headers
Michael | 1 Jul 2009 01:59

Re: Suggested IT Text... Edit or destroy as fitting.

Bill Weiss wrote:
> Michael(cozzi <at> cozziconsulting.com) <at> Fri, Jun 26, 2009 at 11:44:03AM -0400:
>   
>
> Similar to all of these:
>
>  * To troubleshoot connectivity problems from the outside of their network
>    (i.e. to see what parts of the internet can or can't see their site).
>   

    Hi Bill,

    I like it.

    By using "ExitNodes" and "StrictExitNodes" you could specify which 
exit relay you would use for testing.

    Excellent- I hadn't thought of that.

    Michael
Permalink | Reply | 0 comments |
headers
Edward Langenback | 1 Jul 2009 02:09
Gravatar

Re: Obfuscated URLs?


Max wrote:
> already in here:
> http://offsystem.sf.net <http://offsystem.sf.net/>

I've had a look at OFF system and I think I'd rather stick with Freenet
for such purposes.

> On Tue, Jun 30, 2009 at 8:47 PM, Martin Fick <mogulguy <at> yahoo.com
> <mailto:mogulguy <at> yahoo.com>> wrote:
> 
> 
>     Obfuscated URL Paths?
> 
>     Would it be possible to create a URL or some longer string that
>     describes a hidden path through the tor network to a specific
>     hidden URL and to implement a routing mechanism to access
>     documents (files) using this "Obfuscated URL"?
> 
>     I am fully aware of hidden services, and I am suggesting something
>     that I think is quite different.  I am suggesting a way to point
>     someone to a file on the normal non-hidden internet without
>     telling them where I am pointing to!
> 
>     I envision an onion encrypted URL along with the exact path through
>     tor (the three hops) also onion encrypted.  This would be similar
>     to the way a client normally wraps requests through tor, but the
>     wrapping would happen up front and then the wrapper would become
>     the "Obfuscated URL" which could be handed off to someone else
>     obfuscating both the path through tor and the final destination to
(Continue reading)

Permalink | Reply | 0 comments |
headers
Freemor | 1 Jul 2009 02:52
Face
Picon
Gravatar

Re: Obfuscated URLs?

On Tue, 30 Jun 2009 13:34:45 -0700 (PDT)
Martin Fick <mogulguy <at> yahoo.com> wrote:

> In my scenario, the point of hard coding the path is to 
> obfuscate the final URL, how could this be done 
> differently?  In this scenario, it requires all 3 nodes 
> to decrypt the final URL, one node by itself cannot, 
> this should provide the same protection that you get
> today by surfing with tor, should it not?

It should. But hidden services provide this functionality already. I do
understand the potential difficulties in setting up a hidden service.
But I think it would be easier to automate this aspect of Tor then to
write a new protocol. (some more thoughts on this below)

 
> I don't see why this is more open to abuse than the
> general tor network, could you explain your reasoning?

Agreed.. I'm a security minded IT guy and since drive-by-downloads are
the top vector for computer infection any time I hear "obvascated URL"
and "Untraceable" in the same paragraph the is a knee jerk reaction to
see the security implications.

> 
> As for use cases, I envision that as a simple whistle 
> blower or reporter, I would post my content on various 
[snip]

OK I now have a clearer idea of what you are wanting to do:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kyle Williams | 1 Jul 2009 03:09
Picon

FYI: router BillyGoat is offline

So some ass thought it would be great to spam from my node, because today I got a complaint about abuse.


The node "BillyGoat" (FP: 12b9b187422b2a7752f861aa0b86e4d99fa88dc0) has been taken offline because of this.  I'm not going to argue with my hosting company as they support my websites, and I like having them.  I gave them the informational lecture about Tor and how it helps people, but they only care about the abuse.  Further more, the people on the other end of the phone don't seem like the sharpest tool in the shed.  This is the second time this has happened within a week of firing up a Tor server, and now I remember why I do not like running a exit node.

Consider this just a FYI, router BillyGoat is down and will not be back online.


Best regards,

Kyle

Permalink | Reply | 11 comments |
headers
John Brooks | 1 Jul 2009 03:22

Re: FYI: router BillyGoat is offline

Unfortunately some ISPs just aren't willing to deal with the issues;
that's how it works. You could always run a non-exit relay if you wish
to, since they'll pretty much never have abuse complaints
(theoretically, you could receive complaints related to an end user
connecting to you, but that's quite unlikely). It's basically
impossible to run an exit node with an ISP that doesn't understand tor
or isn't willing to stand up for you in the instance of abuse
complaints; i've got an informal relationship with mine where all
abuse complaints are forwarded (as per their policy) and I reply to
them and the original sender with a template letter about Tor. I've
never had anything go beyond the first mailing, and never a complaint
from the ISP.

