logs archiveIRC Archive / Oftc / #tor / 2015 / September / 19 / 1
is that normal all these attempts to connect to my tor server with fake ID digest?
'fake id digest' ?
when a relay connect other relay they exchange their ID digests
I see in info many attempts with fake ID digests - all rejacted
can you copy one of those lines?
if it's the one I think it is, it's harmless
Sep 18 21:52:13.000 [info] channel_tls_process_netinfo_cell(): Got good NETINFO
cell from [scrubbed]:34134; OR connection is now open, using protocol version 3.
Its ID digest is 0000000000000000000000000000000000000000. Our address is appar
oh lol
that's just a client connection
I run a middle relay, how a client can connect to relay?
directly I mean
TORques: Clients do connect to relays.
Oh, you mean it doesn't have the guard flag?
I think they connect to guards relays
not directly to middle relays
I don't have guard flag

could be a bunch of things, but it's not true that only guards get connections from outside the network
this is strange - anyway I am a newbie with tor
don't worry about these, they're harmless :)
I see, the protocol version 3 with that '0000000...' ID is a Tor directory potocol from AuthDir servers, not from clients
greetings people of #tor
I come before you this day to inquire as to whether any of you plan on attending the tor dev meeting in Berlin
(tumbleweed rolls by)
nothing wrong with a good rpm-based rolling release distro ;)
haven't been on tor is months-- maybe years. Checked it out today and nothing was up. I used to be able to find a few live sites. Can someone point me at live chat site? Looking for general technology and pen testing talk.
#nottor is the next door down the hallway --->
I am using website software which does not support socks5 proxies
Is there anyway I can route it though nginx as socks5 tor proxy?
what do you mean by website software -- are you trying to run a web server? as a hidden service?
velope: It is not a webserver
It's software called LynxChan
It has a built in webserve
It just does not support socks5
gentoo-007: socks is for outgoing connections
use a hidden service for inbound ones
I am trying to use it as a hidden service
or wherever your distro puts it
hidden service server software does not use socks
the torrc config line creates a TCP gateway between tor circuits and the server software's listening ports
sometimes i feel like i shouldn't tell someone socks is for outbound and hidden service for inbound connections
i worry to what extent they are (not) securing their hidden service
sadly, it's hardly possible to make things worse, because most people trying to run a hidden service don't actually understand how tor works, don't have much idea of how to secure any service, and won't put in the work anyway
well, i don't claim to have a full understanding of how tor works, but hidden services are pretty simple: all inbound connections will appear to come from localhost, so you can't just block someone by IP, and the service which was probably written for a "trusted" LAN is now open to the world
that's what matters from a securing-your-service perspective
optionally, if you intend to remain anonymous, you need to make sure your hidden service can't leak info about the host
like dont using a cms for a simple blog, i really dont get the masses of wordpress'es in tor

you may not care about remaining anonymous though
if you are a company offering anonymized services, for example, you don't care if people know who you are; the hidden service is so your clients are anonymous
i am not sure why you would put a blog on a tor hidden service anyway
so the author/publisher cannot be located, of course
the fact that people tend to do it insecurely does not change the need or possibility
but your blog is probably leaking more identifying info through its content than through the transport
anonymity is hard
a policy that works for me is to only run hidden services where i don't really care if my identity is exposed
you'd like single-onion services then, an upcoming version of hidden services where only the client is anonymous
doesn't work for, say, illicit marketplaces
but i get paid more doing legit work than i could ever cash out without being caught doing illegitimate stuff
sounds fine to me
the only useful hidden service i run anyway is an implementation of the Shamir secret sharing scheme
which is kind of a toy
that's neat though
anyone who has a real secret should download the source, inspect it, and compile it themselves
source is public, with my name attached
don't really care
it went through a public release process including being reviewed by a corporate cryptographer for soundness
so i'm okay with having my name on it
but the hidden service is mostly just a demo
anyone who has a real secret can't assume that i'm not logging things
good advice
in this case i happen to not be logging things, but you'd be an idiot to trust me when i say that
I'm running tor locally and directing all traffic through it
which means when I use the tor browser, I'm doubled up on tor and it's slow as hell
is there a way to tell tor browser to take advantage of my local tor service?
kernelcorn: the only other content on that hidden service are two examples of my highly awesome atkins diet
(two sample midnight snacks)
because eating entire plates full of bacon as a snack while sustaining a weight loss of 5lbs per week is just cool
"aluminium" wow
SirCmpwn: the Tor Browser should already be configured to use Tor on, I forget the specific port
if you are modifying your machine to force all traffic through Tor, you will need to make an exception for, otherwise you will have Tor over Tor, which is not a good idea
you might also want to look at the Tails OS, which is already configured to torify all traffic and is probably more secure than your setup
kernelcorn: i sometimes use one VM as a tor bridge and another VM with a NIC on a virtual lan connected only to the tor bridge
in which case you'd need to configure TBB to not bother with tor at all
but still keep the other anonymizing aspects
never tried it, but it can probably be done
thorazine: the risk in that approach is that tor browser does certain things to isolate tabs from each other
which would be lost over a transparent proxy to a second host
it's not simple, unfortunately
Peng: https://github.com/lachesis/scallion
« prev 1 2 3 4 5 6 next »