Category Archives: TorProject.org

Ideas to support the Tor Project: Wikipedia IdeaLab proposal

Special thanks to my open-access comrade-in-arms Lane Rasberry.

Lane emailed me this morning asking for my input on a current proposal that’s on Jimmy Wales very own Wikipedia talk page.

After CC’ing Runa Sandvik from the Tor Project to verify the factuality of my feedback for the Wikipedia community, I posted my comments.

The ongoing issue, that Jacob Appelbaum repeatedly vocalizes, is that Tor users, Jacob included, is not able to protect his identity and contribute to the knowledge base that exists on Wikipedia.

Political activists and dissidents create a critical feedback loop into the controversial dialogue that is only made possible through the Internet and social media. Not only are these people self-empowering, they are the ones most likely to seek out the truth.

From Lane:

If you would be willing to write a brief set of proposals about what Wikipedia should do with Tor, then [Lane] would format those with you in the IdeaLab. This is a space where ideas are stored on Wikipedia so that they would always be found if anyone ever wanted them. I think it would be a good idea just to establish the conversation.

https://meta.wikimedia.org/wiki/Grants:IdeaLab

[If] it is of interest to you, I would help you start a proposal, format it properly, publicize it, and if you know anyone in the Tor community that might want to make a grant proposal for funding to establish and document the relationship between Tor and Wikipedia, then I might be able to advise on how to do that also.

This conversation is happening now live and it does have Jimbo Wales’ attention. It would be awesome to get input from established Tor supporters.

If you would like to create a proposal and have the support of a Wikipedia veteran, please contact Lane directly, and ask for other peoples input! I’m also extremely interested in supporting, I just don’t know what an ideal proposal would look like, and I don’t want to speak on behalf of Tor Project.

Thank you!

Advertisements

Malicious events from my Tor Exit Router

Updated Tor Exit Router display page: http://ipv4-tor-exit-1.okfn.us/

New to Tor? Read about it on Wikipedia: http://en.wikipedia.org/wiki/Tor_(anonymity_network)

Earlier this month, my ISP, CondoInternet, called me to inform me of an attack from an IPv4 address belonging to the Tor Exit Router (TER) that I operate. Immediately I was interested because I wanted to verify that the web host was not compromised. Fortunately and unfortunately, since no network traffic is being logged, I wasn’t able to verify any details from a network access perspective. CondoInternet’s NOC was very helpful and understanding, having stated that they are aware of what Tor is, and forwarded me the 4 complaints that they’ve received since I started running the TER over a year ago. Out of curiosity, I asked their NOC if there were any other TERs on their network, and I’m the only one (sad face).

Below are some snippets from emails that CondoInternet’s NOC forwarded me. They stated that they did not want me to contact any of the senders directly, which I’m happy to oblige. The most recent and most serious is first, since prior to this event, CondoInternet hasn’t felt like the malicious activity from the TER has been worth much attention.

Thu, 30 May 2013 16:49:32 -0700

Hello, our company servers were recently hacked by the IP address
216.243.58.198 which is a customer of CondoInternet. We are requesting that
you shut the user in question down and share all subscriber information
with our company for further litigation. Thank you.

Below is a snippet of our logs with further information of the hack.
vb_init.php is a malicious file which was uploaded to our server by the
offender and was used to take control of the server and steal our company
and customer data.

216.243.58.198 - - [27/May/2013:03:33:26 -0500] "POST /x_admin/vb_init.php
HTTP/1.1" 200 7810 "http://www.[removed].com/x_admin/vb_init.php"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
216.243.58.198 - - [27/May/2013:03:33:35 -0500] "POST /x_admin/vb_init.php
HTTP/1.1" 200 8877 "http://www.[removed].com/x_admin/vb_init.php"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
216.243.58.198 - - [27/May/2013:03:33:41 -0500] "POST /x_admin/vb_init.php
HTTP/1.1" 200 4641 "http://www.[removed].com/x_admin/vb_init.php"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
216.243.58.198 - - [27/May/2013:03:34:15 -0500] "POST /x_admin/vb_init.php
HTTP/1.1" 200 22242 "http://www.[removed].com/x_admin/vb_init.php"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
216.243.58.198 - - [27/May/2013:03:37:03 -0500] "POST /x_admin/vb_init.php
HTTP/1.1" 200 8884 "http://www.[removed].com/x_admin/vb_init.php"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
216.243.58.198 - - [27/May/2013:03:37:09 -0500] "POST /x_admin/vb_init.php
HTTP/1.1" 200 10086 "http://www.[removed].com/x_admin/vb_init.php"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"
216.243.58.198 - - [27/May/2013:03:39:48 -0500] "POST /x_admin/vb_init.php
HTTP/1.1" 200 15189 "http://www.[removed].com/x_admin/vb_init.php"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0"

Here are the other three:

Mon, 13 May 2013 08:08:12 -0700

Please remove this script kiddie from your network IP Address:
216.243.58.198.

and

Thu, 25 Apr 2013 04:08:07 -0700

Dear Administrator(s),

We have detected an attack attempt from an IP address of your
responsibility (216.243.58.198) !

