[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor On Private Network



I tried setting localhost as the DNS and it might have worked. Tor no
longer exists because the DNS resolving configuration is broken, but
watch what happens. Just for reference, my private network consists of
three servers who are each set up to be Auth Dir and exit servers and
inherently trust eachother. They are on 169.254.46.12*, this computer
is .125. At some point, Tor realizes that my DNS entry is fake but
thinks that the DNS server is hijacking requests.


Laptop-9:~ adb$ tor

Jan 18 15:41:06.054 [notice] Tor v0.1.2.19. This is experimental
software. Do not rely on it for strong anonymity.

Jan 18 15:41:06.077 [notice] Your ContactInfo config option is not
set. Please consider setting it, so we can contact you if your server
is misconfigured or something else goes wrong.

Jan 18 15:41:06.079 [warn] You have used DirServer to specify
directory authorities in your configuration. This is potentially
dangerous: it can make you look different from all other Tor users,
and hurt your anonymity. Even if you've specified the same authorities
as Tor uses by default, the defaults could change in the future. Be
sure you know what you're doing.

Jan 18 15:41:06.080 [notice] Enabling experimental OS X kqueue support
with libevent 1.3e. If this turns out to not work, set the environment
variable EVENT_NOKQUEUE, and tell the Tor developers.

Jan 18 15:41:06.082 [notice] Initialized libevent version 1.3e using
method kqueue. Good.

Jan 18 15:41:06.083 [notice] Opening OR listener on 127.0.0.1:3003

Jan 18 15:41:06.084 [notice] Opening OR listener on 169.254.46.125:3003

Jan 18 15:41:06.085 [notice] Opening Directory listener on 127.0.0.1:3004

Jan 18 15:41:06.086 [notice] Opening Directory listener on 169.254.46.125:3004

Jan 18 15:41:06.087 [notice] Opening Socks listener on 127.0.0.1:3005

Jan 18 15:41:06.088 [notice] Opening Control listener on 127.0.0.1:9051

Jan 18 15:41:06.089 [debug] parse_dir_server_line(): Trusted dirserver
at 127.0.0.1:3001 (1944)

Jan 18 15:41:06.120 [debug] parse_dir_server_line(): Trusted dirserver
at 169.254.46.126:3001 (1944)

Jan 18 15:41:06.122 [debug] parse_dir_server_line(): Trusted dirserver
at 169.254.46.127:3004 (1944)

Jan 18 15:41:06.124 [info] or_state_load(): Loaded state from "data/state"

Jan 18 15:41:06.138 [info] crypto_seed_rng(): Seeding RNG from "/dev/urandom"

Jan 18 15:41:06.140 [info] configure_nameservers(): Parsing resolver
configuration in '/etc/resolv.conf'

Jan 18 15:41:06.142 [info] eventdns: Parsing resolv.conf file /etc/resolv.conf

Jan 18 15:41:06.143 [info] eventdns: Added nameserver 169.254.46.125

Jan 18 15:41:06.144 [info] eventdns: Setting maximum allowed timeouts to 16

Jan 18 15:41:06.145 [info] eventdns: Setting timeout to 10

Jan 18 15:41:06.149 [info] init_keys(): Reading/making identity key
"data/keys/secret_id_key"...

Jan 18 15:41:06.284 [info] init_keys(): Reading/making onion key
"data/keys/secret_onion_key"...

Jan 18 15:41:07.206 [debug] resolve_my_address(): Resolved Address to
'169.254.46.125'.

Jan 18 15:41:07.208 [debug] parse_addr_policy(): Adding new entry 'reject *:25'

Jan 18 15:41:07.209 [debug] parse_addr_policy(): Adding new entry 'reject *:119'

Jan 18 15:41:07.210 [debug] parse_addr_policy(): Adding new entry
'reject *:135-139'

Jan 18 15:41:07.211 [debug] parse_addr_policy(): Adding new entry 'reject *:445'

Jan 18 15:41:07.212 [debug] parse_addr_policy(): Adding new entry 'reject *:465'

Jan 18 15:41:07.213 [debug] parse_addr_policy(): Adding new entry 'reject *:563'

