why TOR seems to work, even only port 23/TCP is open ?
IncognitoThis forum is for the discussion of Incognito Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I checked with the following nmap-command what port are open on the GW/firewall:
# nmap domain.name
PORT STATE SERVICE
23/tcp open telnet
My idea was, that TOR requires much more open ports.... Or do I miss something?
Thank's a lot for additional help!
John
is it even running??
tor normally runs on port 9050...but this is normally on the localhost rather then a router/gateway.
the idea is that you will forward traffic to localhost:9050 and this in turn connects out to tor hosts:443
is it even running??
tor normally runs on port 9050...but this is normally on the localhost rather then a router/gateway.
the idea is that you will forward traffic to localhost:9050 and this in turn connects out to tor hosts:443
Thank's for the promt reply. Good question! I just started/booted the pc from the Icognito LiveCD and connected a website and - yes that site is shown in the www browser, and the connection is slow.
In TorK -> TorNetwork -> Connections the following connections are displayed:
Thank's for the promt reply. Good question! I just started/booted the pc from the Icognito LiveCD and connected a website and - yes that site is shown in the www browser, and the connection is slow.
In TorK -> TorNetwork -> Connections the following connections are displayed:
basically lsof just to show the port tor is running on on your local machine.
localmachine listens on 9050.
say for example my company had blocked outgoing connections to msn port 1863, i could configure msn settings to point via a proxy on port 9050 of localhost.
so my outgoing msn connections would work like this
this is why it is slower...now, if you have configured yourself to be a node, then you would have to open ports on your router/gateway and map to your local machine. if you havent done that, tor will still work, but you cant be used as a node. that is other tor users cant use your machine as a gateway.
this is why it is slower...now, if you have configured yourself to be a node, then you would have to open ports on your router/gateway and map to your local machine. if you havent done that, tor will still work, but you cant be used as a node. that is other tor users cant use your machine as a gateway.
Thank's a lot for the clrifications. I need to become first more familiar with Icognito and TOR before I am going to tweak it :-)
In TorK -> Tor Log there are somestrange log entries:
Time---------------->Severity---------->Summary
2009-12-17 17:10--->Tork------------->(1 of 1) Are you sure your privacy proxy is running?
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Unkfnow option '_ReloadTorrrc0
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Must set TunnelDirConns if Prefer
2009-12-17 17:10--->WARN------------->(1 of 1) Closing no-longer-configured OR listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing no-longer-configured Directory listener on 0.0.0.0:9030
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old OR Listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old Directory Listener on 0.0.0.0:9030
2009-12-17 17:10--->TorK------------->(1 of 1) Your Broadband Router My Not Be Plug 'n Playable!
2009-12-17 17:10--->TorK------------->(1 of 1) Your Traffic CAN Be Eavesdropped!
Why all those messages? Because only TCP port 23 is open? I just booted my PC from the Icognito LiveCD and hoped to be be protected :-(
There's a bit of confusion here. I'll cover them one by one:
Quote:
Originally Posted by john99
I checked with the following nmap-command what port are open on the GW/firewall:
# nmap domain.name
PORT STATE SERVICE
23/tcp open telnet
My idea was, that TOR requires much more open ports.... Or do I miss something?
Sure, Tor must be able to communicate with the Tor network, so outgoing connections to these servers must be allowed. TorStatus allows you to see which ports people use on their routers (ORPort) and directories (DirPort). But the key thing to understand is that we're talking about outgoing connections -- you can block all incomming connections (i.e. no port is open) and Tor will still work (thanks to NAT) if the putgoing connections are not blocker by the firewall.
It should be noted that on most networks, outgoing connections are allowed on all ports. Unless you're on a locked-down corporate network or have locked it down yourself you're unlikely to get problems with Tor this way.
