Changes between Version 68 and Version 69 of doc/FAQUnanswered


Ignore:
Timestamp:
Apr 23, 2010, 4:48:49 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FAQUnanswered

    v68 v69  
    88= Unanswered FAQ Questions =
    99
    10 1) '''Hidden services are currently very vulnerable to attacks by web hosts who come to suspect a machine in their network is being used for Tor. Since they can power cycle the server in question (and likely blame it on technical difficulties without arousing suspicion) they can make an unambiguous identification of a hidden service host.
    11 This could be prevented if the directory servers supported more than one provider for a hidden service and so could direct requests away from a non-responsive server (there may be other solutions). Of course this could also help provide more reliable hidden services in general. Is there any chance of this getting implemented in the near future?'''
    12 
    13 2) '''Why do I keep getting messages telling me that my clock has just jumped ahead and that my circuits will be assumed broken? ''(eg.
    14 Oct 02 10:14:53.619 [notice] Your clock just jumped 1056 seconds forward; assuming established circuits no longer work.'') I've got a cron job to sync the time every eight hours and it's never out by more than a second.'''
    15 
    16 -- On my system, this happens when Vidalia gets into trouble. It seems that when tor and V communicate, tor can wind up waiting for V to respond, or for the V process to be killed.
    17 
    18 
    19 3)'''If an attacker has access to past logs of ISP and any given visted site, does the prng of the tor client allow the attacker to guess which circuit it used next?'''
    20 
    21 Tor uses cryptographically strong random numbers provided by OpenSSL when choosing nodes to use in a circuit. How OpenSSL implements this is operating system specific. If there's a weakness in Tor's method of choosing nodes, it probably isn't in the random number generator.
    22 
    23 *** Hmm, if the prng is deterministic, and you can narrow one result of calling it by knowing what host was chosen, can you, knowing the algorithm, however good it is, thereby narrow the result of the next call to it?  This question might be a bit ignorant; for example the prng might use other data on the client computer instead of following an algorithm to return the next item.
    24 
    25 *** Thanks for your comments, BTW, as a lot of us are wondering the answers to these FAQU.
    26 
    27 *** It has nothing todo with determinism. It is a matter of predictability. Without using real entropy, everything done on conventional computers should be deterministic (try teling that to people who use Windows ;). However, the part that we are interested in is whether someone can predict what Tor is going to next choose.
    28 
    29   Cryptographic number generators have the property that they (shouldn't) give up their internal state by their external outputs quickly. So, unless the attacker gets to see a lot of outputs - node choices - without reseeding from real entropy they are pretty much screwed provided the cryptograpphic prng isn't broken.
    30 
    31 
    32 '''Is there a signal i can send the tor client to tell it to switch circuits immediately?'''
    33 
    34 You can connect to Tor's control port and send "authenticateCRLFsignal newnymCRLF" where CRLF is a carriage return line feed pair.
    35 
    36 '''Why does Firefox/Privoxy/Tor return Privoxy 404 pages so frequently -- almost every time -- when properly configured, even on sites like google.com?  How to mitigate?  The tor process is running fine.'''
    37 (Votes: 2)
    38 
    39 The first problem is that Privoxy doesn't retry in case of
    40 DNS errors. It shows the 404 no such domain message right away.
    41 The second problem is that some browser cache Privoxy's error
    42 messages and Firefox is one of them.
    43 
    44 The Privoxy patch described at
    45 http://www.fabiankeil.de/sourcecode/privoxy/
    46 lets Privoxy retry in case of connection problems
    47 and makes sure, the browser doesn't reuse a cached
    48 error message.
    49 
    50 '''For that matter, why is DNS the main failure mode?  Who is timing out and why?  Can Tor (1) change the timeout, (2) deprecate bad servers, or (3) cache DNS locally so it doesn't have to make a long, slow, failure-prone DNS lookup every time?'''
    51 
    52 You should be sending hostnames to Tor over SOCKS4a or SOCKS5. In that case, the Tor exit node will resolve the hostname before making a connection for you. Unless the exit node is misconfigured, there shouldn't be a problem with DNS resolves timing out.