Jan 18 15:41:07.213 [debug] parse_addr_policy(): Adding new entry 'reject *:587'

Jan 18 15:41:07.214 [debug] parse_addr_policy(): Adding new entry
'reject *:1214'

Jan 18 15:41:07.214 [debug] parse_addr_policy(): Adding new entry
'reject *:4661-4666'

Jan 18 15:41:07.215 [debug] parse_addr_policy(): Adding new entry
'reject *:6346-6429'

Jan 18 15:41:07.215 [debug] parse_addr_policy(): Adding new entry
'reject *:6699'

Jan 18 15:41:07.216 [debug] parse_addr_policy(): Adding new entry
'reject *:6881-6999'

Jan 18 15:41:07.216 [debug] parse_addr_policy(): Adding new entry 'accept *:*'

Jan 18 15:41:07.254 [debug] router_get_my_descriptor(): my desc is
'router onetwofive 169.254.46.125 3003 0 3004

platform Tor 0.1.2.19 on Darwin Power Macintosh

published 1970-01-18 20:41:07

opt fingerprint 7751 1690 757D 05DA D428 4ADA 3821 2D89 27B5 4610

uptime 0

bandwidth 3145728 6291456 0

onion-key

-----BEGIN RSA PUBLIC KEY-----

MIGJAoGBALdlAhyM5ErOCP7tuODdz1Ah3EDUzaRg95X2ZzFLUdw77Hfb6T6o1pMy

DfMAXBKXov8/aARCwodjZn/VwdvEUDyKg+mXZ9UmxuRSHGkrJItQoGjhcv4UJ0mI

9A2iOvi7gmJvrEuac3AR1lgHZT7t9o/7As85mraHKYQmmKf2fkyDAgMBAAE=

-----END RSA PUBLIC KEY-----

signing-key

-----BEGIN RSA PUBLIC KEY-----

MIGJAoGBAL2n77/3JUxmQNMSECQczfyxEhZukkQR5JPDXyURFP94O6jgK5kDHflB

XhpZL7/opXFAUMXL+Rgf+FAjOaoSFB1kaWhJoHpOwlmapDU6a6wJRzo9ttUS7yoo

xUplKWYHHSjkD9DbHnzfHElKPGKpRR60QyGO1mb5JY7qvdnIqiXhAgMBAAE=

-----END RSA PUBLIC KEY-----

opt write-history 1970-01-17 23:06:40 (900 s)

opt read-history 1970-01-17 23:06:40 (900 s)

reject *:25

reject *:119

reject *:135-139

reject *:445

reject *:465

reject *:563

reject *:587

reject *:1214

reject *:4661-4666

reject *:6346-6429

reject *:6699

reject *:6881-6999

accept *:*

router-signature

-----BEGIN SIGNATURE-----

fl5BGQAMTfHjzmcz+hY8+tc/sBS8lo7clycivK6rC8dlHAKcbsjIrOE0bOxy9xPu

bnTOZ8uiWEKyyyJDk1CKXVXfS3ddAgKUXIoJFUdw6qBVx/OAI39TvuGMWJxbYBa8

Wb/kQFLxABoOuYXC0oEkKx1AvkaNDRl3qUE38+Xedcs=

-----END SIGNATURE-----

'

Jan 18 15:41:07.259 [info] init_keys(): Dumping fingerprint to
"data/fingerprint"...

Jan 18 15:41:07.259 [notice] Your Tor server's identity key
fingerprint is 'onetwofive 7751 1690 757D 05DA D428 4ADA 3821 2D89
27B5 4610'

Jan 18 15:41:07.260 [info] tor_mmap_file(): Could not open
"data/cached-routers" for mmap(): No such file or directory

Jan 18 15:41:07.261 [info] update_router_have_minimum_dir_info(): We
have 0 of 3 network statuses, and we want more than 1.

Jan 18 15:41:07.262 [notice] I learned some more directory
information, but not enough to build a circuit.

Jan 18 15:41:07.263 [debug] spawn_cpuworker(): just spawned a cpu worker.

