|
Home > Archive > Anonymous Servers > August 2006 > Vidalia reveal you !
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Vidalia reveal you !
|
|
| Non scrivetemi 2006-07-21, 1:12 pm |
| Hi
First, where to find TOR security forum ?
Next:
After installing vidalia I can see security problems in TCP packets. I´m
using CommView packet sniffer and found, that Vidalia talk to internet via
systemprocesses in WinXP, go round TOR and reveal users real IP. Of course
there is a lot of TOR process activity also.
I found a identity in packet, like this <identity>"number here". The users
IP connect to a non-TOR server through port 9001 to specific IP and send a
lot of TCP packets, one with a identitynumber !
It is now possible for the remoteserver to observe and log the user, and
bind the users WAN IP with TOR servers exit IP. And it is possible for your
ISP to log this too, because packets go unencryptet out !
TorCP don't doo this. Only Vidalia for Windows.
Anybody please help solve this ?
Try sniffing your WAN. Use ethereal or commview (windows).
Are TOR-Vidalia not real safe ?
| |
| Nomen Nescio 2006-07-21, 7:12 pm |
| Non scrivetemi wrote:
> Hi
> First, where to find TOR security forum ?
This is as good as any on Usenet, but if you want to speak with the
developers themselves try IRC chat. Go to irc.oftc.net and join the #tor
channel.
That being said, your question really isn't about Tor, but a third
party Tor "shell". I don't know if the TorCP or Vidalia have their
own "forum" or contact method, but asking in #tor would at least get
you directed to it. ;)
> Next:
> After installing vidalia I can see security problems in TCP packets. I´m
> using CommView packet sniffer and found, that Vidalia talk to internet via
> systemprocesses in WinXP, go round TOR and reveal users real IP. Of course
> there is a lot of TOR process activity also.
> I found a identity in packet, like this <identity>"number here". The users
> IP connect to a non-TOR server through port 9001 to specific IP and send a
> lot of TCP packets, one with a identitynumber !
That's Tor connecting to the directory services port to get an updated
list of Tor nodes.
http://wiki.noreply.org/noreply/The...FirewalledPorts
Please..... just because you have Tor installed and running doesn't
mean every byte of traffic entering or leaving your machine will
anonymous. It's not generally possible, and unnecessary for even Tor to
do all its communications through a secure connection. In fact, getting
updated lists of Tor nodes is what helps keep the IMPORTANT parts of
your communications anonymous. 
> TorCP don't doo this. Only Vidalia for Windows.
TorCp absolutely does to this, or it wouldn't work. It's not the
"shell" that's doing the deed at all, it's Tor itself. Two things are
probably confusing you. First, Windows may be misrepresenting which
application is trying to make which connection. Not at all unheard of.
Second, it's not something that happens all the time, so it's possible
you simply missed "TorCP" making this DirPort connection.
| |
| Anonymous 2006-07-23, 1:12 am |
| In article < 683cbe003d3d9094fd5b1f90d3eafbd2@pboxmix
.winstonsmith.info>
"Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote:
>
> Hi
> First, where to find TOR security forum ?
>
> Next:
> After installing vidalia I can see security problems in TCP packets. I´m
> using CommView packet sniffer and found, that Vidalia talk to internet via
> systemprocesses in WinXP, go round TOR and reveal users real IP. Of course
> there is a lot of TOR process activity also.
> I found a identity in packet, like this <identity>"number here". The users
> IP connect to a non-TOR server through port 9001 to specific IP and send a
> lot of TCP packets, one with a identitynumber !
>
> It is now possible for the remoteserver to observe and log the user, and
> bind the users WAN IP with TOR servers exit IP. And it is possible for your
> ISP to log this too, because packets go unencryptet out !
>
> TorCP don't doo this. Only Vidalia for Windows.
>
> Anybody please help solve this ?
> Try sniffing your WAN. Use ethereal or commview (windows).
>
> Are TOR-Vidalia not real safe ?
Why not post the suspect packets?
Sounds like you are looking at traffic between Vidalia and Sockscap.
-=-
This message was sent via two or more anonymous remailing services.
| |
| Non scrivetemi 2006-07-23, 7:12 am |
| Anonymous wrote:
> In article < 683cbe003d3d9094fd5b1f90d3eafbd2@pboxmix
.winstonsmith.info>
> "Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote:
>
> Why not post the suspect packets?
>
> Sounds like you are looking at traffic between Vidalia and Sockscap.
Commview can't see traffic moving between applications. It only sniffs
ethernet cards or modems. So unless Vidalia and Sockscap are running on
different machines across a LAN it ain't happenin'.
The port says it's dirserver traffic, just like another poster
suggested. Why the OP didn't notice it with TorCP can only be guessed
at.
| |
| Non scrivetemi 2006-07-25, 7:13 pm |
| > The port says it's dirserver traffic, just like another poster
> suggested. Why the OP didn't notice it with TorCP can only be guessed
> at.
