[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Setting up TOR



Hi,


Thanks for responding to my question. I think that you are correct and that I need "socksify" nmap somehow. I went to the web-site you referred to and read about using privoxy in conjunction with tor. I did that and went to a web-site that was supposed to track my ip and another ip showed up that was not my actual ip, so that worked.


I don't think privoxy will help me with the test that I am performing with nmap. I was looking at the nmap man page, and I was thinking that maybe I could "socksify" it by telling it to use port 9050 (TOR Socks port) as the source port. I'm going to try this and see what happens. Are you familiar with nmap? If so, do you think this will work with the test that I am performing?

Thanks in advance

From: Matthias Fischmann <fis@xxxxxxxxxxxxxxxxx>
Reply-To: or-talk@xxxxxxxxxxxxx
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Setting up TOR
Date: Mon, 14 Mar 2005 15:19:22 +0100


On Mon, Mar 14, 2005 at 09:04:01AM -0500, jesus saves wrote:
> To: or-talk@xxxxxxxxxxxxx
> From: jesus saves <ilcjvm@xxxxxxxxxxx>
> Subject: Setting up TOR
> Reply-To: or-talk@xxxxxxxxxxxxx
>
> Hi,
>
> I was recently tasked with setting up TOR in our lab environment where i
> work to see if it would be useful tool for us to be "anonymous" while
> conducting pen testing. I installed TOR on Win. XP box. I ran TOR. In
> order to see if TOR was working properly, I connected to the web using a
> dial up client and then I scanned my co-workers box using nmap from ppp0
> interface. While I was scanning his box, he ran tcpdump on his end to see
> the traffic and he was able to tell that the traffic was coming directly
> from me.
>
> If I understand TOR correctly, if I'm running TOR, when I connect to the
> internet, and I send traffic, my traffic should go through a series of
> onion router, so it would be difficult to determine the source of the
> traffic. When running the above test, my co-worker did not see any traffic
> from any ip other than my ppp0 address. Am I do something wrong?


tor opens a tunnel entry (to be more specific: a socks server) on your
host that will swallow any tcp traffic that you have configured to let
through, and route it through tor to an exit point different from your
host.  however, if you don't tell your application, it won't find the
tunnel entry and use direct connections as before.

so you need to "socksify" the program generating network traffic,
i.e. force it through a socks firewall.  there are tools to do that
which are fairly easy to operate.  you find all the links you need on
tor.eff.org.

was that your problem?

hope this helps,
matthias
<< signature.asc >>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/