logs archiveIRC Archive / Oftc / #tor / 2010 / April / 16 / 1
katmagic
Oh, wow. Now I understand the Nazi comment.
bja
trols are in the air .... ho ho
optical
sorry, the paste was not meant to include the website but merely the error message
it applies to any websites i am surfing
the connection will break or time out, the browser will show the error message
then i press refresh, and it starts chugging away again
i can't figure out what is causing it to time out though
dr|z3d
optical: Firefox?
optical
Yep.
eiii
hello
dr|z3d
optical: Try adding the key network.dns.disablePrefetch to about:config and setting to false, if it's not already present.
eiii
how do i get a new identity on ubuntu?
*using Tor on ubuntu
dr|z3d
eiii: Use Vidalia.
         

eiii
i installed tor and polipo it works
vidalia is a gui right
dr|z3d
Indeed.
eiii
is it in repository
(Im linux noob)
dr|z3d
Have you added our repository?
Sebastian
https://www.torproject.org/docs/debian-vidalia that should help
katmagic
It's in the torproject.org/universe.
eiii
yes "deb-src http://deb.torproject.org/torproject.org <DISTRIBUTION> main"
karmic .
katmagic
You have to add "deb-src http://deb.torproject.org/torproject.org karmic universe", too.
vidalia's in there.
Sebastian
universe? nope
eiii
can i try sudo apt-get
Sebastian
yes
but please follow the guide on the website I pointed you to
katmagic
It's listed with universe on my machine.
Sebastian
it should work nicely
eiii
damn nice
:)
:))
tks
dr|z3d
eiii: Right click on the systray icon -> new identity.
eiii
it's "retrieving network status"
connected
katmagic
Ah. It's *listed* as universe, but you don't actually have to have it in source.list.
eiii
do i need polipo?
in winblowz i just used tor and vidalia
dr|z3d
Yeah, you do.
Firefox is broken without it.
eiii
i see
         

katmagic
You can set TorButton to not use it; you'll get more timeouts that way, though.
eiii
yes i tried torbutton but it messes with firefox config that is already config to be anonymous
:)
http https 8118 socks 9050
right
and dns by socks
katmagic
I see. Firefox has built-in (broken) SOCKS support; if you remove the HTTP lines, everything should work.
Err, fields.
Sebastian
Torbutton protects you against way more than that, see https://www.torproject.org/torbutton/design/
Feel free to not use it, however.
eiii
i know it disables a lot of things
java addons etc
katmagic
It also hooks evil things like CSS visited links and malicious JavaScript.
eiii
"Sorry. You are not using Tor." Your IP address appears to be: 92.143.76.225
some bug
thats not my ip
:P
katmagic
And state isolation and such.
eiii
btw i had to start polipo manually
katmagic
That happens sometimes. You got a router newer than the script knows about.
That's a problem in the Ubuntu packaging.
eiii
oh ok
"Congratulations. You are using Tor" and new ip
katmagic, if i want to set up a relay do i need to install something?
katmagic
No, just Tor.
You may have to set up port forwarding, though.
eiii
ye tor helps with it
katmagic
I think Vidalia takes care of that, but I'm not sure.
eiii
*vidalia
ye
it uses upnp
which is enable in my router
can it be dangerous
katmagic
Yes, actually.
eiii
and dhcp too
katmagic
(UPnP, not Tor/Vidalia)
DHCP leak some information, but not too much, and only to the router (or persons listening on the local network).
eiii
so a person from internet cant make dhcp attacks?
katmagic
They're not attacks really, it's just that people are relying on them for too much.
sqrt2
I'm experiencing a weird problem with the entry/middle node I'm running.
katmagic
The only thing I can think of with DHCP is that it might leak your hostname when you connect to a router.
eiii
hmm
sqrt2
At approx. Sunday, 6:00 UTC the traffic flowing through my node dropped to insignificant amounts.
Sebastian
the big problem is upnp
sqrt2
Restarting the Tor daemon made the phenomenon go away for a couple of hours, now almost no traffic again.
Sebastian
many routers have insecure implementations
I recommend turning it off
eiii
ok
Sebastian
sqrt2: nothing in the logs?
eiii
ill do it
katmagic
(That shouldn't be a problem unless you're using untrusted wireless networks and you're trying to hide your identity from the router.)
Sebastian
eiii: that does mean you'll need to forward ports manually.
eiii
yes
i know
sqrt2
Sebastian: On Sunday "bad-running router" messages. After the restart, nothing.