I´m wrong, sorry. It happens also with TorCP.
Yes I´m using SocksCap32 for Windows for Torifying apps because FreeCap
don´t works for Torifying usenet clients.
Anybody knows a real socks5 usenet client or how to configure stunnel for
using Xnews or Dialog through Tor?
What´s the best way for using a USENET client like Xnews or Dialog through
TOR for posting?
Are SocksCap32 safe or spyware?
Regards a Tor fan
| |
| Somebody 2006-07-26, 1:15 pm |
| >Anybody knows a real socks5 usenet client or how to configure stunnel for
>using Xnews or Dialog through Tor?
>
>What´s the best way for using a USENET client like Xnews or Dialog through
>TOR for posting?
If you intend to post anonymously then use your favorite client and
give OmniMix a try.
| |
| Borked Pseudo Mailed 2006-07-26, 7:13 pm |
| On 26 Jul 2006, Somebody <someone@somewhere.invalid> wrote:
=20[vbcol=seagreen]
ugh=20[vbcol=seagreen]
>
>If you intend to post anonymously then use your favorite client and
>give OmniMix a try.
I would rather use JBN
| |
| Anonymous 2006-07-27, 1:12 am |
| In article < 93fd6bd776bf58a9f135ca4898e4d238@pboxmix
.winstonsmith.info>
"Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote:
>
> Anonymous wrote:
>
>
> Commview can't see traffic moving between applications. It only sniffs
> ethernet cards or modems. So unless Vidalia and Sockscap are running on
> different machines across a LAN it ain't happenin'.
>
> The port says it's dirserver traffic, just like another poster
> suggested. Why the OP didn't notice it with TorCP can only be guessed
> at.
So, still post the packet, maybe this guy doesn't know what he's doing.
A good sniffer should see anything that's on the IP stack, that includes
127.0.0.x .
-=-
This message was sent via two or more anonymous remailing services.
| |
| Somebody 2006-07-27, 7:13 am |
| >>>Anybody knows a real socks5 usenet client or how to configure stunnel for
>
>I would rather use JBN
But that's not what the OP asked for. AFAIK the antiquated JBN app
neither has a built-in SSL or SOCKS support (only cURL in the Panta
Mod seems to have an option to use SOCKS5 to get stats) nor is it a
usenet client comparable with Xnews. With OmniMix OTOH you have a
solution that integrates the client you're used to, SSL and Tor.
| |
|
| In article
< a373e15563e8920c0bbf6483cf7bb770@pboxmix
.winstonsmith.info>
"Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote:
>
>
> Yes I4m using SocksCap32 for Windows for Torifying apps because FreeCap
> don4t works for Torifying usenet clients.
>
I've never been able to get FreeCap to work with any application
on either 98SE or XP. SocksCap is about the only thing that
works.
| |
| George Orwell 2006-07-28, 1:12 am |
| On 27 Jul 2006, Somebody <someone@somewhere.invalid> wrote:
or=20[vbcol=seagreen]
rough=20[vbcol=seagreen]
>
>But that's not what the OP asked for. AFAIK the antiquated JBN app
>neither has a built-in SSL or SOCKS support (only cURL in the Panta
>Mod seems to have an option to use SOCKS5 to get stats) nor is it a
>usenet client comparable with Xnews. With OmniMix OTOH you have a
>solution that integrates the client you're used to, SSL and Tor.
ok, fine. excuse the XXXX outta me.
your thing works for you and thats fine. I don't have to like it and I
don't
my think works for me, I learned anon on jbn years ago and it's never
failed me yet.
I'm waiting for a project I read about a while back, one that's supposed to=
give jbn the ability to use gpg instead of pgp
| |
| Anonyma 2006-07-28, 1:13 pm |
| On Thu, 27 Jul 2006, Mike <nobody@invalid.org> wrote:
>In article
>< a373e15563e8920c0bbf6483cf7bb770@pboxmix
.winstonsmith.info>
>"Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote:
>
>I've never been able to get FreeCap to work with any application
>on either 98SE or XP. SocksCap is about the only thing that
>works.
Agreed. FreeCap is a nice Idea, but in 98SE it blows chunks
| |
| Nomen Nescio 2006-08-02, 1:13 pm |
| Anonymous <BigappleRemailer@bigapple.yi.org> wrote in
news:YBWVXZJF38925.0548263889@anonymous:
> So, still post the packet, maybe this guy doesn't know what he's
> doing.
>
Sorry, I think I am not anonymous if I post the TCP packets. But maybe
later when I use another location and computer :-)
> A good sniffer should see anything that's on the IP stack, that
> includes 127.0.0.x .
YES
Which sniffer or firewall have all the options to sniff processes,
localhost and 0.0.0.0 bindings and record the traffic ?
What is OmniMix ?
Regards OP
|
|
|
|
|