Anyway, rambling aside, if you wish to keep contributing, consider a
non-exit node (ExitPolicy reject *:*); other than the bandwidth, your
ISP would have no reason to complain about that.

  - John Brooks

On Tue, Jun 30, 2009 at 7:09 PM, Kyle Williams<kyle.kwilliams <at> gmail.com> wrote:
> So some ass thought it would be great to spam from my node, because today I
> got a complaint about abuse.
>
> The node "BillyGoat" (FP: 12b9b187422b2a7752f861aa0b86e4d99fa88dc0) has been
> taken offline because of this.  I'm not going to argue with my hosting
> company as they support my websites, and I like having them.  I gave them
> the informational lecture about Tor and how it helps people, but they only
> care about the abuse.  Further more, the people on the other end of the
> phone don't seem like the sharpest tool in the shed.  This is the second
> time this has happened within a week of firing up a Tor server, and now I
> remember why I do not like running a exit node.
> Consider this just a FYI, router BillyGoat is down and will not be back
> online.
>
> Best regards,
> Kyle
Permalink | Reply | 0 comments |
headers
Michael | 1 Jul 2009 03:21

Re: FYI: router BillyGoat is offline

Kyle Williams wrote:
> So some ass thought it would be great to spam from my node, because 
> today I got a complaint about abuse.
>
>
> The node "BillyGoat" (FP: 12b9b187422b2a7752f861aa0b86e4d99fa88dc0) 
> has been taken offline because of this.  I'm not going to argue with 
> my hosting company as they support my websites, and I like having 
> them.  I gave them the informational lecture about Tor and how it 
> helps people, but they only care about the abuse.  Further more, the 
> people on the other end of the phone don't seem like the sharpest tool 
> in the shed.  This is the second time this has happened within a week 
> of firing up a Tor server, and now I remember why I do not like 
> running a exit node.
>
> Consider this just a FYI, router BillyGoat is down and will not be 
> back online.
>
>
> Best regards,
>
> Kyle

    Kyle,

    Just from an informational standpoint, what were your exit policies?

    Michael
Permalink | Reply | 9 comments |
headers
Kyle Williams | 1 Jul 2009 03:30
Picon

Re: FYI: router BillyGoat is offline

On Tue, Jun 30, 2009 at 6:21 PM, Michael <cozzi <at> cozziconsulting.com> wrote:
Kyle Williams wrote:
So some ass thought it would be great to spam from my node, because today I got a complaint about abuse.


The node "BillyGoat" (FP: 12b9b187422b2a7752f861aa0b86e4d99fa88dc0) has been taken offline because of this.  I'm not going to argue with my hosting company as they support my websites, and I like having them.  I gave them the informational lecture about Tor and how it helps people, but they only care about the abuse.  Further more, the people on the other end of the phone don't seem like the sharpest tool in the shed.  This is the second time this has happened within a week of firing up a Tor server, and now I remember why I do not like running a exit node.

Consider this just a FYI, router BillyGoat is down and will not be back online.


Best regards,

Kyle

  Kyle,

  Just from an informational standpoint, what were your exit policies?

  Michael

reject 0.0.0.0/8:*
reject 169.254.0.0/16:*
reject 127.0.0.0/8:*
reject 192.168.0.0/16:*
reject 10.0.0.0/8:*
reject 172.16.0.0/12:*
reject 66.109.20.52:*
accept *:80
accept *:443
accept *:43
reject *:*



Permalink | Reply | 8 comments |
headers
Michael | 1 Jul 2009 03:37

Re: FYI: router BillyGoat is offline

Kyle Williams wrote:
> reject 0.0.0.0/8:* <http://0.0.0.0/8:*>
> reject 169.254.0.0/16:* <http://169.254.0.0/16:*>
> reject 127.0.0.0/8:* <http://127.0.0.0/8:*>
> reject 192.168.0.0/16:* <http://192.168.0.0/16:*>
> reject 10.0.0.0/8:* <http://10.0.0.0/8:*>
> reject 172.16.0.0/12:* <http://172.16.0.0/12:*>
> reject 66.109.20.52:*
> accept *:80
> accept *:443
> accept *:43
> reject *:*

    Kyle,

    One more question if you would indulge my curiosity. What service 
was the course of the "spam"?

