[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Querying TOR server info

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Querying TOR server info
From: "Kyle Williams" <kyle.kwilliams@xxxxxxxxx>
Date: Tue, 14 Aug 2007 01:56:36 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 14 Aug 2007 04:56:45 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=YuUrzYLKFvbO2BhKUZ6Iw/8XxkhivA1VVL7GTNCvhyr4eHo02C6VTEqWqc+AaK0f6JqeFl7Y30E2lSQ+h1ZZL31gCZ8ZxUkG0SeC6hxhuyvm269gec5DKqZjvDYG/NAsQFACYSlSQvPUjVwEPHH9lYNrtPGIV/Z1kOiZIZVOvFU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Vp+epMJkZkqt0/yBUvgcb3MASoUJ3678gqX1mJLnxVsCjK6NjJyxIdAQ/H/bvxsg7xSa1YT14mMMs0YPqsZZVCaL9Qn9FqcRaGOvdtey2x0346Y2YeIl7mRjqWUuu62Q1OeztgQ5MoEajL6Co00TK6gGxxgsJlWVwU7GI3cMKUg=
In-reply-to: <46C1605F.5020200@xxxxxxxxx>
References: <20070813230910.4D6660D0@xxxxxxxxxxxxxxxxxxxxxxxx> <46C1605F.5020200@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Also, if you are running Tor with the ControlPort open, you want to make sure it's secure and is using one of two methods of authentication if it's not already in a virtual machine. :)

This link ( http://archives.seul.org/or/talk/Aug-2007/msg00130.html ) explains in more detail.

Simply having the "AUTHENTICATE" command as a means of authentication with no hashed password or cookie is bad idea.

You wouldn't use an empty password for your PC or e-mail would you? (I hope not)
So don't leave an empty password for the port that controls your Tor instance, aka, your anonymity, security, and privacy.

Note that the defaults that come with the Tor-Vidalia bundle and several others distributions DO NOT set any authentication for the control port, so you have to manually do it yourself, which could (and probably will) result in Vidalia or other GUI controls not functioning correctly. It's a trade off (for now...) between usability and security, so the choice is yours.

I also want to point out that JanusVM does offer both easy usability and security, even from insecure defaults and side-channel attacks; However, it only uses Tor as a client and not as server node, at this time.
The server node option will be present in the next release, so check it out at the end of this month!

best regards.

On 8/14/07, Pei Hanru <peihanru@xxxxxxxxx> wrote:

On 2007-08-14 14:09 CST, ZiM wrote:
> Hi!
>
> Is it possible to get the list of current entry guards my TOR server (Linux) is using? Sending USR1 signal doesn't seem to print this particular information in logs. It shows current introduction points, but not guards. Is it possible to determine them by looking at TOR's data files? This quite easy in Vidalia/TOR client-only installations, but a server is completely different story.
>
> Regards, JB

If your Tor server has its control port (normally 9051) open, you may
telnet into it and use getinfo command to get the entry guards list:

  $ telnet localhost 9051
  > authenticate
  > getinfo entry-guards

If the control port is not open, you may view the status file in Tor's
data directory (e.g. /var/lib/tor).

Hanru

References:
- Querying TOR server info
  - From: ZiM
- Re: Querying TOR server info
  - From: Pei Hanru

Prev by Author: Re: ModSecurity v2 Apache rules for directory servers
Next by Author: Re: ModSecurity v2 Apache rules for directory servers
Previous by thread: Re: Querying TOR server info
Next by thread: Re: Proposal: Two hop paths from entry guards
Index(es):
- Author
- Thread