    53 
    54 *** Actually, for me this happens most of the time.  I am sending through Privoxy, and tried both sockses.  So why would I be hitting so many exit nodes that FREQUENTLY time out on DNS?  Firefox 1.5, most recent stable Tor.
     10'''Why does Firefox/Privoxy/Tor return Privoxy 404 pages so frequently -- almost every time -- when properly configured, even on sites like google.com?  How to mitigate?''' (Votes: 2)
     11
     12Maybe it's just my Mac but I find that Tor has a habit of dying and staying dead which leaves privoxy and firefox non-functional. The work around I've found is that you can open Terminal directly and just start Tor by typing "Tor". I also find that if I start getting a lot of 403's or 504's then I can just kill the Tor instance running in Terminal and re-start it. More often than not, that fixes the problem.
    5513
    5614'''Is the reason that gmail rarely works: gmail, tor, privoxy, firefox, your own bandwidth/latency, tor's bw/latency, or some combination?  Is it fixable?'''
    5715
    58 *** For Gmail for me, it's even worse; I have to try 5 or 6 times before I get a page.
    59 
    60 -- I know that improvements to DNS handling are due in 1.2.x-final (see bug #364).
    61 
    6216'''Why is the argument against more than 3 hops that both-ends attacks are the enemy?  Wouldn't it be better to have more than 3 if the enemy cannot mount a both-ends attack?'''
    6317
    64 This is two questions, really.
    65 
    66 To understand it better, think from the perspective of an attacker. They have a choice: they can make a both-ends attack, an attack comprising the hops and both.
    67 
    68 Now, at this point you need to think what attacker you are trying to defend against. The NSA? Sorry, your screwed - find something else. A big company? Some rogue ISP's? Ok, now that's something that Tor may be able to defend against...
    69 
    70 Now, what information are you - the attacker - trying to find? Who is talking to who? Content of some transmissions? Both?
    71 
    72 Well, for finding content of transmissions your best way is to just listen in on some exit nodes.. or create some malicious ones. That's not the attack threat we're trying to defend against, then.
    73 For finding who is talking to who? Ok, let's say that's what we're trying to find out.
    74 
    75 From this perspective, what is needed to mount a both-ends attack? Listening on both ends. If there is some mitigation technique used - like random timing - compromising those both ends could come in handy (at this point, more hops would really be useful). But there isn't - AFAIK - and so we shall suppose that listening on both ends is enough.
    76 
    77 Now, what is the alternative option? Listening to all the hops AS WELL? Oh dear, that's a little harder.. and what does it bring us? Well, we can get slightly more accurate results - maybe - as we can more closely correlate. This, of course, gets yet better if we compromise some of those hops.
    78 
    79 The key word here is slightly. Provided the number of hops is a constant - so you can get a reasonably accurate latency estimate - then, over a longer enough period of time, you will be able to correlate and get your results.
    80 
    81 The key word here is slightly. Provided the number of hops is a constant - so you can get a reasonably accurate latency estimate - then, over a longer enough period of time, you will be able to correlate and get your results.
    82 
    83 So, yes, the hops will make it slightly more secure. But only slightly. And yes, in some cases, it may be really useful.. but in those cases, you probably should be using something with much stronger anonymity than tor (if someone knowing what your saying is unacceptable, don't use tor.. not, at any rate, on it's own).
    84 
    85 Now, then, what are the disadvantages to more hops? More bandwidth is used. Latency is increased.
    86 
    87 Despite this, it's possible that having number of hops as an easily configurable option is not a bad idea... I would guess that there is an excess of middle-man nodes with the recent draconian laws in some parts of the Western oh so free world that make people interested in privacy yet at the same time too scared to actually stick their neck out. In this case, Tor as a network would likely not lose much by doing that.
