I'm performing some latency measurements over the Tor network. TO avoid congesting the relays, each run of my test lasts about 15 to 20 minutes, consuming an average bandwidth of 2 kbps.
Because of the way the relay works, my measurements get disrupted because the identity automatically changes every few minutes. I wonder if someone knows how to do these:
Specify the time interval between identity changes. Alternatively, disabling the automatic identity change and allowing me to use vidalia's control panel to change identities manually
Specify an IP address as an exit relay. I edited torrc, setting ExitNodes to an ipaddress, and StrictNode to 1, but after an initial connection to that specific exit relay and 1 http connection to the outside world, no subsequent traffic is routed out of tor.
I unfortunately can't seem to find an answer to my dilemma looking at previous questions. :-/ My setup consists of ubuntu 12.04 lts, installing vidalia and tor using apt-get and firefox connecting to tor using socks via localhost:9050
1) Specify the time interval between identity changes.
Hi Nina, thanks for being careful about the load you put on the network! By default Tor cycles your circuits every ten minutes. You can customize this with the MaxCircuitDirtiness option in your torrc.
2) Specify an IP address as an exit relay.
Tor does not make this particularly easy. Probably the best option would be to extend one of your existing circuits to the desired endpoint. You can do this via stem using the extend_circuit() method.
Related
Question regarding the traffic coming out from the TOR exit node:
I have been reading on a forum of people arguing the capabilities and risks of using TOR network. I have never used TOR before, nor would I have the need to use it, but I still want to know more about it.
I understand TOR uses randomly selected relays for traffic to travel through, but the traffic eventually comes out of an exit node somewhere. I have read that such traffic can be used to trace the user.
What i don't understand is if this traffic can be analysed, wouldn't it just show the requests are coming from the last relay instead of the original IP? Or does it show the entire trail including all the relay nodes that the traffic has passed through?
Say, this traffic can indeed be traced, does using encryption makes any difference? IF i was running an exit node (I'm not, I know the risks) and analyse the exiting traffic that is encrypted, can I still trace the original IP?
What if the user:
*is on open Wifi > connects to it with a laptop with dual NICs > is using live USB OS with say...a squid box as proxy > connects to it with another laptop > > connects to VPN > uses TOR with encryption
Is there a way for a normal user or a researcher, without ample resources like the government/law enforcement has, to still analyse the exiting traffic and trace the original IP?
Thanks in advance.
Since an exit relay is responsible for relaying source traffic out to the internet, if that traffic uses an unencrypted protocol (e.g. http), it can see the contents of that traffic.
For that reason, you shouldn't send sensitive data over Tor unencrypted when possible. The guard (entry), and middle (relay) nodes can't see the actual traffic, only the exit can. Only the guard node can see your true IP address.
The exit (while it can see the actual traffic and the destination) has no way of knowing your IP. If it could, you'd be much less anonymous when using Tor.
The threats here are if an adversary controls many relays. One of the worst case scenarios for being tracked through Tor would be if you selected a circuit where the guard node and exit node were controlled by the same adversary.
In this scenario, they could see your actual source IP address and your exit traffic (if unencrypted) or at the very least the destination for your exit traffic.
The other tricky part is correlating your entry traffic with the exit traffic. Whether or not entry traffic to a relay they control is also related to exit traffic from another relay they control is strictly up to timing and traffic analysis.
To understand more, you first need to understand how Tor works on a basic level, for that see the documentation page and the overview. Then, search for things like "Tor traffic analysis", "Tor traffic fingerprinting", "Tor timing attacks", and "Tor traffic correlation" to understand more and the research being done to defend against it.
More recent versions of Tor have started padding all cells to make smaller and larger traffic indistinguishable from eachother, and much past research has been done into relay selection
to prevent the chances of randomly selecting malicious exits or guards.
Hope that helps.
Some sites require that the same IP address be used for certain requests in order to provide more security. When using Tor 6.5, the IP address is changed for each request. Is it possible to tell Tor, "Prepare to reuse the IP address from which the server will see the next request come so that I can use it when I need to"?
My research indicates that Tor used to change exit nodes every ten minutes, but I guess they figured that they could change it for every request, so now the sites that required the same IP for two operations won't let me do those operations :-(.
I am specifically talking about btc-e.com. Thanks for any advice!
I need to deliver a lot of HTTP content (Lets say it simple - a Big storage with HTTTP Access - Similar to AWS S3)
The Bandwith needed for this excedds the Bandwith of one Server (We get 200MBit each Server and the question is not to change this)
For out Prog we need 1Gbit that woudl mean 5 Servers.
When I connect them togeter with mod_proxy then I have one Server in front which only has 200MBit. So thats not the right way.
But these Servers must be accassible from the Web with one Domain Name. Is there a possibillity to so that? Example: One gets the HTTP Request, but the Resonse comes from a different Server?
DNS Round Robin?
Different Idea?
Thanx
If the outbound network traffic is not CPU limited, you can use this open source Linux Network Balancer
http://lnlb.sourceforge.net/
The inbound network speed will remain at 200MBit, but with five nodes the maximum outbound limit is 5*200MBit.
A lot of people condemn round robin DNS, perhaps assuming that it will take a full TCP timeout to detect all failed node which is simply not the case. Its a simple way to solve the performance problem and improves availability a lot. This also helps to solve the potential bottleneck of your lan without having to go to 10gbit Ethernet which would be a requirement between a router and a load balancer for the rate of traffic you describe.
There may be scope for getting more throughput from your servers and hence only needing 3 or 4 servers rather than 5. But that's a very different question.
I follow the toctrl explain (http://www.thesprawl.org/research/tor-control-protocol/) on how to create really fast one hop circuits , i success to create circuit of one , but i didnt success to use firefox with tor after doing this.
i also try to use in "tor auto circuit project" , but i got error from tor that he didnt able to connect to node (each time different node), so he give up.
i also try to download the tortunnel project , but i didnt success to compile it.
Does any one has experience with this?
Thank you
Tor relays reject single hop circuits unless specifically allowed via the AllowSingleHopExits option in their torrc. Tor is an anonymity network, not a pool of single hop proxies. If you don't care about your anonymity then you should direct your traffic through a shell server somewhere.
While profiling my application I've noticed that in the Firebug Net panel, the "Connecting" time—that is the time waiting for a TCP connection—is consistently around 70–100ms. See image below:
Of course in the grand scheme of things, 100ms is not long, but I have seen other services that respond with 0ms Connect time. So if other servers can, I should be able to as well.
Any thoughts on how I might even beging to troubleshoot this?
I would start with looking to see if iptables is doing anything that may get in the way. Also, if you were working with an ELB load balancer, (or any other load balancing), I'd remove it from the mix and see if you are still having the longer than expected connect time.
You could also separately install lighttpd or Apache and see what happens. If you get a lower connect time, than that would point to your Node.js build. Although not definitively.
I would suggest a simple test to check if this problem is related to your server:
Launch another instance in the same availability zone as your server.
Benchmark your server with Apache Benchmark from the second instance:
ab -c 1 -n 20000 http://<private_server_instance_ip>:<port>/<URL>
It is important to put private IP here, not private or public DNS to sweep aside domain name resolution effects.
Check the average time taken per request: If it will be around 1 ms - the problem described is not of your server.
Benchmarking with FireFox BTW may not be the best idea because the results might depend on a number of circumstances.