Sample:
Timestamp: 2013-04-24 22:55:59 (GMT)
Alert: COSED [CSG-GOP-009] WEB-ATTACK w3af User Agent
Source: 216.243.58.198 (60882)
Destination: [removed] (80)
Content:
GET /modules/istats/not-index.php HTTP/1.1
Host: [removed]
Cookie: PHPSESSID=1edd40fc052372b17b343f9be8203907
Accept-encoding: gzip
Accept: */*
User-agent: w3af.sourceforge.net
Connection: keep-alive

and

Wed, 24 Apr 2013 04:45:01 -0700

Dear Administrator(s),

We have detected an attack attempt from an IP address of your
responsibility (216.243.58.198) !

Sample:
Timestamp: 2013-04-23 14:24:59 (GMT)
Alert: COSED [CSG-GOP-009] WEB-ATTACK w3af User Agent
Source: 216.243.58.198 (38451)
Destination: [removed] (80)
Content:
ndor=exact&mids%5B%5D=2&mids%5B%5D=12&mids%5B%5D=20&mids%5B%5D=21&mids%5B%5
D=22&mids%5B%5D=23 HTTP/1.1
Host: [removed]
Cookie: PHPSESSID=0656e61c0d0780a526ae392dde555bd3
Accept-encoding: gzip
Accept: */*
User-agent: w3af.sourceforge.net
Connection: keep-alive

GET 
/search.php?skipValidationJS=0&action=results&id=bce23d0828f9ddc1c360fefd676
0594a&query=palavra-chave&andor=d%27z%220&mids%5B%5D=2&mids%5B%5D=12&mids%5B
%5D=20&mids%5B%5D=21&mids%5B%5D=22&mids%5B%5D=23 HTTP/1.1

CondoInternet has been an amazing ISP. Recently I upgraded to 1 Gbps, and so far I’ve been peaking at around 9.25 MB/s RX and 9.25 MB/s TX. I expect to have more complaints come in as more traffic passes through my TER.

This TER has processed over 160 Terabytes of Tor traffic. The known malicious events discussed above are mere kilobytes of data being transmitted. Open Knowledge Foundation America will continue to support The Tor Project by donating time (skill) and money (bandwidth). A few “bad apples” are not concerning given the state of the internet–authors and readers of information need trusted tools to remain safe online.

Configuring my Tor Exit Router with IPv6

Recently I upgraded my home internet to 1 Gbps and also requested a static block of IPv6 addresses. It’s hard to believe how many hosts I could support with a /64 block–18,446,744,073,709,551,616 (18 quintillion) unique IPs.

Special shout-out to CondoInternet.net for being such an awesome ISP. With my former 100 Mbps internet line, I transfered over 20 Terabytes a month with this Exit Router and they don’t care. I had emailed them over a year ago asking for their policy or opinion about Tor and they don’t have either, though I did pique the interest of my support representative who kindly responded to my emails.

The following was performed on my recently deployed Ubuntu 13.04 server x64 host.

First I added the following 5 lines to the bottom of my network interfaces config.

sudo vim /etc/network/interfaces
auto eth0
iface eth0 inet static
address 216.243.58.198
netmask 255.255.###.###
gateway 216.243.###.###
broadcast 216.243.###.###
dns-nameservers 8.8.8.8 8.8.4.4
iface eth0 inet6 static
pre-up modprobe ipv6
address 2604:4080:110f:201::9001
netmask 64
gateway 2604:4080:####:###::####

I turned off the IPv6 Privacy Extension, which is on by default in recent versions of Ubuntu, since I’m not worried about my privacy for this static address being compromised by advertisers. However, I’m not sure if this is a necessary step for Tor routing.

sudo vim /etc/sysctl.d/10-ipv6-privacy.conf
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0

I had to update my /etc/tor/torrc file by adding three lines. As the Tor Project guides mention, at this time Tor can only support IPv6 incoming traffic, so I added an ORPort with a static address. Since the Tor Project recommends that Exit Routers that aren’t hosting encrypted web content via port 443 use this port for their ORPort, I changed my IPv4 ORPort to 443 to better support Tor users behind restrictive firewalls. In the future I will likely change my IPv6 ORPort to a similar, more accessible port.

