I might have my (rented, colocated) redgene Tor server, which isn't due to expire before 12 December and has so far been spared by the recent German Tor crackdown been seized by law enforcement as evidence. Then, it might just be down. More as this develops (when I get an answer for my trouble ticket, that is). Needless, to say, there are no logs, and not even any content there at all. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On 12/7/06, Eugen Leitl <eugen@leitl.org> wrote:
I might have my (rented, colocated) redgene Tor server, which isn't due to expire before 12 December and has so far been spared by the recent German Tor crackdown been seized by law enforcement as evidence. Then, it might just be down. More as this develops (when I get an answer for my trouble ticket, that is). Needless, to say, there are no logs, and not even any content there at all.
ouch. was it a middle or exit? were tor keys on disk in plaintext?
On Thu, Dec 07, 2006 at 10:59:44AM -0800, coderman wrote:
On 12/7/06, Eugen Leitl <eugen@leitl.org> wrote:
I might have my (rented, colocated) redgene Tor server, which isn't due to expire before 12 December and has so far been spared by the recent German Tor crackdown been seized by law enforcement as evidence. Then, it might just be down. More as this develops (when I get an answer for my trouble ticket, that is). Needless, to say, there are no logs, and not even any content there at all.
ouch. was it a middle or exit? were tor keys on disk in plaintext?
Exit node. Keys in plaintext. Still no word on the trouble ticket. Either way, the damage is minimal, given that the node is offline, and due to expire by 12 Dec. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Hey...just a dumb question by somebody who doesn't write code (anymore...I was HW anyway so never wrote a lot). Why is it necessary for a Tor node to be identifiable by authorities? Is it possible to disguise it as something else? -TD
From: Eugen Leitl <eugen@leitl.org> To: coderman <coderman@gmail.com>, cypherpunks@jfet.org Subject: Re: redgene might be gone Date: Thu, 7 Dec 2006 20:40:21 +0100
On Thu, Dec 07, 2006 at 10:59:44AM -0800, coderman wrote:
On 12/7/06, Eugen Leitl <eugen@leitl.org> wrote:
I might have my (rented, colocated) redgene Tor server, which isn't due to expire before 12 December and has so far been spared by the recent German Tor crackdown been seized by law enforcement as evidence. Then, it might just be down. More as this develops (when I get an answer for my trouble ticket, that is). Needless, to say, there are no logs, and not even any content there at all.
ouch. was it a middle or exit? were tor keys on disk in plaintext?
Exit node. Keys in plaintext. Still no word on the trouble ticket. Either way, the damage is minimal, given that the node is offline, and due to expire by 12 Dec.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
_________________________________________________________________ Stay up-to-date with your friends through the Windows Live Spaces friends list. http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mk
On Mon, Dec 11, 2006 at 12:11:52PM -0500, Tyler Durden wrote:
Why is it necessary for a Tor node to be identifiable by authorities? Is it possible to disguise it as something else?
If you're renting a colo server with a fixed IP, how would you disguise it as anything, or conceal it as anything else if you never ever even seen the machine in question? Still no news on the trouble ticket. Either they're swamped, or the server has been really confiscated. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Well, here's where my ignroance is revealed. But let me recall the 'threat scenario' in this case. MwGs don't like Tor networks, and set about trying to find the nodes, and take them down. How do they do this? They can, perhaps, look at the IP addressses of packets they themselves shoot through the network, and then (theoretically) trace these back to the machines that sent the packets, presumably a tor node. Or at least, they can do this for an exit node(s). After finding an exit node, they can then contact the operator to locate the server and Tor node, and bludgeon them in totaking it down. The operator prrobably won't be surprised, because they will have installed the Tor node, which presumably has all sorts of files named, TOR.EXE, TOR_CLIENT.DLL, and so on. The only other way to tell they are running a Tor node is to see the other IP addresses coming in and going out, which presumably are other Tor nodes. Is that basically right? What if, for instance, a Tor client sent out a whole buttload of IPs, some of which are Tor nodes, some of which aren't, in various cities (including, say Fallujah). Let's say also that the Tor package sent to an actual Tor node operator was disguised to look like some other innocuous service. Let's say also that there are plenty of fake non-Tor packets coming in and out of that node which don't lead to any Tor nodes at at all. In the case, the local authorities would have to have some kind of subpeona (one would think) 'proving' to the operator that they indeed have a hated Tor node on one of their machines. They would also have to do this for a variety of nodes, perhaps, even ones that aren't actually Tor nodes. OK, farfetched. But possible? I'm a telecom guy so what the hell do I know... -TD
From: Eugen Leitl <eugen@leitl.org> To: Tyler Durden <camera_lumina@hotmail.com>, cypherpunks@jfet.org Subject: Re: redgene might be gone Date: Mon, 11 Dec 2006 18:29:54 +0100
On Mon, Dec 11, 2006 at 12:11:52PM -0500, Tyler Durden wrote:
Why is it necessary for a Tor node to be identifiable by authorities? Is it possible to disguise it as something else?
If you're renting a colo server with a fixed IP, how would you disguise it as anything, or conceal it as anything else if you never ever even seen the machine in question?
Still no news on the trouble ticket. Either they're swamped, or the server has been really confiscated.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
_________________________________________________________________ Visit MSN Holiday Challenge for your chance to win up to $50,000 in Holiday cash from MSN today! http://www.msnholidaychallenge.com/index.aspx?ocid=tagline&locale=en-us
participants (3)
-
coderman
-
Eugen Leitl
-
Tyler Durden