Jump to content

Tor


pg94

Recommended Posts

To what extent do y'all think TOR works? From what I've seen in videos its nothing but a bunch of illegal stuff. Theoretically it may mask your IP but can't your service provider still see what your doing?

Link to comment
Share on other sites

Sure there is a paper trail...

would you rob a bank and leave your drivers license on the counter ? Or put on a ski mask...

Illegal activity and privacy are 2 separate subjects... I would not use tor with any private information or login credentials

Link to comment
Share on other sites

It ironic because Tor was originally developed for privacy but now with the FBI the NSA and other governments are running exit nodes and sniffing everyone who does run one

Link to comment
Share on other sites

The point of TOR is that all your traffic is encrypted at least 3 times before it leaves your house. Each hop between you and the intended destination of your traffic will strip off 1 layer of encryption and then send it on. This will continue until the last layer is stripped by the exit node which sends it out onto the internet unless you were connecting to a TOR-network internal server (the Silk Roads and such).

Using TOR means that no node in the network knows who sent what to who. The exit node sees the request in the clear, but doesn't know who sent the request. The in-between hops only see the encrypted data going between 2 machine and can't tell how many hops came before it or how many are to come after. The ISP only sees encrypted traffic going out across your connection, which means nothing. You could be going to forums.hak5.org or facebook for all they know. They're https sites aswell which results in the exact same sort of traffic.

The trade-off you make when you use TOR is that your traffic is much more secure but also *WAY* slower. All outgoing data is encrypted multiple times before it gets sent out. All traffic is bounced around a few servers who need to decrypt some of the message and all traffic onto the internet is dumped on a select few exit nodes which are quickly swamped by the traffic of all those idiots too stupid to realise that using bittorrent this way is rediculously lame. Worse still, if you're using some low-volume service like IRC over TOR, TOR will take that 30 byte packed of yours and stretch it out to 512 bytes just to make sure no statistical analysis can take place on that packet. And as for being more secure, it all depends on your skill and discipline. The (virtual) machine you use with TOR enabled should never be used without TOR enabled. If you go to site X and log in as "Jack Off" and set it to remember your session, then the next day you go to that site again but this time without starting TOR, that site now knows your IP. All your efforts to remain hidden have now been thwarted.

So I guess the point I'm trying to make is, knowing the trade-off you must make and the discipline you need to impose upon yourself, is what you're doing really worth all the trouble? Maybe you should seriously ask yourself if you should be doing this in the first place.

Take a look at this talk by Irongeek on the subject of people who got caught even though they used TOR.

Link to comment
Share on other sites

Just a side note, I have no intentions of using TOR. I guess I was just curious as to what others thought about it. I mean yes TOR is much more secure but that doesn't mean its impossible to track it back to the original source. I watched a video earlier which raised the question of who exactly runs TOR? If people voluntarily allow their computers to be used as nodes then it should raise some concern, right? Also on the black market and in general, hackers hack each other probably more than regular users of the internet. Overall how do you know who ever runs TOR isn't stealing info and credentials?

Cooper: I have to give you credit, you're knowledgeable about a lot of things and give very in-depth answers. Your answers help me a lot as I'm sure they do for other users.

Link to comment
Share on other sites

So is there really any regular daily practical uses for this Tor? and in simple words what is the actual purpose of using tor - yes i know its keep you secret etc - but to what ends? what can yu achive with tor you could not with achive with other browsers etc?

all I turn up is what you have already said.

Link to comment
Share on other sites

Tor is a solution to a problem most people either don't or shouldn't have: It provides you a certain degree of anonimity at a cost of performance.

For 99% of all people and 75% of current Tor users, using Tor makes little to no sense at all.

Common usages are:

1 - circumvent IP blocks in response to you being a major dick on a website. Examples for this are a) automated ticket scalping, b) using google's services to test if school papers weren't blatantly plagiarised from online resources, c) being an abusive prick on a forum

2 - using bittorrent in direct and blatant violation of the terms of use of the internet provided. Examples for this are a) holiday parks that provide internet as a cheap convenience to paying guest b) ISPs that simply don't want you to do that due to the immense amount of traffic involved.

