Re: Extremely odd thing with Giganews DMCA?

From: roadburner (roadburner^at^comcast^dot^net)
Date: 09/19/05

  • Next message: David H. Lipman: "Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
    Date: Mon, 19 Sep 2005 17:10:08 -0400
    
    

    On Mon, 19 Sep 2005 20:40:52 GMT, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    >From: "roadburner" <roadburner^at^comcast^dot^net>
    >
    >
    >|
    >| I thought of that one to ask him. He will double check it. He thinks not
    >| because only a very short time elapsed between him blocking and testing. The
    >| site would had have to go offline for a bit to get assigned a new address.
    >|
    >| I registered a new domain with DyDNS and subscribed to the service. Though my
    >| IP has stayed fixed for the 1 1/2 years I have had cable, who knows. There was
    >| nothing in writing that said I would have a fixed IP.
    >|
    >| I should have added that I am a bit of a privacy buff. The new PC will be
    >| dedicated to running a Tor node. Likewise, type 1 and 2 remailers. That was
    >| why I was running Mercury. As I think about it more, I had port forwarded 25
    >| for Mercury mail and 9001 and 9030 for the Tor node in the Netgear router.
    >|
    >| I had the Tor node setup on my primary computer at 198.168.0.2. The primary
    >| computer has a Symatecs firewall which only allowed connection through 9001
    >| and 9030 to Tor at 198.168.0.2.
    >|
    >| When I reconfigured the network, I set the new PC as 198.168.0.2, the primary
    >| as 3, and the laptop as 4. I had not installed a software firewall yet.
    >|
    >| Possible I could have left myself open for an attack through those ports. In
    >| the little over a month I had been operating a Tor node, the firewall logs
    >| showed the Tor ports came under attack. The firewall was configured to
    >| automatically close connections on a persistent attack which the logs show it
    >| did on 3 occasions. All Tor nodes, their IPs and their open Dirports and
    >| Orports are shown at: http://tinyurl.com/898o9
    >|
    >| Now I am wondering if I got "hacked" into. Possibility I guess.
    >|
    >| Very nice of you to take the time to write the scanning tool. I'll put it to
    >| use.
    >|
    >| Regards,
    >| roadburner
    >
    >I looked at that log but I couldn't gleam anything from it.
    >
    >Posting the URL of that log in a FireWall News Group may be helpful.

    It is not a log but a listing of active Tor nodes. For instance:

    router rfc1149 81.56.47.149 9001 0 9030

    Router name: rfc1149
    IP address: 81.56.47.149
    Open Tor ports: 9001 & 9030

    Basically, when we run a Tor node, we tell the world our IPs and which ports
    we have open for Tor connections. The rest are our keys, used by other nodes,
    and what IP addresses and ports are open or blocked by our Exit Policies.

    For instance if you were surfing the net through Tor and Privoxy, the IP
    address that shows up at the site you visit would be one of ours. Tor was
    first developed by the US Navy. Now it is sponsored by the EEF. The US
    security agencies are known to use our network nodes to disguise their own IPs
    when they visit certain questionable websites or chat in some chatroom.
    Basically, it is a free privacy service with volunteer operators and open to
    anyone. There are about 250 operators worldwide and an estimated 10,000 users
    of the service.

    I think what I'll do at this point is just reformat and reinstall the OS. It
    will probably take less time. Like I mentioned, I only have a few programs on
    it that can easily be re-installed. Since I won't be using that PC for
    anything else, I'll lock it down tighter than a drum.

    Fortunately, I had nothing on it yet, like my PGP Keyrings or Tor secret keys.
    I was just in the process of setting it up so everything else resides on a USB
    stick (in my shirt pocket) right now. Happy I didn't finish it without the
    firewall.

    Because of the sensitive nature of encryption keys, I think I'll just be safe
    rather than take a chance. I'll set it all up while disconnected from the
    Internet.

    Thanks for everything, you have been most helpful.

    My warmest regards,
    roadburner


  • Next message: David H. Lipman: "Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""

    Relevant Pages

    • Re: Tor proxy
      ... Tor will make all its OR connections through this host:port (or ... only allows connecting to certain ports. ... Tor will only create outgoing connections to ORs running on ports ... that your firewall allows ...
      (alt.privacy)
    • Re: MAC address spoofing.
      ... ISP can get your MAC address and use that to identify you, ... using their own MAC/IP so using things like Tor or SSH tunnels hide both. ... with the last tor node - the users MAC address (whether changed or not and ... means that the last Tor node queries its DNS so your IP is not quering ...
      (alt.privacy)
    • Re: [opensuse] Re: How to enable Tor in firewall for tor relaying?
      ... ALLOW [do one for each of the ports you're expecting). ... the config parameters for handling such things in iptables right now. ... Tor works perfect as client. ... Tor works perfect for relaying if firewall is down. ...
      (SuSE)
    • [opensuse] How to enable Tor in firewall for tor relaying?
      ... Tor works perfect for relaying if firewall is down. ... cannot find UPnP devices ... and entered 3 ports: ...
      (SuSE)
    • [opensuse] Re: How to enable Tor in firewall for tor relaying?
      ... Tor works perfect for relaying if firewall is down. ... cannot find UPnP devices ... and entered 3 ports: ...
      (SuSE)