logs archiveIRC Archive / Oftc / #tor / 2010 / April / 4 / 1
amn
hey is ir possible to use tor with only one ip addreess ??
it*
SwissTorExit
yes, "StrictExitNodes" but it's not recommended if you need a maximum anonymity
dr|z3d
amn: Describe your use case to us, and we'll tell you the best approach.
Or perhaps I can guess..
You want connections to a certain site to _always_ come from the same address?
amn
in fact i want to access some restricted country websites
dr|z3d
So mapaddress is the directive you'll want to investigate, probably.
amn
websites allowed only from their country
dr|z3d
MapAddress google.com google.com.exitnode or similar.. the syntax is in the manual.
amn
and can i choose wich ip to use ?
dr|z3d
Or you can use ExitNodes {cc} and StrictExitNodes 1, as SwissTorExit suggested.
You can choose the exit, sure.
If you look in Vidalia's network map view, you can see which exits might be suitable.
Or you can use the online directory.
         

amn
the exit you mean the last node ?
dr|z3d
http://kprog.torstatus.de or similar.
exit is indeed the last hop in the circuit, the node which identifies as your ip.
amn
dr | z3d: can you tell me what i need to do exactly ( step by step ) please because i'm newbie
dr|z3d
Nope, I can't, sorry. Don't have time or inclination to handhold. Others might be more generous :)
costre
the basic principle of working with computers http://xkcd.com/ :D
amn
so where can i find the help ?
dr|z3d
What platform are you on?
amn
windows but i have ubuntu too
dr|z3d
Well, if you have ubuntu handy, from a terminal: man tor
Otherwise, the site has the manual. Use the force, you'll find it!
amn
SwissTorExit:where i must enable this function ? "StrictExitNodes"
dr|z3d
amn: All goes in your torrc.
SwissTorExit
look the manual, that's explain how must the format of the ip or fps
dr|z3d
amn: add each directive on a new line.
And make sure Tor's not running when you save your torrc, or your changes won't stick.
Sebastian
ilter: It's a tradeoff
amn
dr | z3d: wich directive i need to use for my case ? MapAddress or StrictExitNodes ?
Sebastian
ilter: the idea is that "screwed once, always screwed" is true. Which means that if you keep choosing new guards, you will - in a not-so-long time - definitely make a bad circuit.
dr|z3d
amn: Up to you.. if you only need access to a site or two from a given country, mapaddress.
Sebastian
So while most of your connections are anonymous, some aren't, and that's enough to identify you. This might not be exactly your threat model, but it is a huge problem with hidden services, for example.
dr|z3d
If, on the other hand, you're happy to compromise your anonymity in favor of looking like you're always in the US< for example, then ExitNodes and Strict.. is what you'd use.
Nowwithstanding that, if you're using Tor to circumvent national blocks on televisual content, you might be better finding an alternative to Tor (it's slow).
ilter
Sebastian: Hmm.. Yes it looks like a tradeoff but i need to investigate it statistically .. Because i've suspicion which is better.
         

Sebastian
ilter: great
I'd suggest you read the papers
they have some of your math already done :)
ilter
Sebastian: Wright's papers?
Sebastian
I thought about http://www.onion-router.net/Publications/locating-hidden-servers.pdf, too
amn
dr|z3d: lol that's what i'm looking for, proxies are slow too, so any other solution ?
dr|z3d
amn: Other than a shell or vps in the desired country? No. Proxies are it, but I'd recommend 1 hop proxies, not Tor's 3 :)
ilter
Sebastian: Thanks. I'll read it also for this issue. Now i'm re-reading Snader's paper, A Tune-up for Tor.
hololeap
Hi. Quick question:
I downloaded the latest svn of TorCtl and I keep getting errors like
StreamHandler instance has no attribute 'imm_jobs'
what is the latest stable version of TorCtl and where can I get it?
Also has anyone attempted to write a Tor controller library in Ruby?
Sebastian
I'm unaware of a ruby Tor controller
https://svn.torproject.org/cgi-bin/viewvc.cgi/torctl/branches/stable/ should be the stable branch of torctl
mikeperry: how maintained is that?
What should people use?
hololeap
That seems to work so far. Thank you
Sebastian
sure
hololeap
actually...