Additionally, I up’d my Relay Bandwidth Rate and Burst caps.

## Configuration file for a typical Tor user
## Last updated 12 September 2012 for Tor 0.2.4.3-alpha.
## (may or may not work for much older or much newer versions of Tor.)

SocksPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor

################ This section is just for relays #####################

ORPort 443
ORPort [2604:4080:110f:201::9001]:9001
ClientUseIPv6 1
ClientPreferIPv6ORPort 1
OutboundBindAddress 216.243.58.198
Nickname YawnboxSeattle
RelayBandwidthRate 16000 KB
RelayBandwidthBurst 20000 KB
ContactInfo Chris Sheats <yawnbox@gmail.com>
DirPort 9030
DirPortFrontPage /var/www/index.html

ExitPolicy accept *:20-23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:119 # accept nntp as well as default exit policy
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:465 # smtps (SMTP over SSL)
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # BitCoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy reject *:*

After updating my UFW (iptables) rules, I rebooted my host and everything works great!

To the EFF: a Tor Challenge proposal

Hello Electronic Frontier Foundation,

In mid 2011, the EFF started a “Tor Challenge” which encouraged more than 500 people to run their own Tor relays.

It was a brilliant way to bring awareness to the project and expand the Tor network. A year later, it seems that 90% of those relays are no longer operational. The Tor Challenge does not seem to be designed for long-term Tor support, which would be ideal. I am writing to you in hopes of re-initiating the Tor Challenge, but also wanting to add some new functionality. I believe that an EFF sponsored program such as the Tor Challenge can be highly successful for two reasons. First, it is a not-for-profit with the ability of collecting tax-deductible donations. Second, it is a legal/rights-oriented organization which can help alleviate the possible perceived worry in regards to running Tor nodes. With the EFF putting its name on this program, it helps remove the possible drama of uneasy emotions while simultaneously promoting a willingness to contribute to the Tor Project.

  1. Lead by example
  2. Create a community
  3. Award the community

# Lead by example

Looking at Torstatus.blutmagie.de, I see two EFF-run Tor relays. I am really happy to see them, but I’m disappointed by how “slow” they are, and the fact that neither of them are Tor exit-routers.

  • observatory5.eff.org [173.236.34.122]
  • tor1.eff.org [64.147.188.11]

In order to make maintaining EFF-run Tor nodes more sustainable, the EFF should make the Tor Challenge into a dedicated program. Not knowing the internals of the EFF, here are some suggestions:

  1. Make the Tor Challenge a formal program within the EFF, even if it is solely supported by new volunteers (like me!).
  2. Re-initiate your social-media and outreach for the program, but also give the program its own home page, as an example, Torchallenge.eff.org.
  3. Expand the bandwidth of your two current Tor nodes (100 Mbps+), but turn at least one of them into a Tor exit-router.
  4. Rename them for self-branding (for example: Exit01.torchallenge.eff.org and Relay01.torchallenge.eff.org)
  5. Allow volunteers of the Tor Challenge to ask for EFF donations, specifically for funding EFF maintained Tor nodes.
  6. The Tor Project currently has a wiki page of Tor-friendly ISPs and hosting companies. Expand their work and actively engage with US-based companies to educate and identify them. This has the added benefit of looking for companies to donate hosting/bandwidth to EFF for the expansion of EFF maintained Tor nodes.

On one of my Tor exit-routers web page,Tor.anon.is, I specify how much traffic the router has processed since its inception. I do this because it enhances my interest for keeping a node online. It is simply amazing to realize how many people I am actually helping through general-quantification. I would encourage the EFF to devise a real-time tool for displaying the same type of information on your relay’s web pages, and to make those tools available to the Tor Challenge community. You might take the opportunity to perform research (simple surveys) to identify why people run Tor nodes. That might also allow you to devise new ways of enhancing the Tor Challenge community for long-term engagement.

# Create a community

Torchallenge.eff.org (example) should be a one-two punch for educating and highlighting the contributions made by the numerous individuals and organizations that run long-term Tor nodes. It might make people feel as though they are part of a greater community. As a Tor exit-router operator, I would feel very alone if for not hanging out in the #Tor IRC channel. What finally made me push myself to running my own Tor exit-router was the University of Washington hackathon. For me, it was a sense of wanting to engage with these many amazing people. By encouraging in-person meet-ups, even if sponsored by related organizations, I strongly feel that this would enhance one’s sense of community. Without that sensation of connection, there is certainly a higher learning-curve to become at ease when taking the risk of running a long-term Tor exit-router.