    88 
    89 *** I ommitted elaboration of the cases where more hops would be really useful (I think I forgot about it..). These cases are generally when traffic originating from an exit node is wanted to be tracked down and a response can be made quickly, but does not have global observer capabilities. In that case, in order to find the entry node, going through each hop is the only sensible solution in a network with > 50 servers. How much you would gain from extra hops is difficult to answer.. it would depend, I think, on how often circuits rotate and the probability of a hop being out of the grasp of the attackers. Hops are, I think, probably most useful when you - or your data - specifically are being targeted..
    90 
    9118'''How can I be sure that sending DNS through tor doesn't get spoofed sites?'''
    9219
    93 Use a method for authenticating the site you want to connect to, such as ensuring an SSL certificate is associated with the domain name and signed by a trusted authority, or verifying an SSH fingerprint out-of-band. Hidden services on Tor are not subject to this problem because their .onion names are self-authenticating as hashes of their public keys.
    94 
    9520'''How does tor relate to ipv6 and how should typical applications handle ipv6 if they use tor (or tor via Privoxy)?'''
    9621
    97 Like a dog talking to a quasar... I never was good with similes.
    98 
    99 Tor carries TCP data (does it? Maybe it just carries some data that is then transported over TCP... I know, for instance, that it also contains IP and port... TCP doesn't) over another layer - currently IPv4. There is work to make Tor work with IPV6, but I am not aware of it being completed.
    100 
    101 As for how an application would interface with it -- depends. It could use SOCKS; in that case, I think it would have to use SOCKS5 in the event of addressing IPv6 (rather than domains). This could be hacked around by adding a .ipv6 domain - nasty.
    102 
    103 Privoxy? Same as currently, if it handles it..
    10422
    10523'''What version of libevent should I be using?'''
     
    12442
    12543If you wish to do this, you will need to make a copy of your Privoxy config file, and comment out the line that causes Privoxy to use the Tor service.  Once you have done this, to switch over, just stop Privoxy, swap the config files, and restart it. You can also automate the process with a very simple shell script - an OSX version including sample config files and a shell script can be found [http://idlecircuits.com/privoxyswitcher.zip here], and the script can be used as an example for other *nix systems.
    126 
    127 -- In fact, there is no need to stop/restart privoxy. On my system, I have the privoxy config file owned by me, so I can edit it directly. Changing between tor and no-tor is as simple as editing one line.
    128 
    129 Here's the relevant lines from my privoxy config file:
    130 {{{
    131 # Tor:
    132 #
    133 ## forward-socks4a / localhost:9050 . 
    134 forward-socks4a .onion localhost:9050 .
    135 
    136 # Do not torrify these (high volume/speed concerns, as well as PhP BBS
    137 # systems that consider a changed IP to be a new login.):
    138 forward .blood-bowl.net .
    139 forward .qemu-forum.ipi.fi .
    140 }}}
    141 The line with "##" on it is the line to toggle. Remove those to enable tor, add them to disable tor.
    142 
    143 NB: Every PHP BBS site I've seen will consider you to have logged out and relogged in if your IP address -- as seen by the PHP site -- changes. This means that if tor ever switches circuits and changes exit node, those sites will reset your "unread messages". I have not been able to find a decent way to solve this with TrackHostExits, given that vidalia will overwrite my tor config occasionally (and has no support for adding these internally, so I have two editors trying to change the tor config), the length of time needed to track varies from 30 minutes at some (forced logout after thirty minutes of idle time) to 24 hours at others, dealing with the occasional dead exit node (and then you need to use a new exit node earlier), etc. And, my list of exception sites is currently 26 lines long.
    14444
    14545'''Tor works fine for POP3 email. But, Whistle-blowers and others who need anonymous
     
    15858'''Can Tor be used in a network that has NO DEFAULT ROUTE?  The only access method from this network is to use a traditional proxy.  Is there a way to chain proxies so that TOR requests are sent outbound via the standard proxy? (votes: 1)'''
    15959
    160 Maybe. If you can get some routes for the Tor servers, then that of course is great.... assuming it must go through the proxy, however, it will need to support sending Tor requests.
    161 
    162 Assuming it does.. AFAIK, Tor doesn't have built-in support directly for this. So, you'll have to make it look to Tor like it really can connect .. err.. normally.