AttributeError: GeoIPRouter instance has no attribute 'continent'
Sebastian
ok. Please file a bug on bugs.torproject.org with all your torctl problems, and I'll assign it to mikeperry. Looks like he's out currentl.
currently*
hololeap
ok
Sebastian
I've signed up mike for notifications
please add your issue with trunk also
mikeperry
what's the bug number? can you please attach a code sample to it?
because GeoIPRouter should have a continent instance unless you're somehow not calling its constructor
hololeap: ^^
Sebastian
1343
hololeap
yeah, 1343, sorry
here is the controller script I was using: http://pastebin.com/J20euagT
mikeperry
can you use the actual bug'
bug's attachments tab instead of pastebin?
pastebin often bans tor and we also can't control how long the pastes last
we as in me and the other tor developers
hololeap
ok done
atagar
heloleap, mikeperry: looks like the GeoIPRouter doesn't set the content parameter if the country_code is None or get_content of it is None (usually it's a bad idea to make the existance of an object's parameters conditional in this fashion - pylint highlights these issues btw)
oops, s/heloleap/hololeap
comment added to ticket
nsa
or: [tor/maint-0.2.1] 2010-04-04 01:53:29 Roger Dingledine <arma@torproject.org>: fetch relay descriptors from v3 authorities
or: [tor/master] 2010-04-04 01:53:29 Roger Dingledine <arma@torproject.org>: fetch relay descriptors from v3 authorities
or: [tor/master] 2010-04-04 02:05:02 Roger Dingledine <arma@torproject.org>: Merge branch 'maint-0.2.1'
or: [tor/master] 2010-03-16 04:44:30 Roger Dingledine <arma@torproject.org>: give us a blurb; add stanza to the releasenotes
or: [tor/master] 2010-03-15 22:08:29 Roger Dingledine <arma@torproject.org>: bump to 0.2.1.25
ryanc
I'm trying to SSH via tor and it's timing on like a dozen different exit nodes. Any idea why this might be?
er, timing out
dr|z3d
ryanc: set a higher timeout in your client, perhaps?
ryanc
it's 15 i'll try 30 i suppose
atagar
ryanc: you're using screen, right? - sorry if it's too obvious but seemed good to check :)
ryanc
We tried for 15 seconds to connect to '[scrubbed]' using exit REMOVED. Retrying on a new circuit.
dr|z3d
Ah..
Your Tor timeouts.. way too low.
Default is 60, remember.. for good reason!
ryanc
I don't think I changed the default
but I think it may be that I am using an old version
I have v0.2.0.34
anyway, how do i change the timeout?
dr|z3d
Well, someone did. 15 seconds is very low for circuit timeouts.
Look in your torrc.. you should see 15 featured therein.
ryanc
nope
grep 15 torrc returns nothing
dr|z3d
Urf. Odd.
grep for timeout ?
atagar
that's an outdated version of tor (to an extent that it'll have difficulty getting a consensus), right?
dr|z3d
It will before none too long, atagar.. should be ok for the next few days, I think.
ryanc
no timeout in the torrc
(Action) adds the tor apt repo
dr|z3d
Yeah, I'd update that now and see what happens, ryanc..
ryanc
it's still saying timeout after 15 seconds after adding sircuitbuildtimeout 60 to the torrc
dr|z3d
I'd also move your current torrc and let Tor make a new one.
ryanc
deb.torproject.org is slow
apt is hanging
Hamra
good morning everyone
i am quite surprised by what installing an anonmizer led me to today :D my ISP hides me behind a NAT, gives an ip of 172.*.*.*, and the whole town share the same external IP
yet.... tor was able to allow me having a service, a web server, that can be reached by the outside world
dr|z3d
Wow. That's um creative use of ipspace, Hamra!
Hamra
can anyone explain, in a bit simple terms... how can this happen? seeing there's no way any incoming connection can happen?
ryanc
i'm pretty sure tor can do nat hole punching
so i have tor 0.2.1.25 now and it's still giving me those error messages
We tried for 15 seconds to connect to '[scrubbed]' using exit REMOVED. Retrying on a new circuit.
no ideas?
dr|z3d
ryanc: Did you try a new torrc?
ie, moving your existing one to another location and letting Tor create a new one? (for test)
Neeraj
hi Sebastian
i have downloaded the torflow directory through svn
at C:\Documents and Settings\neeraj\Desktop\torflow location
i have python 2.6 installed on my comp
now can you please tell me how to use pydoc to read the documentations?
as described on https://svn.torproject.org/svn/torflow/trunk/README
dr|z3d
Neeraj: google: howto use pydoc
atagar
Neeraj: in cmd go to the TorCtl directory, run python, run "import TorCtl" then "help(TorCtl)" (or whatever file you want)
(or just read the source - it's right there)
dr|z3d
atagar: Reading's overrated :P
</tongue in cheek>
Neeraj
ok
ryanc
dr|z3d yeah no luck
dr|z3d
ryanc: Then you need to hunt down the maxbuildtime directive and increase that, perhaps?
