logs archiveIRC Archive / Oftc / #tor / 2015 / September / 29 / 1
azzeddine
quit
ccy8
hi
How can I set tor to start on start up?
thorazine
chkconfig tor on
update-rc.d tor enable
etc
ccy8
says System start/stop links for /etc/init.d/tor already exist.
thorazine
ccy8: maybe your config is bad
try service tor start
and check the logs
Ande
Hi all, what would happen if two boxes are running the same hidden service? Does that work like automatic load balancing?
kernelcorn
Ande: the network gets confused because two machines are uploading different HS descriptors to the same HS
it's happened before. Sometimes some clients get one, sometimes the other, it's a race condition.
I'd recommend that you use DonnchaC_'s HS load balancer, as it works very well
Ande
cool thanks
I'll look it up
does that require one LB box on the front or is it distributed?
gamambel
Ande: https://onionbalance.readthedocs.org/en/latest/
         

kernelcorn
I don't know, but I'll bet DonnchaC_ has documented that somewhere
ah
Ande
thanks guys
BrokaToe
Hey!
Sweet
question. there was a way that my friend told me that the browser automatically refreshes and gives you a new circuit every 10 minutes
how to do that
wumpus
tor creates a new circuit every 10 minutes automatically IIRC
Sweet
wumpus, so ur saying after 10 minutes my pages would refresh?
Joost
Sweet: if you've already loaded a page (i.e. received all the data) there's no point in refreshing
it's not like you're keeping a permanent connection open to google.com while you're on google.com
Sweet
i know
Joost
hmm, bad example
Sweet
im saying
lets say i keep a page open and come back in 10 minutes
and then lets say
i click somewhere
would it then use the new IP ?
i clicked a link so is it sending a new IP to the new page i'm browsing to?
wumpus
new connections will use the new circuit
long-standing connections may still use the old circuit (e.g. IRC connections), but for web that's not really an issue, keep-alive doesn't tend to keep connections alive 10 minutes
Peng
Tor Browser is somewhat more complicated. It uses separate circuits for, what, each tab? And has a button to switch to a new one.
wumpus
right, that's only the default, client software can do various magic tricks juggling with circuits through the tor control port or by using different auths to the SOCKS5
NickCalyx
hey all! I am at the Titanic hotel, does it make sense to head over to betahaus today
wacko22234
hello
macce
Hello, am I right that it's not possible to protect a hidden service against HTTP floods?
caber
macce: what do you want to protect? the availability of service? the anonymity of the service operator? the location of the hidden service?
macce
The availability of the service. How can you distinguish between malicious and non-malicious connections?
torQUES
how many exits redirects the client's received packages to the so called "AcidFox" MITM servers for callbacks injections for deanonymize the tor clients?( "encryption works; the targets are the endpoints security" - Edward Snowden)
*errata: FOXACID not "AcidFox"
there is no such thing as a "passive attacker"; it's an oxymoron like "impotent raper" ;-)
Peng
What the fu*k
         

qwerty1
it isn't the exits that do it (mosr of the time)
Nicknam3
hi
I would like to proxy all my systems traffic through for, what's your opinion
tor*
torQUES
the best practice against this is to not use tor for visit the clearnet links - including the my IP" sites"
I think the undisturbed clearnet links with "hot stuff" are mouse traps
qwerty1
pace falm
torQUES
qwerty: an exit node may unintentionally redirect the packets - foxacid servers act faster than others and grab the traffic to the original site
qwerty1
yeah
that attack is not restricted to exits or tor
it's also not hard to avoid with a few seconds or minutes of thought
Peng
Exit node <-> THE INTERNET <-> Destination
qwerty1
^
Peng
It's not a Tor thing, it's an Internet thing.
torQUES
correct
that's why recommand to clients to use the end-to-end encryption (https)
tor fag recommans
Nicknam3
anyone?
torQUES
Peng: however, there are too many http.../.onion sites
Peng
um
torQUES
outsider: I am convinced you are amazed too, how some insignifiant people who volunteered for tor with big traffic exit nodes then started/increased very profitable real life bussinesses in difficult markets - Uh oh, he's gone - anyway I don't give a s**t
ncl
< torQUES> Peng: however, there are too many http.../.onion sites
you mean, all of them besides like two?
Peng
HSes auth
torQUES
ncl: https .onion sites are safer than http .onion sites I guess
Nicknam3
thanks guys, you have been very helpful and informative. I will visit you again
torQUES
looks what the encryption expert Bruce Schneier and Snowden wrote about the FOXACID servers and other stuff
ncl
look at how the HS protocol works
torQUES
client <-> node <-> node <-> rendezvous point <-> node <-> node <-> node <-> HS
maybe my questions are naive because I am not a tor expert, so be pacient
Peng
Onions are already encrypted and authenticated. Running TLS over them is semi-redundant.
("semi-" because the current HS crypto is aging, and because a TLS cert can contain other information, like EV.)
torQUES
NIST recommended to abandon the 1024 RSA encryption starting 2010
since the new CPU's computing power and the internet bandwidth increased, a stronger encryption for tor is a must
off topic: the hardest part when I installed debian in a virtualbox was that thing named VBoxLinuxAdditions.run ;-)
the next step is to externalize the tor relay from my windows OS to the virtualbox's debian
how people here recommended
zdzichu
hi, I have strange error where reducing Capabilities (on Linux) makes tor unable to open hidden service dir: https://paste.debian.net/313815/
disabling this settings make tor happy. Anyone has an idea what could be wrong?
shelly1995
Heelllo
zdzichu
are additional CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER needed?
Peng
Apparently *something's* needed.
I remember someone having to do a little extra configuring to run an HS under an access control mechanism.
zdzichu
I see problems like https://lists.torproject.org/pipermail/tor-dev/2015-April/008638.html mentioned
it seems stock tor config is a bit too strict
and this https://groups.google.com/forum/#!topic/linux.debian.bugs.dist/OfkUE79SS_A
hmm, I think I'll open new trac ticket
fghj
billy20
How can I use Kali Linux anonymous? Any idea?
« prev 1 2 3 4 next »