also doesn't connect to.
yes, win-machine has no firewall
and linux-machine has also nothing
because both machines are at home
that piece here makes me wondering
Nov 30 00:56:24.144 [notice] Opening Socks listener on 0.0.0.0:9050
Nov 30 00:56:24.146 [notice] Opening Control listener on 127.0.0.1:9051
see the second line
seems that he wants to accept only control connection from the same machine ?
tor -> socks listener 0.0.0. work well
... for remote machines
tor -> control listener 127.0.0.1 <<<--- my tor-client should output something like "control listener on 0.0.0." (for all machines in my network)
Ups, I mean "Open Control listener on 0.0.0.0:9051"
but how to config that? In the torrc I can only say "ControlPort" but not which machines can use them
atagar
have you tried something like "ssh -D 9051 <linux ip>" then connecting vidalia to localhost:9051 (this is new to me and not in a position to try so haven't a clue if it'll work)
user0815
yes, that could be a idea
I tried that
... some minutes ago
because I have not ssh -D .... command on my win machine, I tried to make it with putty
telnet works
!
but vidalia........
I think it's a Vidalia software-problem
because vidalia always tells me that tor doesn't run, but tor runs (!) on an other machine and not local
ah *sh*tt*, I downloaded a development (beta?) release of vidalia
I try it with the last final of Vidalia again...
keb
vidalia 0.2.6 works fine for me
IBM
how can I connect locally to tor
basically ok I have tor runnin and it blocks anythin but 127.0.0.1
i need it to allow other ips
SocksListenAddress
can I have more than 1 of those/
nsa
or: atagar committed revision 21062 (/arm/trunk): Weekend bugfix bundle.
or: added: most commands can be immediately executed from the help page (feature request by arma)
or: fix: truncating header's version fields if too long (caught by hexa)
or: fix: file descriptor dialog now provides a wider variety of error messages in case of failure
or: fix: offset issue in connections listing when scroll bar was visible
or: fix: removing family connections from listing when control port is closed
keb
IBM : tor doesnt block anything, but your router or firewall might block things
what are you trying to do
danieldg
tor does "block" connections by only listening on localhost. Bind to 0.0.0.0 if you want access from other hosts.
         

keb
well your browser and other stuff just goes straight to the internet if you dont make it connect via tor
danieldg
well *that* is not a tor issue at all :)
I was assuming he was trying a setup like I have, with a single tor node (on a snapshotted VM) that is used by hosts on the LAN
keb
could be
IBM
just as I thought
tor doesn't follow the socks5 protocol
it doesn't return the ip and port just 0's
you can't half ass that, it breaks a lot of clients
keb
https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy
arma
ibm: what socks5 clients do we break? i chose that version of socks5 originally because that's what firefox did.
joy2theworld
ping
I see several bloxortsipt nodes with odd garbage in the cached-descriptors file, these nodes were mentioned in July and they have popped up again.
on or/talk mailing list they were mentioned
arma
yeah, i noticed a few earlier today too.
no harm yet, as far as i can tell. except some of the descriptors appear to be funny-looking, yeah.
what's the odd garbage?
joy2theworld
1 moment
i'll quote from the post
and the previous mention of these nodes
1 moment
arma: here's the post: http://l6nvqsqivhrunqvs.onion/?do=topic&id=8386
arma: here's the previous or/talk discussion: http://archives.seul.org/or/talk/Jul-2009/msg00367.html
" they are not safe relays
to use, and their operator(s) has thus far demonstrated irresponsibility
and/or incompetence for the safe operation of tor relays."
- http://archives.seul.org/or/talk/Jul-2009/msg00370.html
happy holidays, gat
gat
you too :)
joy2theworld
:D
happy holidays, ulf-
ulf-
y?
joy2theworld
:P
arma: did the information above help?
gat
oh something that i've been wondering about; is there any writing or papers on how Tor defeats 'funneling', assuming each node gets to pick the next node to follow, an adversarial node could pick a series of adversarial nodes and be able to connect the origin IP with the connection?
arma
gat: yeah. each node doesn't pick the next node. the client does.
gat
aha
arma
joy2theworld: what is it with all the people who read random rumors on some .onion site and then come here for confirmation
gat
the actual documentation on tor is pretty thick for someone without experience in the field ;/
arma
joy2theworld: the random rumor on the .onion site, like most of the ones i am pointed to, is mostly incoherent. the 'garbage' is just a whole bunch of entries in the 'family' line. which would contradict the quote they have from scott about how it doesn't set 'family'.
joy2theworld
arma: if I have offended you or wasted your time, I'm sorry.
arma: why are there so many family nicknames which don't exist as nodes? And not every nickname for each node is listed within family, some of them aren't listed but exist apart from the others without a fingerprint
arma
indeed. he is doing something weird, that's for sure.
joy2theworld
arma: should this not be cause for concern?
arma
i don't see that many actually running
7
and they're all tiny
joy2theworld
arma: I counted 7 or 8, wouldn't this be enough to potentially ruin connections?
if you consider several are not listed within their family
arma
so i'm not too worried. the chance that anybody will use one of them is tiny. the chance that you'll use more than one is tinier. especially if they're in the same family.
which ones are not in a family together?
joy2theworld
I'd have to backtrack to check
since you've stated it's not a cause for major concern, I'll rest easy with your response and drop it. :-)
arma
right. it sucks that it's hard to check that. :(
somebody should mail the guy and ask just how many he's planning to set up, and does he have any way to consolidate them please
joy2theworld
indeed
does scott participate here?
