logs archiveIRC Archive / Oftc / #tor / 2015 / October / 14 / 1
meejah
i do not believe you get STREAM events for rendevouz connects on the service side. but, could be wrong ...
flinga
Hi all
Im curious about using tor with irc. But its my understanding that many servers block tor?
tacky
fling: yup, most irc networks block tor users, and the few exceptions generally require specific conditions which catastrophically degrade anonymity anyway, often blocking it completely as well at random intervals. welcome to the crippled functionality of tor.
thorazine
fling: there are hidden service irc networks not available without tor
fling: but they generally don't advertise themselves
xcelq
yeah you have to find them on reddit
cary-elv1s
i want to run a relay. here's the lines i changed in the conf. http://pastebin.com/73RikgCe ok?
torQUES
Oct 14 03:30:04.000 [warn] Got headers "CONNECT www.google.com:443 HTTP/1.1\r\nHost: www.google.com:443\r\nProxy-Connection: Keep-Alive\r\n\r\n" with unknown command. Closing.
wtf?
mid-relay run in background - no info log - dunno what's happen
JamesTK
Hmm, so, appears there is a bug in sandbox.c where it is including bits/signum.h (BAD) which is causing the build to fail on musl.
worthy of a bug report?
https://gitweb.torproject.org/tor.git/tree/src/common/sandbox.c#n51 :|
torQUES
for windows users: disable all NetBios ports in firewall - I caught suspect NetBios traffic from 192.168.100.255 thru port 137 (unknown sender wanted to grab the machine hostname and other data)
         

l0rdkermit
tor arm display in terminal goes wonky after a day or so... any idea why?
Onepamopa
can someone tell me how to run tor with a specific exit node IP address ? I've tried with a few but no luck. For some reason specifying country, let's say {de} works, but not specifying an IP.
SnowyNight
Onepamopa
SnowyNight, yes, already figured it out, turns out I had to put fingerprint id's, not actual IPs @ the config
btw, can "ExitNodes fpid" be provided via the command line (not config)?
j0int
hello how get foxyproxy blacklist... why does not work I mean
GeKo
j0int: you are in the wrong channeel. try #foxyproxy on irc.mozilla.org
j0int
ok
slackie
(Action) hi there \o
troulouliou_div2
hi is there a tor option to onmy build a circuit when needed ?
chie
https://tor.stackexchange.com/questions/8819/how-to-mitigate-layer-7-attacks-on-hidden-services ?
velope
any sort of firewalling that restricts use of tor relays is a risk to anonymity, of either the server or of clients
if you want to protect against misbehaving clients, do it entirely at the server/application layer, as though tor were not being used
chie
velope: how if you can't distinguish between them?
velope
i bet you can
or imagine overall limits and restrictions that will be no more than minor inconvenience to well-behaved connections
wadley
scrams?
nicoo
chie: It's hard to answer in the abstract. Also, I'm getting the impression you are concerned about DoS, but that's not entirely clear; is it the case?
chie
velope: even with client authentication, there is still attack surface
nicoo: yes that's the case
cacahuatl
Again
octon
things
nicoo
chie: Ok. That's kinda iffy, then, because there isn't too much you can do pre-authentication. Post-auth, you can impose restrictions as velope suggested, but that won't help a whole lot if the authentication part is ressource-intensive.
(Though if it is, there is probably a problem somewhere ...)
chie
this looks like some kind of design flaw ;-)
         

dwaye
I want to download something I can get clicking on a torified webpage over tor. What is the command name?
I can use wget but it is not torified on Tails.
zandi
dwaye: try the 'torify' command?
xcelq
or tor?
dwaye
It is very slow. Is it an good idea?
xcelq
if you contribute bandwidth back yes
zandi
I'm not sure, does torify somehow send DNS requests over tor? or do you have to worry about things leaking?
xcelq
yeah you do
you have to use tor properly
wgreenhouse
zandi: torify in recent versions is a wrapper on torsocks, which does gethostbyname(3) over Tor (domain is resolved at the exit)
it tries to block other DNS requests but may not be successful depeneding on the program
*depending
torify/torsocks isn't magic, it just rewrites some C standard library functions to its own
which means it can miss things, especially if you have a statically linked program or one whose basic networking stuff isn't written in C
zandi
yeah, makes sense.
dwaye
Who here think torify may leak?
wgreenhouse
dwaye: I just explained how and why it may.
on TAILS it won't because of the other layers of TAILS, specifically the iptables rules
which reject all outgoing non-Tor except from clearnet user
dwaye
What you told is not totally true because it may really fail at blocking non-tor request and some commands are not toriefied yet.
wgreenhouse
dwaye: okay, I'm losing interest, because it appears that nothing other people tell you affects what you want to say. Good luck. :)
« prev next »