Jan 18 15:41:07.263 [debug] connection_add(): new conn type CPU
worker, socket 11, n_conns 7.

Jan 18 15:41:07.264 [info] router_pick_trusteddirserver(): No trusted
dirservers are reachable. Trying them all again.

Jan 18 15:41:07.265 [info] router_pick_directory_server(): No
reachable router entries for dirservers. Trying them all again.

Jan 18 15:41:07.265 [info] router_pick_directory_server(): Still no
reachable router entries. Reloading and trying again.

Jan 18 15:41:07.266 [info] tor_mmap_file(): Could not open
"data/cached-routers" for mmap(): No such file or directory

Jan 18 15:41:07.267 [info] directory_get_from_dirserver(): No router
found for status list; falling back to dirserver list

Jan 18 15:41:07.268 [info] router_pick_trusteddirserver(): No trusted
dirservers are reachable. Trying them all again.

Jan 18 15:41:07.268 [info] router_pick_directory_server(): No
reachable router entries for dirservers. Trying them all again.

Jan 18 15:41:07.269 [info] router_pick_directory_server(): Still no
known router entries. Reloading and trying again.

Jan 18 15:41:07.269 [info] tor_mmap_file(): Could not open
"data/cached-routers" for mmap(): No such file or directory

Jan 18 15:41:07.270 [notice] While fetching directory info, no running
dirservers known. Will try again later. (purpose 2)

Jan 18 15:41:07.271 [debug] resolve_my_address(): Resolved Address to
'169.254.46.125'.

Jan 18 15:41:07.275 [debug] directory_initiate_command(): private 0,
want_to_tunnel 0.

Jan 18 15:41:07.276 [debug] directory_initiate_command(): initiating
server descriptor upload

Jan 18 15:41:07.276 [debug] connection_connect(): Connecting to [scrubbed]:3001.

Jan 18 15:41:07.277 [debug] connection_connect(): Connection to
[scrubbed]:3001 in progress (sock 14).

Jan 18 15:41:07.278 [debug] connection_add(): new conn type Directory,
socket 14, n_conns 8.

Jan 18 15:41:07.279 [debug] write_to_buf(): added 5 bytes to buf (now 5 total).

Jan 18 15:41:07.279 [debug] write_to_buf(): added 5 bytes to buf (now 10 total).

Jan 18 15:41:07.280 [debug] write_to_buf(): added 57 bytes to buf (now
67 total).

Jan 18 15:41:07.281 [debug] write_to_buf(): added 1276 bytes to buf
(now 1343 total).

Jan 18 15:41:07.281 [debug] directory_initiate_command(): private 0,
want_to_tunnel 0.

Jan 18 15:41:07.282 [debug] directory_initiate_command(): initiating
server descriptor upload

Jan 18 15:41:07.282 [debug] connection_connect(): Connecting to [scrubbed]:3001.

Jan 18 15:41:07.283 [debug] connection_connect(): Connection to
[scrubbed]:3001 in progress (sock 15).

Jan 18 15:41:07.284 [debug] connection_add(): new conn type Directory,
socket 15, n_conns 9.

Jan 18 15:41:07.285 [debug] write_to_buf(): added 5 bytes to buf (now 5 total).

Jan 18 15:41:07.285 [debug] write_to_buf(): added 5 bytes to buf (now 10 total).

Jan 18 15:41:07.286 [debug] write_to_buf(): added 62 bytes to buf (now
72 total).

Jan 18 15:41:07.286 [debug] write_to_buf(): added 1276 bytes to buf
(now 1348 total).

Jan 18 15:41:07.287 [debug] directory_initiate_command(): private 0,
want_to_tunnel 0.

Jan 18 15:41:07.287 [debug] directory_initiate_command(): initiating
server descriptor upload

Jan 18 15:41:07.288 [debug] connection_connect(): Connecting to [scrubbed]:3004.

Jan 18 15:41:07.289 [debug] connection_connect(): Connection to
[scrubbed]:3004 in progress (sock 16).

Jan 18 15:41:07.290 [debug] connection_add(): new conn type Directory,
socket 16, n_conns 10.