MaxCircuitBuildTime?
ryanc
it's just circuit build time
er
CircuitBuildTimeout
dr|z3d
Right. Try giving that say 120
ryanc
still give the 15 second messages :(
dr|z3d
OK.. CircuitBuildTimeout & CircuitIdleTimeout & CircuitStreamTimeout
Try playing with those 3.
1min/1hr/0 are defaults.
http://www.torproject.org/tor-manual.html.en
I can't see anything other than the first having any bearing here... hmm.
Ok, try allocating port 23 for LongLivedPorts
ryanc
ssh is port 22
dr|z3d
Yup, that one!
ryanc
it's in there by default
dr|z3d
(Action) reboots his brain.
Ok, let's go the opposite route. Try excluding that port..
Counterintuitive, maybe, but let's try it!
ryanc
hm
well i have been trying on both 22 and 443
and hmm. a different ssh server works
dr|z3d
Ah., more info..
So perhaps the timeout on the server is set too low?
ryanc
I donno.
dr|z3d
That's my guess, if otherwise you're connecting fine to other servers.
The only thing that troubles me is the 15 second build timeout you're seeing in your logs.
What version/platform are you on?
costre
Hey, the bandwidth of my Tor is growing ... it has reached 1 MB / hour both up and down :)
Still not very much
dr|z3d
costre: How long has your node been up? Is it a bridge?
costre
it has been up for two weeks perhaps, and it is a bridge
ten days'
dr|z3d
Well, either your bridge hasn't been propogated yet via the Tor bridge channels, or it's been blocked by China. Either might cause the lack of traffic.
costre
I have had "9-16" connections from China, and it got from 1-8 to 9-16 just yesterday
dr|z3d
Not a whole bunch.
costre
Doesn't really matter, i'll just leave it running
Sebastian_
ryanc: hey
ryanc: Did you modify your torrc in any way from default?
dr|z3d
Sebastian_: He did, and then we tried a default torrc, at least I think we did.
Sebastian_
costre: great! It might become a lot more busy quickly, or maybe it was blocked very quickly. Hard to tell.
dr|z3d: yeah I read that, but it seems to me he made some modifications to that new torrc.
dr|z3d
Maybe.. I was _trying_ to get him to run vanilla! Who knows, though? :)
Maybe he's a pecan nut man to the core!
Sebastian_
costre: but even if you only get little traffic, that helps someone
costre
Sebastian_, I know :) Also, if I reboot and get a new IP, how does that effect the connections?
dr|z3d
One other thing to consider, if it's possible, costre, is an ip switch.. that generally throws off the Chinese blocks.. some have even suggested a port change might achieve the same.
Something to play with, perhaps.
Sebastian_
costre: it means you'll start out without anyone knowing you again
that means if you weren't blocked, that's not so great
if you in fact were blocked some people might now be able to connect again.
In general, getting a new ip isn't so bad, as long as you don't do that very often.
costre
exactly .. also, I checked it's only been up for five days :) Being home over Easter throws of your grip of time
dr|z3d
He's been up 10 days and isn't seeing any significant traffic.. if I had to hazard a guess, I'd say he is being blocked, but it might be worth waiting a while until traffic moves one way or the other.
Sebastian_
well, maybe the brdige is simply in the unannounced set
dr|z3d
Well, indeed.. suggested that :)
Except, if it isn't, how are the Chinese learning about its existence?
(the few Chinese that happen to be using it, that is)
costre
dr|z3d, That can be my fault :) I was impatient so I joined #ubuntu-ch on freenode and gave the bridge address to a chinese guy. That can explain things, both ways so to speak :)
dr|z3d
Ah..
Another piece to the puzzle. :)
Generally we don't recommend you attempt to propogate your brige details yoursself, except to trusted parties. :)
Sebastian_
well, trying to do so isn't so bad
costre
I realized that shortly afterward
« prev 1 2 3 next »