The Tor Challenge home page should be social (to some extent) so that people can share their own achievements and to see the successes of others. Torstatus.blutmagie.de does have a fair number of metrics available, as does Atlas.torproject.org, but what is missing is the long-term documentation of who has done what, including the amount of traffic and uptime that people and organizations have contributed. It is also limited by the focusing on the tor node, not on the people and organizations behind them.

  1. The Tor Project currently has a fair amount of material for both educating people about Tor and how they might use and/or support Tor. Certainly expand on these ideas but also find specific ways to engage people who want to run their own Tor nodes.
  2. Devise metrics for contributors so that people can identify with their contributions, but also the contributions of others via that shared connection.
  3. Create a blog so that people can tell their stories – from those of whom who use Tor, but also from those who contribute to Tor.
  4. Create hash-tags and other ways for people to share via popular online social networks.
  5. The social aspects of the Tor Challenge home page should not be limited to people and their contributions. Let people create their own “guilds” or TorChallenge clubs that bring awareness to hacker spaces as well as university clubs and/or organizations.

# Award the community

The amazing people who maintain their own Tor relay likely already have a strong understanding of why they support the Tor Project. However, some people are still learning, want to learn more, or want other ways of making connections. An award system might be a good way to provide needed feedback loops. Mozilla has initiated an “Open Badges” program, and it seems ideal for this type of knowledge development and community building.

  1. Create a Tor Challenge OpenBadges authority, and provide direct feedback to the individuals and organizations who have earned achievements.
  2. Research and develop new metrics and new ways to award badges.
  3. Create ways for people to share their badges on social networks as well as blogs/personal pages.
  4. Automate the delivery of awarded badges, detailing the next steps and/or additional ways to get involved with either the Tor Project or the Tor Challenge.
  5. Send out monthly newsletters to the Tor Challenge community alerting all of Tor updates, issues, news stories, and of course, the new achievements awarded to community members.

I hope that the ideas that I present above are useful to you. I understand that these ideas may already have been implemented to some degree, and I hope that you understand that I do not want to step on anyone’s feet, especially the amazing people at the Tor Project. Feel free to reuse or republish any of the above verbiage, and please contact me if you have any questions or concerns. Thank you for your time.

Updated my Tor Exit Router policy

Revised: https://atlas.torproject.org/#details/6B53D408A434C2410FADA8224097CC60A441F7C5

From: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

ExitPolicy accept *:20-23     # FTP, SSH, telnet
ExitPolicy accept *:43        # WHOIS
ExitPolicy accept *:53        # DNS
ExitPolicy accept *:79-81     # finger, HTTP
ExitPolicy accept *:88        # kerberos
ExitPolicy accept *:110       # POP3
ExitPolicy accept *:119       # accept nntp as well as default exit policy
ExitPolicy accept *:143       # IMAP
ExitPolicy accept *:194       # IRC
ExitPolicy accept *:220       # IMAP3
ExitPolicy accept *:389       # LDAP
ExitPolicy accept *:443       # HTTPS
ExitPolicy accept *:464       # kpasswd
ExitPolicy accept *:465       # smtps (SMTP over SSL)
ExitPolicy accept *:531       # IRC/AIM
ExitPolicy accept *:543-544   # Kerberos
ExitPolicy accept *:554       # RTSP
ExitPolicy accept *:563       # NNTP over SSL
ExitPolicy accept *:636       # LDAP over SSL
ExitPolicy accept *:706       # SILC
ExitPolicy accept *:749       # kerberos 
ExitPolicy accept *:873       # rsync
ExitPolicy accept *:902-904   # VMware
ExitPolicy accept *:981       # Remote HTTPS management for firewall
ExitPolicy accept *:989-995   # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL
ExitPolicy accept *:1194      # OpenVPN
ExitPolicy accept *:1220      # QT Server Admin
ExitPolicy accept *:1293      # PKT-KRB-IPSec
ExitPolicy accept *:1500      # VLSI License Manager
ExitPolicy accept *:1533      # Sametime
ExitPolicy accept *:1677      # GroupWise
ExitPolicy accept *:1723      # PPTP
ExitPolicy accept *:1755      # RTSP
ExitPolicy accept *:1863      # MSNP
ExitPolicy accept *:2082      # Infowave Mobility Server
ExitPolicy accept *:2083      # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128      # SQUID
ExitPolicy accept *:3389      # MS WBT
ExitPolicy accept *:3690      # SVN
ExitPolicy accept *:4321      # RWHOIS
ExitPolicy accept *:4643      # Virtuozzo
ExitPolicy accept *:5050      # MMCC
ExitPolicy accept *:5190      # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228      # Android Market
ExitPolicy accept *:5900      # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679      # IRC SSL  
ExitPolicy accept *:6697      # IRC SSL  
ExitPolicy accept *:8000      # iRDMI
ExitPolicy accept *:8008      # HTTP alternate
ExitPolicy accept *:8074      # Gadu-Gadu
ExitPolicy accept *:8080      # HTTP Proxies
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # BitCoin
ExitPolicy accept *:8443      # PCsync HTTPS
ExitPolicy accept *:8888      # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418      # git
ExitPolicy accept *:9999      # distinct
ExitPolicy accept *:10000     # Network Data Management Protocol
ExitPolicy accept *:11371     # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:19294     # Google Voice TCP
ExitPolicy accept *:19638     # Ensim control panel
ExitPolicy reject *:*