3 - accessing very, VERY illegal content. Most specifically a) kiddy porn, but b) weapons making instructions and c) hate spreading / jihadi websites might not be something you want to be seen accessing from your home.

4 - acquiring very, VERY illegal goods and services. Examples are basically the gamut of stuff on The Silk Road: a) drugs, b) murder for hire, c) stolen credit cards / identities

1a - as discussed in the ssl strip talk by Moxie, people scour the ticketmaster website for when tickets to popular events become available, or when tickets to unpopular events drop in price as the event itself draws near. They buy the ticket and then sell it on for profit.

1b - commercial vetting companies exist that use this method to verify authenticity of someone's work, but since they tend to google each line in a paper separately it results in a LOT of traffic to google, which they frown upon and can get you IP blocked, so these dicks turn to Tor to continue to abuse Google's services for their own financial gain.

1c - this actually doesn't work very well since most forums don't allow traffic from tor exit nodes for precisely this reason.

2a - Most of these holiday parks use a single consumer ADSL line for this, so bandwidth is VERY limited. If only takes 1 fuckwad to start to torrent a movie to bring the entire park network to a grinding halt.

2b - You can bitch and moan about these ISPs, but they tend to be small and simply lack the resources to handle all that traffic efficiently. If you don't like the idea, you shouldn't be using them. Some people however have no other choice.

3a - Quite obvious I'd think. It's a known fact that internal Tor services provide kiddie porn but there's still plenty on the regular internet aswell and when such sites get shut down the prosecutor uses the access log to find more of these scumbags so you use Tor to hide yourself.

3b - When some tragedy takes place, law enforcement looks online at what websites provide instructions for making such devices and then subpoena local ISPs for a list of people that accessed those resources in the last year or so.

3c - With the current worries about radicalising islamists (which I might add have as much to do with islam as the KKK has to do with christianity) intelligence services are looking intently at websites spreading hate and stirring radical discontent amongst people. If you want to plan your one-way trip to 72 virgins (a.k.a. the next Star Wars convention) in peace, you would be wise to hide yourself from prying eyes there.

4 - The Silk Road was an internal Tor service, but there are fora out there in .ru and similarly corrupt and/or lawless territories where many of these products are also peddled and, again, if you don't want a knock on the door from your friendly government official followed by some private, romantic encounters with Bubba, you'd do well to hide your identity.

The intended use of Tor is to disseminate information in spite of corrupt and repressive regime's best efforts. Stuff like circumventing the great firewall of china to inform yourself about for instance the events at Tiannemen square, or providing secret documents to wikileaks. You want to either spread or acquire information about stuff the local government doesn't want people to have, and there are serious repercussions to doing so. And like I already said, for 99% of people this simply isn't a scenario that applies to them.

Edited by Cooper
Link to comment
Share on other sites

That Sir was awesome. Thank you very much.

my question is answered .

if you sit down and look at what this forum teaches - Tor is freaking useless!

Link to comment
Share on other sites

That Sir was awesome. Thank you very mucch my question is answered .

if you sit down and look at what this forum teaches - Tor is freaking useless!

So wrong, not all minds can grasp this stuff... just a example...

Lets say u want to brute force a cpannel login, I could explain the ip banning process but Ill skip that...

You must sleep for 5 seconds between each login attempt, if you have a list of 100 proxy's you can now achieve how many password attempts per minute ?

If it took 20,000 attempts for a success how long will it take?

How long would it take with out tor?

How easy was this attack?

one ip address would take 1,666 minutes

100 ip address would take 16 minutes

Is my math wrong? Lol

Edited by i8igmac
Link to comment
Share on other sites

Looks like the first category to me plus you could simply use several regular proxies for this rather than tor. Performance should be better.

Link to comment
Share on other sites

Looks like the first category to me plus you could simply use several regular proxies for this rather than tor. Performance should be better.

Lol agreed I have a google crawler for generating a list of working proxy's for use with proxychains... just a example

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...