logs archiveIRC Archive / Oftc / #tor / 2010 / June / 20 / 1
ilter
But i think middle can't send EXTEND. Because an exit can't send CREATE to another node.
Yes middle can get EXTEND but it seems it can't send an EXTEND cell.
nickm
Well, "can't" is wrong in both of those.
There is nothing stopping a client from building a 4-hop or a 5-hop circuit.
ilter
Oops of course but as i told i assume that the exact number of nodes in a circuit is 3.
nickm
Well, that's not true either. Sometimes when clients need a circuit to go to some particular destination quickly, and they won't be used for much data, clients will choose an existing _unused_ 3-hop circuit , and extend it to a chosen exit. This could happen for (say) sending an introduce cell to start a connection to a hidden service.
ilter
But i think this is not a usual behaviour.
nickm
Also, when a client is using a bridge, I believe we once planned that it could choose a 4-hop circuit rather than a 3-hop circuit, although I am not sure whether we kept that design.
ilter: You said, "middle can't send an EXTEND cell", not "middle usually won't send an EXTEND cell" :)
ilter
:) Yes you're right. So I'm changing my words to "middle usually won't send an EXTEND cell".
That time we need to find cell which is prepared to send to next hop. If it's extend we can usually say this Tor process is used as a Guard.
I think the function is note_request to find prepared cell which will be send.
nickm
"Extend" is a relay command. You can't tell what the "relay command" of a relay cell is unless you are the node handling that cell. The relay command is in the encrypted part of the relay cell.
ilter
nickm: Do you have any suggest to find the location of my tor process on the it's current circuits' paths?
         

nickm
why would you want to do that?
ilter
nickm: To understand attack which is developed by Bauer et al.
nickm
There are at two Bauers who work in anonymity, at least one of whom has developed multiple attacks. I'll assume you mean "Low-Resource Routing Attacks Against Tor" by Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker.
ilter
nickm: Yes i mean it.
nickm
You don't actually need that for this attack. The point of the attack is to get as many circuits as you can to go through an entry and exit that you control, and then to deduce when your entry and your exit are on the same circuit based only on the timing of the circuit setup. You don't need to know whether you're entry or exit on any particular circuit.
Suppose you have node N1 that's the entry, and node N3 that's the exit.
You'll look for circuits C1 on N1 and C3 on N3 such that:
C1 was created shortly before N3.
*before C3
ilter
Yes i know it but the paper says that some logs are needed.
nickm
And, the second _outgoing_ relay cell received on C1 was received just a little before C3 was created on N3, and the second _incoming_ relay cell on C1 was received just after the CREATED cell was sent for C3 by N3.
ilter
And it says first of all location of a Tor process on the current circuit's path is needed.
But i think there are so many overlap times for all circuit setup. So it also needs some additional logs except timestamps.
nickm
I don't believe the position is actually necessary.
But you could guess that you are the guard if you get a connection from somebody who isn't on the server list
and you could guess that you're the exit if they actually exit from you
ilter
Yes but that time i'll need extra scripts.
BarkerJr
is there a mirror feed?
nsa
or: [Tor Bug Tracker & Wiki] #1571 was updated: #1571: broken exit node - http://trac.torproject.org/projects/tor/ticket/1571#comment:1
or: Changes (by phobos):
or: * status: new => closed
or: * resolution: => fixed
or: [...]
or: [Tor Bug Tracker & Wiki] #1569 was updated: #1569: 0.2.1.20: "ORPort found reachable, but I have no routerinfo yet" - http://trac.torproject.org/projects/tor/ticket/1569#comment:2
or: Changes (by phobos):
or: * status: new => closed
or: * resolution: => invalid
or: [...]
or: [Tor Bug Tracker & Wiki] #1563 was updated: #1563: OS X 10.6.x users report vidalia bundle has incorrect pathing - http://trac.torproject.org/projects/tor/ticket/1563#comment:4
or: Changes (by phobos):
or: * status: new => closed
or: * resolution: => worksforme
or: [Tor Bug Tracker & Wiki] #1534 was updated: #1534: Private IP Address - http://trac.torproject.org/projects/tor/ticket/1534#comment:2
or: Changes (by phobos):
or: * status: new => closed
or: * resolution: => worksforme
or: [Tor Bug Tracker & Wiki] #1572 filed by phobos: #1572: polipo crash in latest os x - http://trac.torproject.org/projects/tor/ticket/1572
or: OS Version: 10.4.11 (Build 8S2167)
or: Report Version: 4
or: Command: polipo
or: Path: /Applications/Vidalia.app/Contents/MacOS/polipo
or: Parent: Vidalia [5714][...]
or: [Tor Bug Tracker & Wiki] #1572 was updated: #1572: polipo crash in latest os x - http://trac.torproject.org/projects/tor/ticket/1572#comment:1
or: Changes (by phobos):
or: * status: new => accepted
or: [...]
