logs archiveIRC Archive / Oftc / #tor / 2015 / October / 26 / 1
JesusMcCloud
could it be that I am missing the correct event type in SETEVENTS?
Hi! I'm still trying to listen for a controller event, which tells me that my published hidden service has become available. However, I'm only ever receiving HSSI_CONNECTING and HSSI_ESTABLISEHD HS_STATEs. I am on Tor v0.2.6. I went through the Tor control protocol specs and tried all sorts of event types in SETEVENTS to no avail. I am currently simply listening for an INFO message containing "uploading rendezvous
descriptor", which (to me) seems just plain dirty.
DonnchaC
JesusMcCloud: Your looking for "SETEVENTS HS_DESC"
you'll get a "HS_DESC UPLOADED" event when the descriptor has uploaded
You'll need Tor > 0.2.7.1 IIRC
arma
donnchac: thanks for helping!
JesusMcCloud
DonnchaC, thanks! I guess I'll have to wait for the stable 0.2.7 release
QuasAtWork
can anything be done about https not working through bridges if you have a resigning firewall?
anything http, fine, anything https just gives "unable to connect".
qwerty1
QuasAtWork: use of a bridge or presence of a firewall should have no effect on https vs http
if tor works, it works, if it doesn't it doesn't
QuasAtWork
that's the effect I see, however.
w/o a bridge I cannot use it at all; with one, only http sites work.
qwerty1
there's no mechanism i can imagine that would cause that
QuasAtWork
cannot even get to the check.torproject.org site
         

qwerty1
try a different circuit
or new identity
probably just a bad exit
so note down which exit is is first
click the onion
QuasAtWork
neither new identity nor new circuit makes any difference
I've been trying to work around this for a long time, no luck
qwerty1
might be your malware then
boot tails and try that
QuasAtWork
it only started when https inspection was enabled on the firewall.
qwerty1
hm
try an obfs4 bridge instead of a vanilla one
QuasAtWork
that's what I'm using
qwerty1
sounds like you're using a vanilla bridge?
oic
QuasAtWork
unless you mean requesting one
qwerty1
yes, request a new one from https://bridges.torproject.org
write down the bridges it gives you
try them in tails
do you think the malware might go as far as tampering with the bridges shown to you?
QuasAtWork
I am not aware of any malware
qwerty1
are you using windows?
QuasAtWork
because it's not an option here, yes.
qwerty1
are you able to boot tails?
or other linux livecd/usb/dvd
QuasAtWork
probably could but would have to burn the DVD at home, don't have any here
qwerty1
that might be best
lots of places sell blank dvds
QuasAtWork
I have a stack ;)
qwerty1
ok good
QuasAtWork
nah I got it
it's Kaspersky AV.
file that in the malware department I guess
:>
infinity0
anyone else getting "Your Guard XXX is failing a very large amount of circuits."
vox__
ok, tor is driving me insane. it's making absurd claims that cannot possibly be true
specifically, I have a hidden service directory set up at /opt/hidser, set to mode 0700, owned by the user and group toranon
configured in torrc
/opt is a normal directory in the / filesystem, NOT a mounted fs of its own
         

saper
okay
vox__
when I do sudo -u toranon touch /opt/hidser/foobar
I can write to the directory just fine
and yet
when I start the service, I get "Couldn't open "/opt/hidser/private_key.tmp" (/opt/hidser/private_key) for writing: Read-only file system"
saper
that's probably not a tor's fault.
any docker in the way?
vox__
no, this is a stock fedora 22 host, selinux has been set to permissive
saper
how is the tor daemon launched?
vox__
via systemd, the stock tor.service provided by the distro
cacahuatl
I'm betting it's SELinux even if set to permissive.
saper
very probable, yes
vox__
unlikely, there are NO avc alerts whatsoever
cacahuatl
Tried it with SELinux disabled entirely, eg, switch off from the boot cmdline?
vox__
no but I'll give it a shot
saper
vox__: try ls -Z to see selinux labels
but SELINUX=disabled is recommended just to identify the faulty component
cacahuatl
SEL is a lot of messing about and complex configuration for protection that's very fragile to certain vectors.
saper
also check audit.log or /var/log/messages
lemimi
hiya!
how do one connect to otfc via tor?
Ubik
using an IRC client :)
vox__
same error after disabling selinux and rebooting
cacahuatl
lemimi: Set your client to use Tor's SOCKSPort as it's chosen proxy
Ubik
I think you can just hit irc.oftc.net, there was a hidden service once upon a time but I don't think it's there anymore.
exactly
lemimi
Closing Link: torland1-this.is.a.tor.exit.server.torland.is (No more connections permitted from your host)
vox__
and ls -Z shows "unconfined_u:object_r:usr_t:s0 hidser"
Ubik
lemimi: Yeah, need a new circuit.
Probably already too many users connected via that exit node
cacahuatl
lemimi: It's probably been blocked, unfortunately selfish people abuse Tor and to stop the abuse of other users they have to stop connections from the Tor network.
See: Tragedy of the Commons
lemimi
Ubik: so keep retrying until one works?
Ubik
lemimi: Yeah, if it's not blocked as cacahuatl said. I'd think *that* error (no more connections permitted) means it's hit a session limit. Blocked ones I'd think would say they're banned.
That or cyberanger broke it somehow.
cacahuatl
No, when they stop Tor entirely you get that "no more connections" error
Ubik
interesting
(Action) hasn't seen that one before, although I don't connect here via Tor much, so it could very well be.
cacahuatl
vox__ it's a very strange error to see, but my experience with SELinux (the one time I thought it might be worthwhile trying to use it) even "disabling" it left traces of it's fail all over the place.
saper
vox__: what does "mount" say?
vox__
saper: http://pastie.org/private/pfwwssqydoj6do7fpt1m5w
saper: not a single ro moun tto be seen
f it, guess I'll spin up freebsd and try there instead
cacahuatl
vox__ you're probably better poking at redhat support/forums
Since it's probably related to the operating system it's trying to run on, normally you don't stick tor in /opt/ and run it under another user, at least not with the default systemd service file
« prev 1 2 next »