From: Matthias Fischmann <fis@xxxxxxxxxxxxxxxxx>
Reply-To: or-talk@xxxxxxxxxxxxx
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Setting up TOR
Date: Mon, 14 Mar 2005 15:19:22 +0100
On Mon, Mar 14, 2005 at 09:04:01AM -0500, jesus saves wrote:
> To: or-talk@xxxxxxxxxxxxx
> From: jesus saves <ilcjvm@xxxxxxxxxxx>
> Subject: Setting up TOR
> Reply-To: or-talk@xxxxxxxxxxxxx
>
> Hi,
>
> I was recently tasked with setting up TOR in our lab environment where i
> work to see if it would be useful tool for us to be "anonymous" while
> conducting pen testing. I installed TOR on Win. XP box. I ran TOR. In
> order to see if TOR was working properly, I connected to the web using a
> dial up client and then I scanned my co-workers box using nmap from ppp0
> interface. While I was scanning his box, he ran tcpdump on his end to
see
> the traffic and he was able to tell that the traffic was coming directly
> from me.
>
> If I understand TOR correctly, if I'm running TOR, when I connect to the
> internet, and I send traffic, my traffic should go through a series of
> onion router, so it would be difficult to determine the source of the
> traffic. When running the above test, my co-worker did not see any
traffic
> from any ip other than my ppp0 address. Am I do something wrong?
tor opens a tunnel entry (to be more specific: a socks server) on your
host that will swallow any tcp traffic that you have configured to let
through, and route it through tor to an exit point different from your
host. however, if you don't tell your application, it won't find the
tunnel entry and use direct connections as before.
so you need to "socksify" the program generating network traffic,
i.e. force it through a socks firewall. there are tools to do that
which are fairly easy to operate. you find all the links you need on
tor.eff.org.
was that your problem?
hope this helps,
matthias
<< signature.asc >>