logs archiveIRC Archive / Oftc / #tor / 2015 / July / 21 / 1
AntiMarkitoZicka
why gogle put captchas on xda that is not a gogle site?
cacahuatl
They didn't, the site owners put google's captchas there.
AntiMarkitoZicka
:O why gogle thinks they have to be on every sites?
jweiss
it's probably indirectly via cloudflare anyway
if you don't like it, try to find the link in startpage and then use their proxy option to view it
gryps
regarding hardware requirements ... does an amd athlon 64 6000+ still allows to run a 100mbps relay?
hyena
you should run an instance of tor on each core
gryps
ok ... just asking, because i could get refurbished machine for free
what i'm missing somehow is to get an overview which hardware requirements need to be statisfied for which bandwidth
hyena
also keep in mind that it may be a couple of months before you'll max out your CPU
gryps
yeah, i've seen the relay life cycle blog entry
another thing, if running an exit node, it is suggested to make it recognizable as such, e.g. by setting a reverse dns record
what should i do if i have no domain to use in a reverse record?
         

hyena
you want more than reverse DNS too - you want a SWIP for the IP block of your servers
if you're running an exit
gryps
yes, but regarding the reverse dns, i do not want to register a domain just for this purpose
does someone provide forward lookups, that can be used on reverse records for exit nodes?
hyena
registering a domain is 10 bucks for a year
cacahuatl
You don't really need a forward resolve to work to have a PTR record.
gryps
aye, but at least my isp refuses to setup the reverse if there is no matching forward record
cacahuatl
but most stuff will disregard it if the PTR(A) and A/AAAA(PTR) don't match
mags8
hi everyone
I had two questions, was hoping someone was around that could help?
cacahuatl
!ask
dpkg
If you have a question, just ask! For example: "I have a problem with ___; I'm running Tor (or TorBrowser) version ___. When I try to do ___ I get the following output ___. I expected it to do ___". Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help. You can also try asking on tor-talk@lists.torproject.org>.
mags8
I'm using Tor Browser for Windows, when i launch Tor, my ESET firewall sometimes notifies me tor.exe is trying to connect to a remote computer over port 21, FTP. I can accept or deny; I deny of course, then the next firewall popup is usually a Tor relay. I looked online but do not see anything about why Port 21 is needed.
using the latest version, 4.5.3
hyena
mags8: relays can use any port they desire for Tor
some choose to use 21
mags8
.....ok. I checked the sig. and I'm ok, so it can use any port, including 21. I'm sorry if I missed but i did not find that in the documentation, and going to a remote server over Port 21 does not instill confidence to a novice like myself to use Tor. I'm just saying.
cacahuatl
What you should understand is that a port is just a number and your firewall jumping to conclusions with scary notices about it is mostly reinforcing bad information.
mags8
very true, thanks :) another question :) If I accept it or other firewall pop-ups from tor.exe, then if i look under the onion icon top left hand corner / tor circuit for this site, should I only see the remote IP's of the servers i allowed in my firewall?
wgreenhouse
mags8: that depends what default policy your firewall starts with; for example some tor relays are offered on port 80 or 443
so if your firewall allows those by default, they might not require any special rule
mags8
my firewall rules are set to always ask me (at least for Tor.exe). So the first pop-up tends to be the IP address I later see in "Tor circuit for this site", but the next couple of ones, I can click deny and Tor still connects. Like right now, I have one pending from Tor.exe to a remote server over NON 443.
wgreenhouse
mags8: your system only directly connects to the so-called guard relay (hop #1 in the 3-hop circuit)
mags8
and when I click the first allow, I do not select "temporarily remember action for this process"
wgreenhouse
hops 2 and 3 your system is not directly making a TCP connection to
so your firewall would not get involved there
mags8
so hop 2 and 3 I would never see in my firewall rule. Makes sense. :) So once the Circuit is established, like it is now, should i see any additional pop=ups?? Like the one i have pendding from Tor.exe to a remote server, using remote port TCP 995 (pop3s) ?