"bad running-routers"*
Sebastian
katmagic: not true. It also means that when you run any kind of browser plugin that disrespects the sop or the browser has a bug, any website gets to reconfigure your router. Often including reading/writing passwords etc.
sqrt2: do you have the exact message available?
sqrt2
Sebastian: for example:
Apr 11 18:30:38.699 [warn] Bad running-routers from server '67.159.37.30:80'. I'll try again soon.
katmagic
DHCP?
sqrt2
Apr 11 18:30:38.751 [warn] couldn't find start of hashed material "network-status"
Sebastian
katmagic: upnp
sqrt2: oh wow
sqrt2
That with a couple of different servers.
katmagic
(Action) was talking about DHCP.
sqrt2
Sebastian: Someone trying to MITM?
Sebastian
katmagic: that's why I said "the big problem is upnp"
sqrt2: no, probably not. That sounds like either a big bug or a hardware problem
sqrt2: what Tor version on what OS is that?
sqrt2
Sebastian: My node has been running flawlessly for months. I think I updated Tor in between, but the new version should be running after the restart.
Sebastian: Now v0.2.0.35.
It's from the Debian stable repository.
Sebastian
are you on Debian?
Lenny?
sqrt2
Most likely.
I can't keep track of the names any more.
/etc/debian_version is 5.0.4
Sebastian
yeah
lenny
sqrt2
Sebastian: Known to be broken version?
Sebastian
So there was a bug in Lenny's glibc that would've made this behaviour possible a while back.
do you have all updates, and did you reboot after the last glibc update?
sqrt2
I do have all the updates. I have probably not rebooted, but I can't remember a glibc update. I usually reboot after those.
Sebastian
hm.
the package would be called libc6
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
that is what I have
sqrt2
2.7-18lenny1
Sebastian
yeah
that's not cool
;)
sqrt2
Why didn't I get the new package? That's the output from apt-cache.
Sebastian
No idea
sqrt2
Also, funny that the bug seems to be triggered after months and months of stable operation.
# apt-get install libc6 =2.7-18lenny2
libc6 is already the newest version.
Sebastian
dpkg -l | grep libc6
sqrt2
lenny2
Sebastian
ah, then you have the latest version
sqrt2
What is apt-cache showing me there, then?
Sebastian
I have no idea
my uptime is about 40 days, I think I rebooted last at the glibc update
sqrt2
I will try rebooting, then report back if traffic drops again after a couple of hours.
Thanks so far, Sebastian.
Sebastian
good luck
H7G6F5E4D3C3B1A
testing
eiii
:P
so now that i disabled upnp i need to open 9030 port
to relay
Sebastian
jup
or well
whatever port you chose
eiii
ye
Sebastian
9001 is the default, I think
eiii
yes it is
thats the relay port
and there is another one
direct port
Sebastian
dir port
not direct
that one is optional
(dir is short for directory)
eiii
ye directory
:P
"mirror to relay directory"
"mirror the relay directory"
can i disable it
should i
my english :x
Sebastian
it doesn't really matter. If you have a bit of spare capacity, enable it.
sqrt2
I have the possibility of having Tor listen on port 443. Does that help? Are firewall admins that helpless?
Sebastian
yes, it does help. We recommend that people run with orport 443 or 80, if possible.
it doesn't help as much if you're not running a bridge, because then it is easy to just block Tor by IP
but it still helps.
especially if you are not an exit.
sqrt2
Funny that firewall admins don't understand security. Or their bosses don't.
eiii
brb
Tas
Sebastian: I use CFLAGS="-static" and that works fine :-)
Sebastian
nice
Tas
it's all what#s needed for a static binary
Sebastian
sounds good
BarkerJr
my relay is telling me to upgrade :)
Sebastian
yeah, our version detection doesn't like it if you use 0.x.y.z-dev if there is a 0.x.y.z+1 version out
Tas
a new version? *goes upgrading*
nsa
or: [ernie/master] 2010-04-15 23:08:25 Karsten Loesing <karsten.loesing@gmx.net>: Add consensus health web page.
z3r0
is it possible to make a program only see TOR for the internet, even if it doesn't support proxies?
rudi_s
z3r0: Simplest would be to use a virtual machine like qemu or virtualbox and then force the traffic through tor.
z3r0
hrmm
what if the machine isn't powerful enough to do that?
its more of a need to modify the program in question, not TOR isn't it?
rudi_s
z3r0: You could also try something like torify; never used it though.
z3r0
does it work on linux?
rudi_s
z3r0: Yes.
z3r0
excellent
« prev 1 2 3 next »