Updated Tor Exit config

Below are some small developments with respect to my Tor exit routing operations. I updated my torrc file by removing the configuration lines that I don’t use and the comment verbiage. I also added a new low-bandwidth exit router on a VPS in Iceland, tor.pirate.is, and made sure to update my MyFamily fingerprint line.

## UPDATED: 2012-JUL-24
NumCPUs 2
SocksPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor
ORPort 9001
Nickname yawnbox
Address tor.anon.is
RelayBandwidthRate 5500 KB
RelayBandwidthBurst 7000 KB
ContactInfo Chris Sheats
DirPort 9030
MyFamily $6B53D408A434C2410FADA8224097CC60A441F7C5,$0F8D514E77A8E375105F506C549B87D080F736BB
ExitPolicy accept *:119 # accept nntp as well as default exit policy
ExitPolicy accept *:22 # ssh
ExitPolicy accept *:443 # https (HTTP via TLS)
ExitPolicy accept *:465 # smtps (SMTP over SSL)
ExitPolicy accept *:993 # imaps (IMAP over SSL)
ExitPolicy accept *:994 # ircs (IRC over SSL)
ExitPolicy accept *:995 # pop3s (POP3 over SSL)
ExitPolicy accept *:6660-6667 # allow irc ports
ExitPolicy accept *:6697 # irc (using SSL)
ExitPolicy reject *:* # no exits allowed

I also updated both to Tor 0.2.3.19-rc. Since I run these as a hobby, I don’t mind running bleeding-edge exit routers.

Ubuntu 12.04 + Irssi + Tor + Freenode

This post is a guide for securely connecting to the Freenode IRC network using Ubuntu 12.04 x64 server, via the IRC client Irssi, using a Tor hidden service.

Note: This specific blog post is licensed as CC0 for the purpose of contributing to the Crypto.is project. You are free to copy, change, delete, or publish any part of this guide.

REQUIREMENTS

1. Have Ubuntu server installed + sudo and root access
2. Have a registered SN on Freenode: http://freenode.net/faq.shtml#userregistration

INSTALL TOR

sudo vim /etc/apt/sources.list

add:

deb http://deb.torproject.org/torproject.org precise main
deb-src http://deb.torproject.org/torproject.org precise main

:wq

sudo su
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
exit
sudo apt-get update
sudo apt-get install deb.torproject.org-keyring
sudo apt-get install tor

INSTALL IRSSI

sudo apt-get install irssi irssi-plugin-otr irssi-scripts screen libcrypt-openssl-bignum-perl libcrypt-blowfish-perl libcrypt-dh-perl
cd /usr/share/irssi/scripts/
sudo wget http://freenode.net/sasl/cap_sasl.pl

CONFIGURE TOR AND IRSSI

sudo vim /etc/tor/torrc

add:

 mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion

:wq

sudo service tor reload
sudo mkdir /usr/share/irssi/scripts/autorun
sudo ln -s /usr/share/irssi/scripts/cap_sasl.pl /usr/share/irssi/scripts/autorun
torify irssi
/script load cap_sasl.pl
/sasl set freenode [USER] [PASS] DH-BLOWFISH
/sasl save
/save
/exit
sudo ln -s /usr/share/irssi/scripts ~/.irssi/scripts
sudo vim ~/.irssi/config

add to line 2:

{ address = "p4fsi4ockecnea7l.onion"; chatnet = "freenode"; port = "6667"; use_ssl = "no"; ssl_verify = "no"; },

:wq

usewithtor irssi -n [USER]
/server freenode
/join #[CHANNEL]