logs archiveIRC Archive / Oftc / #tor / 2015 / November / 12 / 1
xaviney
hi everyone
tooner
can a "system tor" be bound to physical interface, while non-tor apps use a tun, as in a vpn?
ncl
tooner: setting OutboundBindAddress maybe?
suelin
I can't quite parse your question, you want to route everything but Tor through a VPN?
tooner
Sorry, I'll clarify. Unfortunately, I have to use a vpn to access some web sites without tor. But I'd rather not access the tor network through the VPN.
AYaa
on that
if vpn provides that feature its just for novelty it does not provide actual security
provided by using tor itself
tjina
How can I connect Tor in China?
wtf_fcntl
tjina: You can use a bridge, which often works.
tjina
Without VPN? kv
         

tooner
sure. so far, some sites aren't blocking the IP of the vpn I'm using. But they are blocking tor exits. so I use the vpn. sigh.
tjina
Tails > VPN > Tor Bridges
wtf_fcntl
Tails doesn't support VPNs.
tjina
I can't use Tails in China?
wtf_fcntl
You can, you can use it with bridges.
tjina
Alright
Thanks for your help
All ;)
tooner
I'd like to use tor without reaching the guard via the vpn. how do I do that, short of turning off the vpn. in other words, can they coexist?
wtf_fcntl
tooner: What do you mean?
cacahuatl
They have a VPN and they want Tor not to use the VPN
thorazine
tooner: can't you just set up an iptables rule to not forward traffic from the tor daemon's user over the tun interface?
wtf_fcntl
Are you on Linux or Windows?
tooner
thorazine: maybe that's an option. i'll read up on it. I was hoping i could bind to a physical interface, if that makes sense.
linux
wtf_fcntl
:/
Well this is annoying.
tooner: I believe you can bind Tor to an interface. Check the torrc man page.
tooner
thanks. i will rtfm. :)
wtf_fcntl
OutboundBindAddress <ip>
I believe.
Dunno if that's for clients, or only exits though.
tooner
is there an orbot chan? trying to get it working on an LG3...
kernelcorn
I don't think that has an effect for clients, but that's for relays/exits
cacahuatl
#guardianproject
tooner
thanx. on oftc?
kernelcorn
yes
         

cacahuatl
yeah, here and freenode
I don't know which is more active
wtf_fcntl
kernelcorn: I thought Address was for relays/exits.
AYaa
who followed bill binney's AMA on Reddit?
kernelcorn
I saw it. https://www.reddit.com/r/IAmA/comments/3sf8xx/im_bill_binney_former_nsa_tech_director_worked/
arma
anything good?
AYaa
yeah
he keeps bring up
treasuremap
the nsa program
it's like he is basically hinting us to look at the closer
i looked at it and i can see his point
basically if you have a real time map of every ping or packet flowing across the internet
and you put together with all the other sh*t they have which is just too much to go through
you basically on god level
*your
cacahuatl
Yes, but no one is known to have that level of access.
kernelcorn
it's very difficult to build a complete map of the whole Internet, there are too many links
cacahuatl
It's known as a 'Global Passive Adversary' and it's seen as a 'worst case scenario' Eve
AYaa
if it was not for snowden we would not have thought half of this was possible
kernelcorn
it's not like traffic always goes through IXPs
AYaa
well this is what they are doing
whether it's feasible or not
the 5000 PHDs at the NSA
have decided it is
and put a lot of money into it
so let's assume
they can at least get some half ass working model
cacahuatl
Reminder: Telegram also have a team of math PhDs
(and they have NFI what they're doing)
AYaa
whatever
what that has to do with this
anyway
NSA wants or has God Level
cacahuatl
Saying they've PhDs is frivulous inforamtion and an based on Ethos. It's not meaningful in the context. They want it but they do not have it and likely couldn't have it.
Feasible in terms of computationally possible and feasible in terms of reality are totally different things.
e.g. good luck getting access to all the networks you'd need to to achieve it
Don't invoke GPA :P it's a good adversary to aim to beat but it's not real.
AYaa
of course not it would probably be running now
and they just have a %
like eyes open
SirCmpwn
is there a risk of getting MITM'd by exit nodes when using TorDNS?
AYaa
Like we have eyes on % of IP-traffic
and it would be changing probably every hour
as they get cut off old sources and get new sources
but constantly refined
cacahuatl
SirCmpwn: TorDNS? you mean the DNSPort?
SirCmpwn
yeah
AYaa
so
you can start targeting
say target tor routers
cacahuatl
Yes, the exit can say "google.com is at $EVILIP"
AYaa
it would be a very cool capability
SirCmpwn
thanks
AYaa
i would imagine this to be a big focus for them
after all they stated what the objective is
and that is to own the net
cacahuatl
DNS should never be used as a security mechanism regardless :P
Tor or otherwise
SirCmpwn
I imagine that it would also be wise to use SSL to avoid MITM from an evil exit node on normal traffic, right
well, sure
AYaa
What has been all the fuss on twitter regarding DNSSEC?
« prev 1 2 3 4 next »