Jan 18 15:41:07.290 [debug] write_to_buf(): added 5 bytes to buf (now 5 total).

Jan 18 15:41:07.291 [debug] write_to_buf(): added 5 bytes to buf (now 10 total).

Jan 18 15:41:07.291 [debug] write_to_buf(): added 62 bytes to buf (now
72 total).

Jan 18 15:41:07.292 [debug] write_to_buf(): added 1276 bytes to buf
(now 1348 total).

Jan 18 15:41:07.293 [debug] directory_initiate_command(): private 0,
want_to_tunnel 0.

Jan 18 15:41:07.293 [debug] directory_initiate_command(): initiating
network-status fetch

Jan 18 15:41:07.294 [debug] connection_connect(): Connecting to [scrubbed]:3001.

Jan 18 15:41:07.295 [debug] connection_connect(): Connection to
[scrubbed]:3001 in progress (sock 17).

Jan 18 15:41:07.296 [debug] connection_add(): new conn type Directory,
socket 17, n_conns 11.

Jan 18 15:41:07.296 [debug] write_to_buf(): added 4 bytes to buf (now 4 total).

Jan 18 15:41:07.297 [debug] write_to_buf(): added 17 bytes to buf (now
21 total).

Jan 18 15:41:07.297 [debug] write_to_buf(): added 40 bytes to buf (now
61 total).

Jan 18 15:41:07.298 [info] update_router_have_minimum_dir_info(): We
have 0 of 3 network statuses, and we want more than 1.

Jan 18 15:41:07.301 [info] or_state_save(): Saved state to "data/state"

Jan 18 15:41:07.302 [debug] conn_write_callback(): socket 14 wants to write.

Jan 18 15:41:07.303 [info] connection_handle_write(): in-progress
connect failed. Removing.

Jan 18 15:41:07.304 [info] connection_close_immediate(): fd 14, type
Directory, state connecting, 1343 bytes on outbuf.

Jan 18 15:41:07.304 [debug] conn_close_if_marked(): Cleaning up
connection (fd -1).

Jan 18 15:41:07.305 [debug] connection_remove(): removing socket -1
(type Directory), n_conns now 10

Jan 18 15:41:07.306 [debug] conn_write_callback(): socket 15 wants to write.

Jan 18 15:41:07.306 [info] connection_handle_write(): in-progress
connect failed. Removing.

Jan 18 15:41:07.307 [info] connection_close_immediate(): fd 15, type
Directory, state connecting, 1348 bytes on outbuf.

Jan 18 15:41:07.343 [debug] conn_close_if_marked(): Cleaning up
connection (fd -1).

Jan 18 15:41:07.344 [debug] connection_remove(): removing socket -1
(type Directory), n_conns now 9

Jan 18 15:41:07.345 [debug] conn_write_callback(): socket 16 wants to write.

Jan 18 15:41:07.346 [debug] connection_dir_finished_connecting(): Dir
connection to router 169.254.46.127:3004 established.

Jan 18 15:41:07.346 [debug] flush_buf(): 16: flushed 1348 bytes, 0
ready to flush, 0 remain.

Jan 18 15:41:07.347 [debug] connection_dir_finished_flushing(): client
finished sending command.

Jan 18 15:41:07.348 [debug] conn_write_callback(): socket 17 wants to write.

Jan 18 15:41:07.349 [info] connection_handle_write(): in-progress
connect failed. Removing.

Jan 18 15:41:07.349 [info] connection_close_immediate(): fd 17, type
Directory, state connecting, 61 bytes on outbuf.

Jan 18 15:41:07.350 [debug] conn_close_if_marked(): Cleaning up
connection (fd -1).

Jan 18 15:41:07.350 [info] connection_dir_request_failed(): Giving up
on directory server at '169.254.46.126'; retrying

Jan 18 15:41:07.351 [info] directory_get_from_dirserver(): No router
found for network status; falling back to dirserver list

Jan 18 15:41:07.352 [notice] While fetching directory info, no running
dirservers known. Will try again later. (purpose 5)

Jan 18 15:41:07.352 [debug] connection_remove(): removing socket -1
(type Directory), n_conns now 8

Jan 18 15:41:07.378 [debug] conn_read_callback(): socket 16 wants to read.