arma
could you? :)
i don't think scott is here
joy2theworld
could I?
arma
mail him
joy2theworld
I could, but consider this first:
in the old or/talk thread there appeared to be a post from that family/op but he didn't post much past scott posting what I quoted and more
which leads me to believe, if he/she were monitoring said thread, they were probably running malicious nodes
I've not seen such odd formatting in awhile in downloaded descriptors
arma
it's just many dozen entries in the family line
tor automatically converts nicknames in the family line into digests, if it can find them. if it can't find them, it leaves them as nicknames
joy2theworld
and excluded nodes of similar naming outside the family
arma
what?
joy2theworld
i'll fire off an email but what good it'll do if she/he is malicious, I don't know, thanks for your time in checking this.
gat
if you set your tor to act as an internal relay only, with *:* blocked and all, is your ip added to that big list of tor exit nodes? or any list?
joy2theworld
gat: good question
arma
gat: depends which big list you have in mind.
gat
well one that people use to block people using tor
arma
there are a variety of lists. you won't end up on the one we provide (https://check.torproject.org/cgi-bin/TorBulkExitList.py),
gat
oh hmm
arma
but who knows about various others. in particular, some irc networks are really stupid about their lists, and have no plans to change because they want tor to die.
option one, try it and find out.
option two, be a bridge relay instead. you won't be in any lists.
gat
since i set tor up as a relay recently and not long after i found out i was on some spamblocklist and couldn't connect to an irc server. i was wondering if it was related or i was just assigned an unlucky ip by my isp
what does one do differently to be a bridge relay?
reading this https://www.torproject.org/bridges now
hm
'the main Tor directory'
arma: so people that are set up as internal relays get added to what list(s)?
arma
http://128.31.0.34:9031/tor/status-vote/current/consensus
joy2theworld
no! say it isn't so! Do you mean to tell me Freenode has dumped their public tor/irc hidden service (it only runs to say you can't use it?) and they only provide the gpg hidden service? Darn it!
arma
that's one version of the network status consensus, which lists all the relay that are available
joy2theworld: yeah. they still have the public one, but they just leave it banned all the time.
joy2theworld
that's a shame
time to generate a new gnupg key :P
I sent an email to that tor node person btw
arma
thanks
joy2theworld
welcome and thanks for your checking on it
gat
arma: so are the "reject 1-65535" people with "ExitPolicy reject *:*"?
arma
yep
see also doc/spec/dir-spec.txt
gat
oh dang
StrangeCharm
joy2theworld, it's not like generating an email account and associated key, and signing up, really hurts your anonymity. it's basically just a busywork exercise to make it extra-hard to start trolling again soon after being banned
gat
i had no idea. i guess i'm the reason i got added to that spamlist.
arma
gat: oh?
gat
arma: is there any way to not be added to any lists at all? not even the bridge one?
arma
gat: the bridge one isn't published anywhere
gat
arma: but you can get them through that one web interface right? or are those ones that volunteered?
arma
you can get a few of them through the web interface
you have to come from a lot of different ip addresses at once, to learn many of them. and even then, you only learn the subset that we give out through the web interface.
joy2theworld
StrangeCharm: ha, yes, true! :)
gat
arma: how does the web interface get those IPs?
arma
if you want to be a bridge but not have it given out in any automated way, you can unclick the box in the bridge window in the latest vidalia
that sets "publishserverdescriptor 0"
gat
aha
StrangeCharm
joy2theworld, if you are a good freenoder, you'll be fine, but if you're a spammer/troll, it should not become easier to access tor
arma
but then you'd better give it out yourself, or nobody will notice
gat
arma: but i'm still helping route internal tor traffic right?
arma
as for how the bridge authority works, see doc/spec/bridges-spec.txt
joy2theworld
StrangeCharm: true, I don't mind the hoops, it simply came as a surprise to me to see their public tor/irc hidden service out of order
arma
gat: no. if you set publishserverdescriptor 0, your tor tells nobody. you, the human, have to do it.
StrangeCharm
joy2theworld, it's not broken; they just realised that it didn't serve their purposes
gat
arma: it seems like it would be a good idea to be able to help out the network by routing internal traffic but not having your IP sent to any master server. like if i'm running say a torrent client DHT or a Kademlia node, i'm helping out with the network, but my IP doesn't get published anywhere.
joy2theworld
StrangeCharm: indeed, guess it's for the best
gat
i guess doing the bridge thing is the closest to what i want
thanks for the answers
joy2theworld
gat: "if you build it they will come"
gat
joy2theworld: heh something like that
i am curious how tor bootstraps itself and i'm hoping there's something in doc/ about it
StrangeCharm
gat, the documentation tells the programmers how to write tor. if tor's bootstrapping weren't described, it wouldn't happen ;)
joy2theworld
some tor exit nodes are weird and don't load common sites
gat
heh well, it either uses some master http servers or master tor nodes. all of this publishing IPs seems like an odd thing to do if bootstrapping can happen on the network only. seems like there would be an option for it.
joy2theworld
gat: what does it mean when you run tor as a client only and it says bootstrapped? I've only noticed this bootstrapped message appearing in the last few versions of tor.
and what would TLS handshake errors during client start be due to?
gat
joy2theworld: on other p2p networks it refers to the initial connection you have to make to join a distributed network whereby you have some initial set of nodes to refer you to other nodes
not sure about tls handshake errors. might make sure that you're running the latest tor.
joy2theworld
gat: ty
« prev 1 2 3 next »