LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Incognito (http://www.linuxquestions.org/questions/incognito-85/)
-   -   why TOR seems to work, even only port 23/TCP is open ? (http://www.linuxquestions.org/questions/incognito-85/why-tor-seems-to-work-even-only-port-23-tcp-is-open-776114/)

john99 12-16-2009 10:36 AM

why TOR seems to work, even only port 23/TCP is open ?
 
Hello.


I checked with the following nmap-command what port are open on the GW/firewall:


# nmap domain.name

PORT STATE SERVICE
23/tcp open telnet


My idea was, that TOR requires much more open ports.... Or do I miss something?



Thank's a lot for additional help!

John

centosboy 12-16-2009 10:55 AM

Quote:

Originally Posted by john99 (Post 3793865)
Hello.


I checked with the following nmap-command what port are open on the GW/firewall:


# nmap domain.name

PORT STATE SERVICE
23/tcp open telnet


My idea was, that TOR requires much more open ports.... Or do I miss something?



Thank's a lot for additional help!

John

is it even running??
tor normally runs on port 9050...but this is normally on the localhost rather then a router/gateway.
the idea is that you will forward traffic to localhost:9050 and this in turn connects out to tor hosts:443

john99 12-16-2009 11:55 AM

Quote:

Originally Posted by centosboy (Post 3793896)
is it even running??
tor normally runs on port 9050...but this is normally on the localhost rather then a router/gateway.
the idea is that you will forward traffic to localhost:9050 and this in turn connects out to tor hosts:443


Thank's for the promt reply. Good question! I just started/booted the pc from the Icognito LiveCD and connected a website and - yes that site is shown in the www browser, and the connection is slow.


In TorK -> TorNetwork -> Connections the following connections are displayed:

Source Host/Port
-> www.ibm.com:443
-> stats.surfaid.ihost.com:80
-> www.ibm.com:80
-> data.coremetrics.com:80
-> www.ibm.com:80



Thank's a lot for additional help/informations!


John

centosboy 12-16-2009 12:24 PM

Quote:

Originally Posted by john99 (Post 3793983)
Thank's for the promt reply. Good question! I just started/booted the pc from the Icognito LiveCD and connected a website and - yes that site is shown in the www browser, and the connection is slow.


In TorK -> TorNetwork -> Connections the following connections are displayed:

Source Host/Port
-> www.ibm.com:443
-> stats.surfaid.ihost.com:80
-> www.ibm.com:80
-> data.coremetrics.com:80
-> www.ibm.com:80



Thank's a lot for additional help/informations!


John

yerp - it runs on the local host rather then router/gateway.

Code:

lsof -i TCP | grep 9050
and yes, tor connections are slower because your traffic is going to be routed via a number of hosts over https port

john99 12-17-2009 12:15 PM

Quote:

Originally Posted by centosboy (Post 3794025)
Code:

lsof -i TCP | grep 9050

bash: lsof: command not found

Quote:

Originally Posted by centosboy (Post 3794025)
yerp - it runs on the local host rather then router/gateway.

What does that mean for me?

Thank you!

John

repo 12-17-2009 12:17 PM

Quote:

bash: lsof: command not found
Code:

apt-get install lsof

centosboy 12-18-2009 04:02 AM

Quote:

Originally Posted by john99 (Post 3795683)
bash: lsof: command not found



What does that mean for me?

Thank you!

John

basically lsof just to show the port tor is running on on your local machine.

localmachine listens on 9050.
say for example my company had blocked outgoing connections to msn port 1863, i could configure msn settings to point via a proxy on port 9050 of localhost.

so my outgoing msn connections would work like this
Code:


msnclient -> localhost:9050 -> tornode1:443 -> tornode2:443 -> tornode3:443 -> msnserver:1863

this is why it is slower...now, if you have configured yourself to be a node, then you would have to open ports on your router/gateway and map to your local machine. if you havent done that, tor will still work, but you cant be used as a node. that is other tor users cant use your machine as a gateway.

john99 12-18-2009 10:29 AM

Quote:

Originally Posted by centosboy (Post 3796460)

msnclient -> localhost:9050 -> tornode1:443 -> tornode2:443 -> tornode3:443 -> msnserver:1863
[/code]

this is why it is slower...now, if you have configured yourself to be a node, then you would have to open ports on your router/gateway and map to your local machine. if you havent done that, tor will still work, but you cant be used as a node. that is other tor users cant use your machine as a gateway.

Thank's a lot for the clrifications. I need to become first more familiar with Icognito and TOR before I am going to tweak it :-)



In TorK -> Tor Log there are somestrange log entries:

Time---------------->Severity---------->Summary
2009-12-17 17:10--->Tork------------->(1 of 1) Are you sure your privacy proxy is running?
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Unkfnow option '_ReloadTorrrc0
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Must set TunnelDirConns if Prefer
2009-12-17 17:10--->WARN------------->(1 of 1) Closing no-longer-configured OR listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing no-longer-configured Directory listener on 0.0.0.0:9030
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old OR Listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old Directory Listener on 0.0.0.0:9030
2009-12-17 17:10--->TorK------------->(1 of 1) Your Broadband Router My Not Be Plug 'n Playable!
2009-12-17 17:10--->TorK------------->(1 of 1) Your Traffic CAN Be Eavesdropped!