         

wgreenhouse
mags8: current versions of tor browser make one circuit per domain per tab
so if you navigate to a new domain or make a new tab, you'll see new circuits being created
mags8
one circuit per tab? I didn't know but that explains it
wgreenhouse
mags8: it used to be one circuit every ten minutes, but this broke e.g. login sessions at web services in weird ways
that's still the default for tor-the-network-server outside of the tor-browser-packaged variant
the new default tries to break fewer websites while still isolating each tab's networking
mags8
I last used it when it was ... Verdana (sp?)
wgreenhouse
Vidalia? that's neither tor nor the browser, but a controller app that used to be bundled with tor browser
it's dead and unreplaced
mags8
well you guys have been helpful, thanks. Unless of course this IRC is just a front to get me to accept "Allow" over Port 21 ;-)
wgreenhouse
lol
bamboos
Curses!
wgreenhouse
mags8: even if that were the case, nothing seriously bad would happen; I doubt there's much malware that only works if the default ftp client port can connect
that'd be pretty sh*t
also Windows doesn't ship an FTP client or server by default
mags8
thanks guys, very helpful
wgreenhouse
yw
triton_
Is there any way i can connect/route my traffic through Tor without using the browser bundle? Something like a local proxy or so?!
cacahuatl
Yes but if you intend to browser, you should use the Tor Browser.
*browse
triton_
Well i want to route all my traffic through Tor and i don't like firefox. So i thought a local proxy that would "hijack" my connections might be the best idea.
cacahuatl
It's not
But it can be done, see "Transparent Proxying" https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
triton_
Thanks a lot but it seems it only works on Linux.
cacahuatl
You could use tails then if you want a Tor only operating system.
triton_
Actually I don't need that much security. I just thought i could increase the Tor traffic from time to time to make the anonymity set bigger.
cacahuatl
Doesn't work like that, I recommend reading through the documentation and especially the FAQ on the main website. It should answer any questions you have.
triton_
As far is I understood it every Tor user profits if more people are using Tor because it is harder to single out connections.
Warr1024
triton_: it's better if that user is indistinguisable from the rest
triton_: which transparent proxying won't provide, since non-TBB browsers tend to be more easily fingerprintable.
triton_
Okay browsing aside - if i use mail, SSH etc via Tor shouldn't that help others aswell since probably many people use the same protocols?
Warr1024
it
MAY help increase the overall router-router cover traffic, but won't help much at the point of exits...
cacahuatl
Most of those things will support explicit SOCKS5, which is a better choice than transproxy.
Warr1024
email over tor can be problematic, depending on how you do it.
triton_
But if I browse the web, connect to my mail server and SSH only via secure connectsion that should help the exit traffic aswell, righ?
Warr1024
SSH over tor is pretty nice, though, but you may need to be careful of MITM, since SSH's trust model is generally TOFU...
triton_
i already have all the SSH key's i need in my store but thx for the warning
Warr1024
I couldn't really tell you the value of adding cover traffic to the tor network, or whether certain characteristics of that traffic affect its value. I wonder if anyone has done any research on it, though...
In principle, a public mix network needs a certain amount of traffic to mix with, but then again, volunteer bandwidth is limited, so there may be some point of diminishing returns.
triton_
I just thought i might do the community a "favor" since there are people that say more people should use Tor in order to increase the anonymity set.
I am too scared to run an exit node but i do run a relay.
cacahuatl
unfortunately not all things are suitable for use on Tor because they make baseless assumptions about connections.
(that no one can see or tamper the data in transit)
Warr1024
though tbh I wonder how much more dangerous the potential for misbehaving exits really is; you shouldn't trust your normal internet routes to begin with...
cacahuatl
That's my point
triton_
True that, in my country they harassed a guy for running an exit so i am a little cautious.
Warr1024
Exit operators can expect to get a lot of harassment, though what kind, and by whom, varies a lot.
triton_
I am not sure where he ran his exit from but they went in his apartment and seized all his tech. And i really like my tech so I am a little hesistant.
Warr1024: I assume you are running an exit?
Warr1024
no, but there's a lot of documentation out there describing what you might be getting yourself into.
they also recommend you don't run one from home, as getting raided because of something somebody else is using your exit to do is something that has been known to happen.
triton_
Yup i read the guides. Maybe one day in the future.
Warr1024
I once accidentally ran an exit from home, but fixed the config before it caused any trouble.
I think they've since fixed the config issues that could cause that to happen.
specifically I mean they've made it no longer easy to accidentally run an exit.
triton_
I just set mine up on the weekend and i think the standard config is still exit.
Warr1024
oh, I see, it says that ExitRelay defaults to auto, but in the *future* they plan on making it default to 0, which would be the fail-safe...
thanks for the heads-up
arma
right. if you use the default exit policy, you'll still be an exit
« prev 1 2 3 4 next »