BarkerJr
I was thinking in might be cool to make a mirror pool or redirectors, but I'd need a list of mirrors for that
phobos
http://qmail.org/mirror-sw.html I thought about using that
the list of mirrors is in the perl script itself
m3ga
anyone have the tor logo as an SVG file? i googled but nothing showed up.
subbie3
is anyone finding the onion forum a pain in the arse, it keeps timing out
Sebastian
its hidden service is unavailable currently
subbie3
@Sebastian last couple of days it has been offline, dosen't look like the mod has cleaned it up either
yan
having some funny problems with getting a hidden service working... tor will start, won't complain of anything but service (torchat) is unreachable. anybody else have this problem?
my time zone was set differently at boot, i set it to the correct zone, didn't clear up the issue
nsa
or: [Tor Bug Tracker & Wiki] #1573 filed by bee: #1573: duplicated filters in HTTPS everywhere - http://trac.torproject.org/projects/tor/ticket/1573
or: Hi!!!!!!!!
or: This is a very minor bug, yeah, it's not even a bug actually!!!!!!
or: There are two duplicated filters!!! and it doesn't make sense to me!!!
or: [...]
or: pootle committed revision 22521 (/translation/trunk/projects/website): updated files from pootle
         

swissknife
.. /usr/local is out on many systems, all goes to /usr and subdirs..
kaner
swissknife: was that a comment on the discussion in #tor-dev?
belod
hello everyone
I have a noob q, I installed the vidalia bundle on MacOSX10.5 Tiger, but the vidalia applicationa can't find the tor executable
do you know where should I look for it?
this is the error message -n http://img535.imageshack.us/img535/3531/picture2iu.png
Runa
swissknife
kaner: yes :)
belod
Runa: yes, unfortunately information I'm looking for is not there
kaner
swissknife: thought so. thanks
belod
Runa: reading the documentation it looks everything should work automatically but on my system it's not...
Runa
belod: what if you search for tor?
belod: does vidalia say anything about the location of tor?
belod
Runa: nope, but I believe that it's in the Vidalia.app bundle
Runa
belod: hm, and you installed tor as described on the website?
belod
Rune: yeah, inside the Vidalia.app there is: Vidalia, tor, tor-gencert, polipo, tor-checkkey, tor-resolve
Runa
ok
I don't run os x, so I'm afraid I can't help you any further :/
belod
Rune: yeah, drag&drop 2 application folder is the "installation"
Rune: well, thanks anyways
phobos
belod: did you have tor installed previously?
belod
I'm affraid I've experimented with the notbundled version of Vidalia before...
phobos: I'm affraid I've experimented with the notbundled version of Vidalia before...
phobos
don't be afraid ;)
ok
there's an open bug on this exact issue, but trying to figure out why it happens has been difficult, since no one can recreate it
belod
phobos: :)
phobos: I've tried to delete the ~/Library/Vidalia folder and reinstall the bundle...didn't help
phobos
do you have a ~/.vidalia?
belod
phobos: nope
phobos: nothing in /Library either...
phobos
hmm
when you drag and drop to /Applications, and start vidalia, in the settings, what are the paths to tor and the proxy?
tor should be /Applications/Vidalia.app/Contents/MacOS/tor
and the proxy should be /Applications/Vidalia.app/Contents/MacOS/polipo
with proxy args: -c /Applications/Vidalia.app/Contents/Resources/polipo.conf
belod
phobos: well, let me set that up
phobos: sh*te
phobos: it's working now
phobos: even without setting anything
phobos: hmmm
connected *yay :)
phobos
odd
belod
yeah
phobos
and therein lies the problem, recreating the situation fails
belod
I'm browsing thru terminal and only thing I rm'ed was the ~/Library/Vidalia
anyways, thank you very much phobos
:D
phobos
sure
enki
can anyone remind me of the term used to describe running a Tor relay on the same machine as your webserver so that Tor circuits will be automatically extended to your node and exit at localhost?