    163 
    164 I can see several ways of doing this.
    165 
    166 You could overload the network commands and have them actually connect to the proxy.. that's easy but a hack.
    167 
    168 You could try doing something with OpenVPN; personally, I don't have any experience with it... but I'm guessing you could do something neat with it (I remember someone setting up an OpenVPN with Tor being used to route things.. so it supports socks, I think, in some way. In that case, assuming the proxy is socks... all done :) Oterwise, you could write an interface to make it socks).
    16960
    17061
     
    17566'''I've got a bug, now what? (votes: 2)'''
    17667
    177 1) Make sure that it is an actual bug with Tor, and not with Privoxy, Vidalia, your OS, etc.
    178 
    179 2) Check to see if it's an unreported bug (at the [http://bugs.noreply.org/flyspray/index.php?tasks=all&project=4 bug tracker]).
    180 
    181 2a) If it's already reported, then see if you can add anymore information (in the comments of that bug) that will help the developers duplicate it and/or track it down. (This step requires you to login to your account at flyspray, or to create a new account.)
    182 
    183 2b) If it's not already reported, then start a new report with as much relevant information as possible. Relevant information includes tor version number, OS used, and any relevant lines from the log. (This step requires you to login to your account at flyspray, or to create a new account.)
    184 
    18568'''How does Tor relate to the Freedom Project? (votes: 1)'''
    18669
     
    20588'''Can anonymity be broken if all Tor servers in the chain are compromised/malicious and so are keeping logs to trace the chain?'''
    20689
    207 Yes. Indeed, if all the servers in a circuit are compromised then they need not even be communicated with.. the entry node can decipher for all the (possibly even non-existent) nodes. In order to maintain a superficial view of anonymity, it would probably be good to forward it to the exit server however.
    208 
    209 '''What system resources does a TOR server use?  The FAQ already discusses memory a bit.  What about CPU?  Encryption is CPU-intensive.  Specific question I'd like answered: I'll be setting up a TOR node bandwidth-limited to about 256kbps (half my upstream bandwidth).  Will an old 300MHz G3 Mac easily handle this, or will a faster processor be needed? How 'bout a P90?  Presumably, TOR's disk usage and I/O is minimal.''' (Votes: 1)
     90
     91'''What system resources does a TOR server use?  The FAQ already dicusses memory a bit.  What about CPU?  Encryption is CPU-intensive.  Specific question I'd like answered: I'll be setting up a TOR node bandwidth-limited to about 256kbps (half my upstream bandwidth).  Will an old 300MHz G3 Mac easily handle this, or will a faster processor be needed? How 'bout a P90?  Presumably, TOR's disk usage and I/O is minimal.''' (Votes: 1)
    21092
    21193
    21294== Cannot resolve Foo.onion/Resolve requests to hidden services not allowed ==
    21395
    214 tor-resolve doesn't seem to work, i get this:
     96tor-resolve doesnt seem to work, i get this:
    21597{{{connection_ap_handshake_process_socks():  Resolve requests to hidden services not allowed. Failing.}}}
    21698from the copy of tor running locally. Please help!
    21799
    218 (from original questioner: thank you.  I got the mistaken idea that this would work because it is suggested in the 'how to torrify an application' article on this wiki.  It makes more sense now.  Someone who understands better might want to update that document)
    219 
    220 This question is answered; see [:../TorFAQ#AccessHiddenService: How Do I Access Tor Hidden Servers.]  You get this message when you try to use tor-resolve to resolve the address of a hidden service.  But hidden services are ''hidden'' - they don't *have* an IP address you can use.  Instead, you need to pass the hostnames to Tor directly.
     100(from original questioner: thank you.  I got the mistaken idea that this would work because it is suggested in the 'how to torrify an application' article on this wiki.  It makes more sense now.  Someone who understands better might want to upate that document)
     101
     102This question is answered; see 'How Do I Access Tor Hidden Servers.'  You get this message when you try to use tor-resolve to resolve the address of a hidden service.  But hidden services are ''hidden'' - they don't *have* an IP address you can use.  Instead, you need to pass the hostnames to Tor directly.
