On Thu, May 10, 2012 at 03:08:31PM -0400, Matthew Kaufman wrote:
> Why can't there be some manner of anonymity such as remote VNCing to a
> remote computer (say a web server desktop on Gnome running on an Amazon AWS
> cloud)...
>
> This way your true identity is an Amazon AWS cloud IP and say you
On Fri, May 11, 2012 at 2:36 AM, Joe Btfsplk wrote:
> Isn't this approach very much a double edged sword? From the link:
>>
>> However, we recommend that even users who know how to use NoScript leave
>> JavaScript enabled if possible, because a website or exit node can easily
>> distinguish users
> On Thu, May 10, 2012 at 10:11:06PM -0400, johnmurphy...@safe-mail.net wrote:
> > IN= OUT=eth0 SRC=192.168.178.50 DST=some-target LEN=40 TOS=0x00 PREC=0x00
> > TTL=64 ID=0 DF PROTO=TCP SPT=50447 DPT=443 WINDOW=1002 RES=0x00 ACK URGP=0
> >
> > This packet is https, most likely generated by my fir
On 5/11/2012 7:21 AM, Maxim Kammerer wrote:
On Fri, May 11, 2012 at 2:36 AM, Joe Btfsplk wrote:
Isn't this approach very much a double edged sword? From the link:
However, we recommend that even users who know how to use NoScript leave
JavaScript enabled if possible, because a website or ex
Hey guys,
I used an iptables ruleset (Ubuntu) based on the sample ruleset from
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy, Section
Linux, Local Redirection Through Tor, to set up Tor as a transparent Proxy.
I thought I had understood that ruleset, but theres one point I
thanks jacob do you know a good way to do this?
--
Jerzy Łogiewa -- jerz...@interia.eu
On May 9, 2012, at 4:10 PM, Jacob Appelbaum wrote:
> Don't forget to ensure that Apache doesn't do DNS lookups for visiting
> hosts. Also, I'd probably just jail the apache or whatever user to
> ensure it drop
On Thu, May 10, 2012 at 8:52 PM, Marsh Ray wrote:
> ...
>> How is it possible for a packet not to have an associated uid?
>...
> I'm not a netfilter expert, but it looks this is a pure TCP ACK packet. With
> LEN=40 there's no application data in it. It may have been auto-generated by
> the kernel
On Fri, May 11, 2012 at 11:13 AM, John Donoe wrote:
> ...
> I thought I had understood that ruleset, but theres one point I simply dont
> get: That TCP segments are only redirected to the port Tor listens on when
> the SYN flag is set.
connection tracking (conntrack) works on new streams; when
On 05/11/2012 07:43 PM, coderman wrote:
> On Thu, May 10, 2012 at 8:52 PM, Marsh Ray wrote:
>> ...
>>> How is it possible for a packet not to have an associated uid?
>> ...
>> I'm not a netfilter expert, but it looks this is a pure TCP ACK packet. With
>> LEN=40 there's no application data in it.
> On 05/11/2012 07:43 PM, coderman wrote:
> > On Thu, May 10, 2012 at 8:52 PM, Marsh Ray wrote:
> >> ...
> >>> How is it possible for a packet not to have an associated uid?
> >> ...
> >> I'm not a netfilter expert, but it looks this is a pure TCP ACK packet.
> >> With
> >> LEN=40 there's no appl
On Fri, May 11, 2012 at 7:52 PM, Jacob Appelbaum wrote:
>...
> If this is actually the case, I'd say that this is a kernel bug. :(
some would call it a kernel "feature" to conserve memory space already
wasted on TIME_WAIT. not everything is designed around your
particular use case. (it is not un
On 05/11/2012 11:09 PM, coderman wrote:
> On Fri, May 11, 2012 at 7:52 PM, Jacob Appelbaum wrote:
>> ...
>> If this is actually the case, I'd say that this is a kernel bug. :(
>
> some would call it a kernel "feature" to conserve memory space already
> wasted on TIME_WAIT. not everything is desi
On 05/11/2012 11:01 PM, johnmurphy...@safe-mail.net wrote:
>> On 05/11/2012 07:43 PM, coderman wrote:
>>> On Thu, May 10, 2012 at 8:52 PM, Marsh Ray wrote:
...
> How is it possible for a packet not to have an associated uid?
...
I'm not a netfilter expert, but it looks this is a
On Fri, May 11, 2012 at 8:01 PM, wrote:
> How do I disable time wait?
actually not straight forward. depending on kernel, first try:
echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
some other settings to aggressively prune lingering kernel states:
echo 2 > /proc/sys/net/ipv4/tcp_fin_timeout (or 1)
> echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
not the right option; this is different, and to avoid an issue with time wait.
the feature i'm thinking of is time-wait negotiation, which can be
tweaked to always put this state on the peer (or fail if not
available).
last time i messed with this is wa
15 matches
Mail list logo