Quote:
Originally Posted by john99
Thank's a lot for the clrifications. I need to become first more familiar with Icognito and TOR before I am going to tweak it :-)
If you want maximum anonymity, don't "tweak" Tor -- anything that makes you client behave differently than others will make you easier to distinguish from the rest.
Quote:
Originally Posted by john99
In TorK -> Tor Log there are somestrange log entries:
Time---------------->Severity---------->Summary
2009-12-17 17:10--->Tork------------->(1 of 1) Are you sure your privacy proxy is running?
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Unkfnow option '_ReloadTorrrc0
2009-12-17 17:10--->WARN------------->(1 of 1) Controller gave us config lines that didn't validate: Must set TunnelDirConns if Prefer
2009-12-17 17:10--->WARN------------->(1 of 1) Closing no-longer-configured OR listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing no-longer-configured Directory listener on 0.0.0.0:9030
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old OR Listener on 0.0.0.0:9001
2009-12-17 17:10--->NOTICE------------->(1 of 1) Closing old Directory Listener on 0.0.0.0:9030
2009-12-17 17:10--->TorK------------->(1 of 1) Your Broadband Router My Not Be Plug 'n Playable!
2009-12-17 17:10--->TorK------------->(1 of 1) Your Traffic CAN Be Eavesdropped!
Why all those messages? Because only TCP port 23 is open? I just booted my PC from the Icognito LiveCD and hoped to be be protected :-(
There's nothing very weird in that log. If you're worried about the "Your Traffic CAN Be Eavesdropped!" thing there's not much to be done about it except using encryption whenever possible. It's a basic fact of how Tor works that everything you send through it will be readable by the exit node (unless it is encrypted).
Quote:
Originally Posted by repo
You can use torify
Code:
torify pidgin
see man torify
This is not necessarcy in Incognito since all connections are transparently sent through Tor.
Sure, Tor must be able to communicate with the Tor network, so outgoing connections to these servers must be allowed. TorStatus allows you to see which ports people use on their routers (ORPort) and directories (DirPort). But the key thing to understand is that we're talking about outgoing connections -- you can block all incomming connections (i.e. no port is open) and Tor will still work (thanks to NAT) if the putgoing connections are not blocker by the firewall.
Thank's a lot for the clarifications :-) But now I do have an addtional question:
On TorStatus the ORPorts and DirPorts of the different Tor routers are shown.
Does that mean, if my server circuit does consist on abc-server(ORPort 443/DirPort9030) and def-server(ORPort 9001/DirPort9030)and ghi-server(ORPort 442/DirPort9030), my firewall/gateway should allow outgoing tcp connections to at least these 6 tcp ports?
Thank's a lot for any additional clarification!
John
PS
I do understand, that it would be better to allow outgoing connections to/on all tcp-ports :-)
On TorStatus the ORPorts and DirPorts of the different Tor routers are shown.
Does that mean, if my server circuit does consist on abc-server(ORPort 443/DirPort9030) and def-server(ORPort 9001/DirPort9030)and ghi-server(ORPort 442/DirPort9030), my firewall/gateway should allow outgoing tcp connections to at least these 6 tcp ports?
For every router you want to use as the first hop (or directory) you need the respective ORPort:s (or DirPort) open for outgoing connections -- all subsequent hops in the circuits will be done by the first hop router so your computer doesn't do that connection. As such, if you restrict which ports can be directly connected to from your computer you restrict the number of choices for the first hop in your circuit (and directory servers), which hurts your anonymity proportionally to the chunk of the network that's unreachable. Performance might also be hurt to some degree unless you add "reachableaddresses *:443 *:9001 ..." for each open port in your torrc, thus telling Tor which ports can be used (otherwise it will try to use unreachable nodes and it takes some time for it to detect that they cannot be used).
The way I see it, outbound port filtering is basically useless and certainly shouldn't be considered as a security measure. So unless you don't have control over your firewall (i.e. if you're on a locked-down coproprate network or something) I recommend you do allow all outbound traffic.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.