    221103
    222104== Clock Skew ==
     
    270152'''Answer''': No, Tor itself is all or nothing, a request either goes through it or it does not.
    271153
    272 For privoxy, however, you can use forward lines to make some hosts use tor, some use the normal system, and others use whatever other proxy you want.
    273 {{{
    274 forward-socks4a / localhost:9050 .
    275 forward-socks4a .onion localhost:9050 .
    276 
    277 # Do not torrify these (high volume/speed concerns, as well as PhP BBS
    278 # systems that consider a changed IP to be a new login.):
    279 forward .blood-bowl.net .
    280 forward .youtube.com .
    281 forward .qemu-forum.ipi.fi .
    282 forward .vidalia-project.net .
    283 }}}
    284 
    285 Here is an example. This uses privoxy for all sites (ad filtering, etc), and then specifies that some sites go through tor, and some do not.
    286 
    287 Privoxy uses the LAST match. So, the first line says "Use Tor by default". It can be turned off. The second line says "Always use Tor for .onion". After that are lines for "Never use Tor for these".
    288 
    289 Older, wrong information:
    290154Privoxy is also all or nothing in the sense that if a request has made it to Privoxy then either Privoxy is set up to go through Tor or it's not, there does not appear to be a way to program Privoxy so it will use Tor for some requests but not others.
    291155
     
    325189
    326190
    327 Well, you don't appear to allow exits on HTTP ports so I don't know why they blocked you. Fascists? [Ed. Fascists put their belief into the state... I doubt Slashdot does. Really, it's authoritarian]
    328 
    329 Anyway, you should probably block their IP rather than ports that happen to be theirs ;) (which don't exist - surprised tor let you do that..)
    330 
    331 To clarify, the syntax is ''ip-address'':''port'', so reject *:66.35.250.15 is blocking all requests to exit port number 66.35.250.15 at all ip addresses. This obviously doesn't make sense. What you want to do is reject 66.35.250.15:* to block all slashdot traffic.
    332 
    333 Also, the fourth line of this page reads: ''this is '''not the place''' for random it doesn't work or how do I do foo questions.''
    334 
    335191'''What is the significance of the changes in the Bittorrent Torify HOWTO?'''
    336192
    337 I noticed I can't connect with btdownloadcurses through proxychains any more. Looking for answers, I went back to the Torify HOWTO and noticed that it had been altered. Where it used to explain about using proxychains to run bittorrent through TOR, which I used successfully for over a year, it now says that Bittorrent "uses a mechanism similar to TOR." That was certainly news to me. How is the generic Bittorrent client technically similar to TOR in any way? I have always heard that the generic Bittorrent client offers almost no anonymity at all. Now I'm reading that Bittorrent and TOR are practically the same thing and it would be redundant to use them together. Seems a bit curious.
     193I noticed I can't connect with btdownloadcurses through proxychains any more. Looking for answers, I went back to the Torify HOWTO and noticed that it had been altered. Where it used to explain about using proxychains to run bittorrent through TOR, which I used successfully for over a year, it now says that Bittorrent "uses a mechanism similar to TOR." That was certainly news to me. How is the generic Bittorrent client technically similar to TOR in any way? I have always heard that the generic Bittorrent client offers almost no anonimity at all. Now I'm reading that Bittorrent and TOR are practically the same thing and it would be redundant to use them together. Seems a bit curious.
    338194
    339195As a sub-question, let me just ask directly: Is it true that Bittorrent through TOR via proxychains no longer works?
    340196
    341 Also, the same page now mentions a technique of using Tor to connect to the tracker only, as opposed to the peers, by including the line --tracker-proxy 127.0.0.1:8118: on the command line. However, I see no documentation of this option in the btdownloadcurses client and I find it a bit suspicious that the format of this option uses a hyphen rather than an underscore as all the other command line options that are listed as being compatible with btdownloadcurses use underscores to separate options with two words such as --check_hashes <arg> or --report_hash_failures <arg>. Is that a typo or an undocumented option that just happens to deviate from the naming convention of all the other options?