Jan 18 15:41:07.379 [debug] read_to_buf_impl(): Read 85 bytes. 85 on inbuf.

Jan 18 15:41:07.380 [debug] connection_dir_process_inbuf(): Got data,
not eof. Leaving on inbuf.

Jan 18 15:41:07.384 [debug] conn_read_callback(): socket 16 wants to read.

Jan 18 15:41:07.385 [debug] read_to_buf_impl(): Encountered eof

Jan 18 15:41:07.385 [debug] fetch_from_buf_http(): headerlen 85, bodylen 0.

Jan 18 15:41:07.386 [debug] connection_dir_client_reached_eof():
Received response from directory server '169.254.46.127:3004': 400
"Nonauthoritative directory does not accept posted server descriptors"

Jan 18 15:41:07.387 [warn] http status 400 ("Nonauthoritative
directory does not accept posted server descriptors") response from
dirserver '169.254.46.127:3004'. Please correct.

Jan 18 15:41:07.387 [debug] conn_close_if_marked(): Cleaning up
connection (fd 16).

Jan 18 15:41:07.388 [debug] connection_remove(): removing socket 16
(type Directory), n_conns now 7

Jan 18 15:41:07.389 [debug] _connection_free(): closing fd 16.

Jan 18 15:41:08.319 [info] update_router_have_minimum_dir_info(): We
have 0 of 3 network statuses, and we want more than 1.

Jan 18 15:42:43.275 [info] dns_launch_wildcard_checks(): Launching
checks to see whether our nameservers like to hijack DNS failures.

Jan 18 15:42:43.277 [info] eventdns: Resolve requested.

Jan 18 15:42:43.279 [info] eventdns: Setting timeout for request 40cb10

Jan 18 15:42:43.280 [info] eventdns: Resolve requested.

Jan 18 15:42:43.281 [info] eventdns: Nameserver 169.254.46.125 has
failed: Connection refused

Jan 18 15:42:43.282 [warn] eventdns: All nameservers have failed

Jan 18 15:42:43.283 [info] eventdns: Resolve requested.

Jan 18 15:42:43.284 [info] eventdns: Setting timeout for request 40ce50

Jan 18 15:42:43.285 [info] eventdns: Resolve requested.

Jan 18 15:42:43.286 [info] eventdns: Resolve requested.

Jan 18 15:42:43.287 [info] eventdns: Setting timeout for request 40d660







Sorry for the incredibly long, detailed log but I wanted there to be
sure there was enough information.



My questions are:

1. Does it matter that Tor thinks its requests are being hijacked?
(Since I know I can trust the servers)

2. How come it says it can't get any network status documents?

3. What next?



Any help is appreciated,

Comrade Ringo Kamens
On 5/7/08, Ringo Kamens <2600denver@xxxxxxxxx> wrote:
>
> I took a look at that document, and the only suggested options that seemed to work were:
> EnforceDistinctSubnets 0
> ExitPolicyRejectPrivate 0
>
> The rest said that they were unknown options, including ServerDNSAllowBrokenResolvConf. Any ideas as to why this might be? I tried setting the DNS settings to make localhost the DNS server but that didn't seem to work either.
> Thanks,
> Comrade Ringo Kamens
>
>
>
> On 5/7/08, Karsten Loesing <karsten.loesing@xxxxxxx> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Ringo Kamens wrote:
> > | Is there a way to make tor not check this file? Any ideas?
> >
> > ServerDNSAllowBrokenResolvConf sounds like a useful option here.
> >
> > Have a look at the last section of proposal 135 that contains a bunch of
> > useful config options for private Tor networks:
> >
> > https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/135-private-tor-networks.txt
> >
> > - --Karsten
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFIId6L0M+WPffBEmURAgwRAKDB4oSnUO7l6fx92CDJkF5snJ3H1gCeKA0p
> > ybDyFPiLHoogcOXUfxtu4A8=
> > =ZHHB
> > -----END PGP SIGNATURE-----
> >
>
>