logs archiveIRC Archive / Oftc / #tor / 2015 / November / 11 / 1
jamer
how does one assure DNS is done via Tor?
suelin
why are you not using Tor Browser Bundle , Amnesia, or Whonix?
jamer
Tor running as daemon, Tor Browser on its 9150 port, etc. Tails like
suelin
yeah I meant to say tails oops
jamer
all I ask is: does /etc/resolv.conf set to 127.0.0.1 ensures DNS is done through Tor exit node?
suelin
first of all resolv.conf is notorious for not staying how you would like it to, I typically chattr +i it though I think there are better solutions
but I don't necessarily know the answer to your question, why are you using an atypical configuration?
why not just use the Tor that comes with the browser bundle
wtf_fcntl
jamer: If you're using Tor Browser, it'll ensure no DNS leaks.
Even if you use a system-installed Tor.
jamer
lets take Tails as an example then
it does have Tor as daemon
and Tor Browser uses its port 9150
suelin
tails firewall rules prevent DNS leaks
         

wtf_fcntl
suelin: The browser also does.
The only time your browser will DNS leak is if it's not configured properly.
suelin
yeah I didn't mean exclusively so ^_^
wtf_fcntl
Tor Browser is configured such that it will only resolve through 127.0.0.1:9050 by default.
suelin
yeah there is a checkbox in the network configuration for remote dns
that is checked
but are you concerned about DNS leaks outside of the browser or what
jamer
of course
suelin
I think chattr +i on resolv.conf set to use 127.0.0.1 will prevent DNS leaks but I don't know if that will cause it to go through Tor
wtf_fcntl
That won't make it go though tor, and might not protect from DNS leaks either on many systems.
suelin
I've done that with VPN to prevent DNS leaks though, and additionally iptables firewall rules to only allow routing to the VPN entry nodes, and it seemed to work
wtf_fcntl
Many systems run a DNS caching proxy or another resolver on localhost, so resolv.conf is often intentionally set to 127.0.0.1 on many systems.
suelin
good to know
arma
yeah, the right thing to do is to put a firewall up, so only the tor process can talk to the network
you can use the tails firewall rules for this
_aeris_
hello #tor o/
whats the recommended way to fetch all tor nodes (with their kind guard/middle/exit if possible), minimizing threat (dns spoof, &) ?
wtf_fcntl
_aeris_: Use Tor to download the consensus file.
E.g. on Linux, start up Tor, wait for it to connect, then just look in /var/lib/tor or whatever.
_aeris_
i see this file, is there any lib to parse files ?
wtf_fcntl
I don't think so, but it's a very simple format.
arma
check out the stem library
wtf_fcntl
Oh
_aeris_
thanks arma, it works very well with stem e
wumpus
"There are explicitly no limits on line length." from tor's control-spec.txt, I'd still feel better to add a (very large) limit to my communication code to avoid memory exhaustion DoS, what's the longest line one can reasonably expect? Would, say, 64kB be enough?
(context is creating a hidden service using ephermal API, so long lines are to be expected for key data)
ok made the limit 100000 for now, should be enough for key sizes for the forseeable future :-)
olopocram
Hello
Today I noticed that when loading tor, on the small window that says "Connection to the Tor network", I get a yellow triangle with an exclamation mark on the "open settings" button. Does anyone have any idea what that means?
I tried clicking on it, and got something pasted to my clipboard, things like: WARN] Your Guard WorldOfTorcraft ($0876.............................) is failing an extremely large amount of circuits. This could indicate a route manipulation attack, extreme network overload, or a bug. Success counts are 62/208. Use counts are 40/41. 161 circuits completed, 1 were unusable, 98 collapsed, and 1 timed out. For reference, your timeout cutoff is 60 seconds.
and: [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
and few other things. But the client did connect several times. Then I tried opening and closing it again and got this message: Something Went Wrong!
Tor is not working in this browser
then closed it and open again. same "something went wrong" error. Then restarted it again and it works
and now it stopped showing this yellow triangle. Is my tor compromised? Is this error known?
         

Sweet
gucci
Tregarious
Are there any advantages to using the Tor socks proxy in a regular browser?
marcusw
Tregarious: yes, if you're careful
but most people can't be careful, so it's better to use tbb
Tregarious
marcusw, I am certainly paranoid enough to learn to be careful :-)
marcusw
if you're that paranoid, definitely just use the browser bundle
Tregarious
I run my irc client through tor and then through a shell in many cases, I was just wondering about the advantages of using the socks proxy in a regular web browser. I've gathered that it hides my IP but does it do more?
And yes, anything more than casual browsing I use the browser bundle
marcusw
it really just hides your IP
the only difference between that and a standard proxy is that there shouldn't be any proxy logs for anyone to get their hands on
olopocram
Is there a simple way to run irc client through tor?
Tregarious
marcusw, I figured thanks. Of course, if I'm leaving a Tor IP on websites that I identify with (ie Facebook) it could be a bad idea
olopocram, depends on your client but yes it's pretty straight forward
marcusw
that's definitely a bad idea, for most threat models
Tregarious
marcusw, thanks. Didn't think that one through :-)
olopocram
hexchat is my client
marcusw
and it's compounded by the fact that those fb buttons are on like every site ever
olopocram
I one saw a length page that explains how to torify irc clients, but it looked like only pros can do it.
marcusw
so even if you don't load facebook.com, you're still fu*ked unless your cache+cookies+entire browser state is cleared
not to mention browser fingerprinting (which tbb tries to mitigate)
olopocram
why not use facebook without tor, and using other sites through tor?
marcusw
olopocram: you basically have to use separate browsers
and if you're gonna use separate browsers, one of them might as well be tbb...
olopocram
yeah, that's not that bad
yeah, that's what I meant
using tbb to surf the net, and using a regular one with sites where you identify yourself in
marcusw
every time someone logs into fb from tbb without hitting new identity before and after, a baby exotic animal dies
yeah, that works
olopocram
So where can I learn how to torify my irc client easily?
marcusw
https://anonops.com/xchat.html
also make sure to change your nick and uname, disable ctcp and dcc, and never talk/part/join at the same time as you do in a non-tor client
also adjust your writing style and vocabulary a bit for each identity
olopocram
Hmmm looks pretty easy. I'm going to try it
"never talk/part/join at the same time as you do in a non-tor client" - So if I'm going to close the computer first close one client, then wait few seconds and then close the next one?
marcusw
hmmm, nah, that's not good enough
olopocram
So what then? few minutes?
I can probably also torify a portable hexchat, right?
marcusw
maybe a few hours, and sometimes only connect one of them
most people who do this use bouncers
problem is, if someone notices two different clients always connect and disconnect at about the same time
or two different nicks are always talking about the same time
and one of them is on tor, and one of them isn't...
olopocram
Why few hours? How can people link the two users if they're on dif. channels/servers and join/part with few minutes between them?
marcusw
speaking anonymously is about an order of magnitude more difficult to do safely than listening anonymously
I mean, if it's just once or twice, then a few minutes is fine
but if you do it every day for a month...
olopocram
Yeah, I understand now
I'm not always on irc. Just wanted to torify some instances where I go to the irc to channels like this
marcusw
I mean, there isn't really a hard and fast rule
just be aware of how things look statistically
olopocram
can one connect to oftc and freenode with a torified irc client? Or will they kick him?
1 2 3 next »