     197Also, the same page now mentions a technique of using Tor to connect to the tracker only, as opposed to the peers, by including the line --tracker-proxy 127.0.0.1:8118: on the command line. However, I see no documentation of this option in the btdownloadcurses client and I find it a bit suspicious that the format of this option uses a hyphen rather than an underscore as all the other command line options that are listed as being compatible with btdownloadcurses use underscores to separate options with two words such as --check_hashes <arg> or --report_hash_failures <arg>. Is that a typo or an undocumented option that just happens to deviate from the naming convetion of all the other options?
    342198
    343199'''How do you start and stop Tor and Privoxy in OS X (Panther) if you did not install the startup script? (needs to be added to installation instructions)'''
    344200
    345 
    346 On my system, the privoxy startup file ultimately runs
    347 {{{sudo $INSTALLDIR/privoxy --pidfile $pidfile }}}
    348 
    349 with INSTALLDIR being where you installed it, and pidfile being a filename that will hold the process ID.
    350 
    351 Tor can be started as a normal user -- just run the tor program. On my system, it runs as
    352 {{{/usr/bin/tor ControlPort 9051}}}
    353 
    354 Note that Vidalia is responsible for starting tor, normally.
    355 
    356201'''How do you configure the proxy if you are using Tor and Privoxy in OS X (Panther) with a router's firewall and the built-in OS X firewall, e.g. when using Wi-fi to connect to wireless router?  (needs to be added to installation instructions)'''
    357202
    358 I'm not sure that this is OS X specific. For any firewall, you need to add two incoming ports, 9001 and 9030 by default, to the list of approved ports.
    359 
    360 For Mac OS X, go to control panel, sharing, firewall, and then click "new" twice. The first one is port 9001, label "Tor Server", the second is port 9030, label "Tor Directory Mirror". Both of these are TCP ports, and the "port name" field should be "other".
    361 
    362 If you have BOTH the Os X firewall, and the router firewall, then you also need to open those ports on the router. Details are router specific.
    363 
    364203'''What to do (troubleshooting) if browsing slows to a crawl with Tor and Privoxy running in OS X?'''
    365 
    366 Somebody proposed the following solution, which ''should not be used'' as it will break Tor for everyone else.
    367 
    368 {{{CircuitBuildTimeout 6
    369 NewCircuitPeriod 3
    370 ExcludeNodes charlesbabbage,tutzing,TFTor,freetux4ever
    371 LongLivedPorts 80,23,21,22,706,1863,5050,5190,5222,5223,6667,8300,8888}}}
    372 
    373 CircuitBuildTimeout causes the client to drop an uncompleted circuit after 6 seconds; it will cause your tor to build circuits more aggressively than other nodes.  The default value is 60.
    374 
    375 Finally, port 80 is added to the "long lived ports" list. This will overload long lived ports, making tor unusable for people who need to use ssh over tor.
    376 
    377 
    378 '''I am running a Tor server on one computer on a network. Can I stop the other PCs on the same network from being k-lined on QuakeNet?'''
    379 
    380 
    381 '''Would it make sense to support binding to multiple ports in Tor server (e.g. to bind to ports 443, 22, 5190 etc.) for clients behind _really_ restrictive firewalls? If this was implemented one day, maybe you could also support binding to multiple specific IP addresses on multihomed servers?'''
    382 
    383 The changelog indicates that this has been possible since "version 0.0.7pre1 - 2004-06-02":
    384 ''Allow multiple instances of each BindAddress config option, so you can bind to multiple interfaces if you want.''
    385 
    386 The [http://tor.eff.org/tor-manual.html.en manual] says this about the ''ORListenAddress'' configuration option:
    387 ''... This directive can be specified multiple times to bind to multiple addresses/ports.''
    388 
    389 It also says this about the ''DIRListenAddress'' configuration option:
    390 ''... This directive can be specified multiple times to bind to multiple addresses/ports.''
    391 
    392204----
    393205CategoryHomepage