logs archiveIRC Archive / Oftc / #tor / 2015 / July / 13 / 1
CrF
is there any good and free anonymous mailing list?
kernelcorn
not as far as I know
CrF
hmmm how about a bad and free one?
kernelcorn
?
oh
do you want to make your own mailing list?
CrF
yes
arctictelecom
I have a question for everyone in here. I run an IRC server and would like to configure it to block all incoming tor connections. Is there a way for me to configure my IRCD for this purpose?
cacahuatl
Blacklisting can never go wrong, but you can use something like https://www.torproject.org/projects/tordnsel.html.en or there are other tools you can use to construct your own list from the consensus data
arctictelecom
cacahuatl: I would like to blacklist all incoming connections, as opposed to allowing only a select few. Is there something I can add to my IRCD for that?
cacahuatl
You could not run it and that would stop all incoming connections?
         

velope
the question you need the answer to is, which tor exit node IPs permit user connections to the IPs/ports of your server
tordnsel provides that answer
arctictelecom
For me to execute that dig command, where do I type my IP address?
algorythm
man dig
velope
that web page does just say it
for a webbish thing, you might like https://check.torproject.org/cgi-bin/TorBulkExitList.py
usage example -- https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=64.251.14.80&port=25
cacahuatl
Don't packetfilter what you don't understand
arctictelecom
This is my output from running that command: http://pastebin.com/yep4LVwQ ... does that look right?
cacahuatl
I can't tell, pastebin is blacklisting tor ;)
arctictelecom
Hmmm, anywhere else I can paste this?
cacahuatl
paste.debian.net is normally fine
arctictelecom
algorythm
IT WORKS
velope
yep, your caps lock key is fine
cacahuatl
yes, that looks like it should if the the specified IP can't exit to you.
arctictelecom
Ok, so the three addresses I see in the authority section are the ones I would need to blacklist in my IRCD?
cacahuatl
No, this tells you if a specific IP is possibly a connection exiting from tor
arctictelecom
I see.
cacahuatl
In that case, the answer is "no", because it didn't return 127.0.0.2 as the A record
https://gitweb.torproject.org/tordnsel.git/tree/doc/torel-design.txt#n70
VQV_Z
:0: G5@57 xrandr A45;0BL GB>1 1K; <>=8B>@ 1 8 <>=8B>@ 2 ? (screen 1 screen2)
45;0N B0: xrandr --output HDMI1 --auto --output DP1 --auto --right-of HDMI1 C <5=O :0: 1 1>;LH>9 <>=8B>@ 87 2E 45;05BAO
jquip
question: I ran a tor client via haproxy-delegate-tor chain (haproxy for round-robin) myglobalip.com still shows me my original IP ... how come??
myglobalip.com still shows my old IP??
ryonaloli_
jquip: you're not suppose to torify your system that way
you should be using the tor browser in 99% of cases
         

nemysis
hi all
Meike
hi there everybody
please would any of U reply to my question? Does FREENODE/Chat work over Tor??
uovobw
Meike: as per policy page: https://freenode.net/policy.shtml#tor
nemysis
freenode not works good with tor
Meike
*** PLEASE NOTE THAT THE tor HIDDEN SERVICE IS CURRENTLY UNAVAILABLE AND THERE IS NO SET DATE FOR ITS RETURN ***
this is why I am asking
mquin
The direct answer is 'No'. In the absense of the hidden service you can't connect to freenode using Tor
Meike
being very honest I am now a little bit confused
nemysis
The primary Tor hidden service address for freenode is s/was/is/
rootd00d_
and it is sad...
Meike
nemysis: Please what does that mean in clear text?
nemysis
not works freenode now with Tor
Meike
thank you all for your information
rootd00d_
in a similar vein... what about oftc?
Meike
OFTC works fine over TOR
mquin
nemysis
oftc works with tor, but i use only cloak here
rootd00d_
thx!
Meike
I might have a second question, sorry for that guys...
mancha
one one question for free. 2nd one costs you.
Meike
I see.... How much?
Peng
0 dogecoin
mancha
heh. 69 greek drachma!
Meike
well let me try asking first...
Why does my TOR' s "guard node" not change?
algorythm
the drachma does not exist (yet!)
weasel
Meike: that's the point of a guard.
Meike
My Whonix's Gateway is always connected to the same "guard node": Is it correct?
weasel
yes.
that's as it should be.
Meike
I see
algorythm
its not supposed to look like tor, but something else. like you are just connected with normal ssl to something random plausible not-tor.
Meike
thank you all
Peng
Meike: It will change *eventually*. Just not frequently.
rootd00d_
Meike: the theory is that if it changes very frequently, you have a greater risk of selecting a guard that "bad guys" control.
Meike
thank U again... I was just wondering if my Whonix' s GW configuration was crapped
mancha
Meike: there's been a calculation.
Meike
rootd00d_: it makes sense, but just if we R pretty sure that neither NSA or GCHQ are controlling the actual "guard node", R we?
mancha
Meike: basically, the estimation is, if you're already fu*ked, game over. but if you always change guards it's like russian roulette, one time there will be one in the chamber and you'll pull the trigger.
whereas if you stick with one, and it's clean, you always be clean, till you change.
Meike
macha.... It makes sense
I meant mancha
mancha
well, to be honest, which is preferrable depends on your assumptions (regarding percentages of tainted nodes, etc.)
algorythm
mancha: ...but the tor-client selects tor nodes within the network, its just the first node thats the guard node?
mancha
the first is the guard
algorythm
its just the fact that you are using tor that is revealed
...whatever. i think i see. my question is redundant.
mancha
no, the idea is that mallory controls the node at entry and say somewhere further downstream, they could correlate and de-anon you
it's not that they can see tor traffic, that's not so important.
algorythm
oh
Meike
mancha, sorry for my stupid question, but who is Mallory?
algorythm
tze government, the adversary, the cops
Meike
so in other terms the NSA
mancha
Meike: in crypto talk, mallory is the name of the "adversary"
alice and bob are the ones speaking confidentially
and mallory is trying to sniff their secrets.
Meike
I see.... When talking about "KPI"
mancha
sometimes "eve" is used instead of mallory.
« prev 1 2 3 4 next »