    Michael
Permalink | Reply | 7 comments |
headers
Michael | 1 Jul 2009 03:47

Re: FYI: router BillyGoat is offline

Michael wrote:
> Kyle Williams wrote:
>> reject 0.0.0.0/8:* <http://0.0.0.0/8:*>
>> reject 169.254.0.0/16:* <http://169.254.0.0/16:*>
>> reject 127.0.0.0/8:* <http://127.0.0.0/8:*>
>> reject 192.168.0.0/16:* <http://192.168.0.0/16:*>
>> reject 10.0.0.0/8:* <http://10.0.0.0/8:*>
>> reject 172.16.0.0/12:* <http://172.16.0.0/12:*>
>> reject 66.109.20.52:*
>> accept *:80
>> accept *:443
>> accept *:43
>> reject *:*
>
>    Kyle,
>
>    One more question if you would indulge my curiosity. What service 
> was the course of the "spam"?
>
>    Michael

    I'm replying to my own post because my comment makes me look like a 
moron.

    I was wondering if the complaint was about abuse of whois servers or 
web based services.

    Michael
Permalink | Reply | 5 comments |
headers
Kyle Williams | 1 Jul 2009 03:43
Picon

Re: FYI: router BillyGoat is offline



On Tue, Jun 30, 2009 at 6:37 PM, Michael <cozzi <at> cozziconsulting.com> wrote:
Kyle Williams wrote:
reject 0.0.0.0/8:* <http://0.0.0.0/8:*>
reject 169.254.0.0/16:* <http://169.254.0.0/16:*>
reject 127.0.0.0/8:* <http://127.0.0.0/8:*>
reject 192.168.0.0/16:* <http://192.168.0.0/16:*>
reject 10.0.0.0/8:* <http://10.0.0.0/8:*>
reject 172.16.0.0/12:* <http://172.16.0.0/12:*>

reject 66.109.20.52:*
accept *:80
accept *:443
accept *:43
reject *:*

  Kyle,

  One more question if you would indulge my curiosity. What service was the course of the "spam"?

  Michael

Here's the whole thing.  Don't follow the links in this e-mail, it's not worth your time.


------------------------------------------------------------------------------------------------------------------------------------------------------
From: WebMaster AFBNetwork [mailto:webmaster <at> afbnetwork.com
Sent: Tuesday, June 30, 2009 10:24 AM
To: abuse <at> frienster.comhelp <at> friendster.comevents <at> friendster.com
Cc: abuse <at> 1and1.frabuse <at> gmail.comabuse <at> galaxyvisions.com
Subject: Complaint about spammers
Importance: High

 
Dear Madam, Dear Sir,
 
I am the webmaster of www.afbnetwork.com. My name is Alain Bippus and I also own the said site hosted by 1and1.fr
Due to harassment and spam from some of your members, I would like you to register your following members as "intensive spammers",
both by e-mail and by registering news in our web site:
 

These members of yours are spamming mainly throug email address triarmmex <at> gmail.com 
with "erydranient" as Pseudo. (most probably forger email address).
Their spam actually originate from IP address : 66.109.20.52
This IP address is owned by Galaxyvisions Inc - Domain Name : efnet.net - Registrar : Godaddy.com Inc.
All this spamming is of pornographic type, which is not accepted by us as it is clearly written in the public rules of our site.
 
COPY OF LOGS :
 
1)- Last Access to web site :
 
66.109.20.52 - - [30/Jun/2009:12:48:03 +0200] "GET /poster.php HTTP/1.0" 200 15290 afbnetwork.fr "http://afbnetwork.fr/poster.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC" "-"
66.109.20.52 - - [30/Jun/2009:12:48:12 +0200] "POST /poster.php HTTP/1.0" 200 15481 afbnetwork.fr "http://afbnetwork.fr/poster.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC" "-"
2)- Last Spamming mail :
 
2009-06-30 12:48:12 u39437102 4AgGp3-1MLasm18N1-0001py |< REMOTE=66.109.20.52 SCRIPT=/afbnetworkcom/poster.php -- /usr/sbin/sendmail -t -i
2009-06-30 12:48:12 u39437102 4AgGp3-1MLasm18N1-0001py <= S=cgi-mailer-bounces-148125414 <at> kundenserver.de SZ=2108 D=0 SID=148125414
2009-06-30 12:48:12 u39437102 4AgGp3-1MLasm18N1-0001py => webmaster <at> afbnetwork.com msmtp.kundenserver.de[172.19.35.7] 250 Message 0MKv1o-1MLasm1cJb-000cNe accepted bymreu1.kundenserver.de
 
Please note that the .php page of our news service is protected by program against news messages containing the word "frienster" in insensitive case,
but despite this, those news messages still succeed to reach in our base. It means that the spammers must be using some robot or program in order to short-circuit the web site control.
 
So, we would like you to investigate the matter and take appropriate action.
 
Thanks in advance.
I am at your disposal at Phone: 0033 (4) 67.23.83.70
Your faithfully,
Alain Bippus,
------------------------------------------------------------------------------------------------------------------------------------------------------

That's all they had to say.  I have not heard back in regards to my reply.

- Kyle
Permalink | Reply | 0 comments |

Gmane