swissknife
why does Tor "cannibalizing circ" ? that is extending a 3-hop circ to a 4-hop circ and using the exit-node as a middle-hop?
is it only for speed? but it loads the exit-node with more traffic ?
velope
swissknife: i believe it's when a specific exit node is required (for hidden services, for .exit, for TrackHostExits), and
tor extends an existing circuit to that exit instead of building an entirely new 3-hop circuit.
swissknife
velope: (sorry a bit late but had to do some work between) . here is a part of a log, the second block got extendend to {ca} "
and thats a normal circ, no HS.
velope
swissknife: are you using the ExcludeExitNodes option in your torrc?
swissknife
velope: i do, but with some codechange to make it work, else it is broken..
velope
i have seen similar log output, but not exactly what you posted.
my guess is that you are just seeing another instance of the several complicated ways that the ExcludeNodes and StrictNodes options are broken.
swissknife
velope: i added some log_warn code to get a better picture whats going on..
But in general i do not see a good reason why to burden an exit-node with more traffic..
velope
i believe it's a trade-off between that 'burden' and the network cost of building an entirely new circuit.
(plus the delay at the client)
swissknife
velope: agree, thats the only reason i can imagine or just speedup for the user.
velope
it seems to me that the circuit-extension behavior is likely to be changed.
as for ExcludeNodes and StrictNodes,
the developers are aware of the issue, but it's low-priority for them.
sorry,
i meant *unlikely* to be changed.
swissknife
velope: but it is security-problem if you work on a circ where the entry-node and exit-node are in the same jurisdiction..
And the "low-priority" is it is hard to fix...
velope
you don't have to convince me--i really really would like to see those features work.
yes, i believe it is hard to fix, because
there are places in the code that are not prepared to detect and handle the fact
that a node selected for a circuit is excluded by the config options.
swissknife
velope: i missused the "warn_if_last_router_excluded" function, returns a TRUE and the circ is skipped...
velope
the 'same jurisdiction' issue is somewhat mitigated by the ten-minute circuit expiration. if a circuit is exiting now in a place you don't like, pretty soon you'll be exiting to a different node anyway. of course, if you don't want to be exiting in one of those european countries with lots of exits ...
also, a workaround that i've used in the past (not with current versions) is to use ExcludeNodes instead of ExcludeExitNodes, which has worked more reliably. of course,
then you sacrifice the use of some good nodes in all circuit positions.
swissknife
velope: true.
velope
there is also the issue of disjoint anonymity sets--if some person or organization is sophisticated and determined enough to be monitoring exit traffic,
they might be able to detect that a certain portion of traffic never uses certain nodes that the majority of traffic does.
swissknife
velope: thats very unlikely. And compared to a circ where entry and exit is in the same controlable jurisdiction very rare.
velope
many design/configuration choices have the problem that choosing one way creates more vulnerability to one kind of attack, but
choosing the other way creates more vulnerability to a different kind of attack.
who knows what attacks are actually in use and how much?
swissknife
velope: " We know there are Unknowns we dont know", cited a phrse from Cainy.. :)
"Chainy"..
velope
plus, are you aware of the issue presented by the internet exchanges (IX)--if your traffic crosses between different continents (for example), there probably are a tiny number of points where traffic to or from a tor node could be monitored without being anywhere physically close to that node.
swissknife
velope: I am. The backbone.
So i used the phrase "Jurisdiction" and not Country..
kmm
ioerror: ping
how common is it for tor exit nodes to get subpoenaed?
and is it common for ISPs to maintain flow records?
beau
CALEA
atagar
kmm: abuse complaint volume depends on the open ports, having a nice notice, etc (one stat I heard was one/year) - not sure about the rest
kmm
beau: at least the wikipedia entry for CALEA doesn't say anything about flow records
atagar: are they ever subpoenaed for something other than abuse?
say someone accessed e-mail through tor
and they though they might be able to work backwards to where that person was
beau
terrorism?
atagar
kmm: in case you haven't spotted it this might answer some questions: http://www.torproject.org/eff/tor-legal-faq.html
kmm
Forbidden
You don't have permission to access /eff/legal-faq.html on this server.
beau
lol
atagar
wtf?
works just fine here
you going through a isp in, say, china, iran, australia, or some other spooky place?
« prev next »