Why all those messages? Because only TCP port 23 is open? I just booted my PC from the Icognito LiveCD and hoped to be be protected :-(


Thank's a lot for any additional informations!

John

repo 12-18-2009 11:08 AM

You can use torify
Code:

torify pidgin
see man torify

Quote:

torify is a simple wrapper that calls tsocks with a tor specific configuration file.

anonym 12-19-2009 01:36 PM

There's a bit of confusion here. I'll cover them one by one:

Quote:

Originally Posted by john99 (Post 3793865)
I checked with the following nmap-command what port are open on the GW/firewall:

# nmap domain.name
PORT STATE SERVICE
23/tcp open telnet

My idea was, that TOR requires much more open ports.... Or do I miss something?

Sure, Tor must be able to communicate with the Tor network, so outgoing connections to these servers must be allowed. TorStatus allows you to see which ports people use on their routers (ORPort) and directories (DirPort). But the key thing to understand is that we're talking about outgoing connections -- you can block all incomming connections (i.e. no port is open) and Tor will still work (thanks to NAT) if the putgoing connections are not blocker by the firewall.

It should be noted that on most networks, outgoing connections are allowed on all ports. Unless you're on a locked-down corporate network or have locked it down yourself you're unlikely to get problems with Tor this way.


Quote:

Originally Posted by john99 (Post 3796871)
Thank's a lot for the clrifications. I need to become first more familiar with Icognito and TOR before I am going to tweak it :-)

If you want maximum anonymity, don't "tweak" Tor -- anything that makes you client behave differently than others will make you easier to distinguish from the rest.


Quote:

Originally Posted by john99 (Post 3796871)
In TorK -> Tor Log there are somestrange log entries:

Time---------------->Severity---------->Summary
2009-12-17 17:10--->Tork------------->(1 of 1) Are you sure your privacy proxy is running?
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Unkfnow option '_ReloadTorrrc0
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Must set TunnelDirConns if Prefer
2009-12-17 17:10--->WARN------------->(1 of 1) Closing no-longer-configured OR listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing no-longer-configured Directory listener on 0.0.0.0:9030
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old OR Listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old Directory Listener on 0.0.0.0:9030
2009-12-17 17:10--->TorK------------->(1 of 1) Your Broadband Router My Not Be Plug 'n Playable!
2009-12-17 17:10--->TorK------------->(1 of 1) Your Traffic CAN Be Eavesdropped!


Why all those messages? Because only TCP port 23 is open? I just booted my PC from the Icognito LiveCD and hoped to be be protected :-(

There's nothing very weird in that log. If you're worried about the "Your Traffic CAN Be Eavesdropped!" thing there's not much to be done about it except using encryption whenever possible. It's a basic fact of how Tor works that everything you send through it will be readable by the exit node (unless it is encrypted).

Quote:

Originally Posted by repo (Post 3796924)
You can use torify
Code:

torify pidgin
see man torify

This is not necessarcy in Incognito since all connections are transparently sent through Tor.

john99 01-06-2010 12:50 AM

Quote:

Originally Posted by anonym (Post 3798173)

Sure, Tor must be able to communicate with the Tor network, so outgoing connections to these servers must be allowed. TorStatus allows you to see which ports people use on their routers (ORPort) and directories (DirPort). But the key thing to understand is that we're talking about outgoing connections -- you can block all incomming connections (i.e. no port is open) and Tor will still work (thanks to NAT) if the putgoing connections are not blocker by the firewall.


Thank's a lot for the clarifications :-) But now I do have an addtional question:

On TorStatus the ORPorts and DirPorts of the different Tor routers are shown.
Does that mean, if my server circuit does consist on abc-server(ORPort 443/DirPort9030) and def-server(ORPort 9001/DirPort9030)and ghi-server(ORPort 442/DirPort9030), my firewall/gateway should allow outgoing tcp connections to at least these 6 tcp ports?



Thank's a lot for any additional clarification!

John


PS
I do understand, that it would be better to allow outgoing connections to/on all tcp-ports :-)

anonym 01-07-2010 07:16 AM

Quote:

Originally Posted by john99 (Post 3815799)
On TorStatus the ORPorts and DirPorts of the different Tor routers are shown.
Does that mean, if my server circuit does consist on abc-server(ORPort 443/DirPort9030) and def-server(ORPort 9001/DirPort9030)and ghi-server(ORPort 442/DirPort9030), my firewall/gateway should allow outgoing tcp connections to at least these 6 tcp ports?

For every router you want to use as the first hop (or directory) you need the respective ORPort:s (or DirPort) open for outgoing connections -- all subsequent hops in the circuits will be done by the first hop router so your computer doesn't do that connection. As such, if you restrict which ports can be directly connected to from your computer you restrict the number of choices for the first hop in your circuit (and directory servers), which hurts your anonymity proportionally to the chunk of the network that's unreachable. Performance might also be hurt to some degree unless you add "reachableaddresses *:443 *:9001 ..." for each open port in your torrc, thus telling Tor which ports can be used (otherwise it will try to use unreachable nodes and it takes some time for it to detect that they cannot be used).

The way I see it, outbound port filtering is basically useless and certainly shouldn't be considered as a security measure. So unless you don't have control over your firewall (i.e. if you're on a locked-down coproprate network or something) I recommend you do allow all outbound traffic.


All times are GMT -5. The time now is 01:38 PM.