Monday, September 18, 2006

ISSA NoVA Meeting Thursday

This Thursday is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next ISSA NoVA meeting. It will be held at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 The MITRE Corporation in McLean, VA. The social hour starts at 1730 and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 meeting starts at 1830. Dr. Gary McGraw is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 speaker. I will probably bring his books so I can get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m signed. RSVP as soon as possible.

Remember that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next NoVA Sec meeting is a week from Thursday.

Thoughts on Latest SANS Whitepaper

I read about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new SANS paper IT Security Industry Changes: Trouble on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Horizon (September 2006) (.pdf) in this NewsBites issue. Here are some excerpts and my reactions.

Over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past six months, SANS Technology Institute's Stephen Northcutt has been gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ring data and stories from security managers in more than 100 US organizations searching for patterns in job changes of security managers and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 consultants who support cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. The research was triggered by multiple emails from security managers who were facing reorganizations. His conclusions, albeit preliminary, paint a worrisome picture of job prospects for ill-equipped security managers, but also offer promise of some opportunities for success and advancement.

That's an interesting project. Let's read more.

[S]enior executives began to feel more comfortable voicing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir frustration that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y were wasting money paying for hugely expensive people and compliance reports that probably were not needed and that often had no impact on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir ability to stop attacks or avoid disclosure of private information. The senior executives pushed back on budget requests, asking exactly what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would get in decreased risk from each of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 expenditures. When cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y got answers cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y didn't like, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y looked for ways to reorganize. Numerous security managers were pushed out as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir responsibilities were moved to IT operations or audit or risk management groups.

Stephen continues by implying that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se fired security managers lacked real technical skills and could not do much more than write reports. However...

Government is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one area where soft security skills, like policy and report writing, are still in demand, both in security staff and in consultants. The US Congress and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 White House passed and implemented legislation (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Federal Information Security Management Act) that rates federal agencies less on whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir systems are protected from attack and more on whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r agencies have written security evaluation reports for every system. Consulting firms have gotten rich writing those reports. One CEO reported that his firm had grown from three people doing security evaluations to 175 people writing FISMA reports, in just five years.

Does that make any else sick? It makes me ill.

Recent public disclosure of huge security failings, however, have caused government officials to review FISMA, particularly how it is implemented. Change seems to be in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 air. That same CEO reported that 75% of his 175 FISMA folk today have soft skills and only 25% have solid technical security skills. He sees cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 need for that mix of skills to be reversed, within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next year or so, or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business "will dry up."

That is awesome. It probably explains why TaoSecurity continues to receive calls from firms inside-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-Beltway (and beyond) wishing to "team" to provide technical services to .gov clients, instead of just certification and accreditation.

Latest Sguil Scripts

I last talked about installing Sguil in March 2006. Over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last few weeks I've worked on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scripts I use for FreeBSD platforms, mainly as a response to changes in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 various libraries and components. For example, Snort 2.6.0.2 is now available, replacing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort 2.4.x line.

The idea behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se scripts is to replace an English-text description of what to install where with a computer syntax version. If properly configured, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se commands can set up everything you need for Sguil -- sensor, database, server, and client.

One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 major problems I've encountered is making good choices about libraries and components. The various Tcl libraries are on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fringes of support, compared to more popular packages. This makes it difficult to provide scripts that work without any real user modification. I decided cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best I can do for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "run-it-without-looking" crowd is to let cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scripts install (by default) packages shipped with FreeBSD 6.1 RELEASE, assuming you're running 6.1. If you know how to install using newer packages, you're free to set cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right environment variable in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script and deal with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 consequences.

The scripts I finished today are available at www.bejtlich.net/sguil_scripts_18sep06b.tar.gz.

They include:

  • sguil_sensor_install.sh: Set up Sguil sensor components.

  • snort_pkg_install.sh or snort_src_install.sh: Run one or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r. These set up Snort and Barnyard.

  • sguil_sensor_install_patch.sh: This patches configuration files that you should modify as listed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 README, namely sensor_agent.conf.patch, snort.conf.patch, barnyard.conf.patch, sancp.conf.patch, and log_packets.sh.patch.

  • sguil_database_install_pt1.sh: Set up MySQL database, part 1.

  • sguil_database_install_pt2.sh: Set up MySQL database, part 2.

  • sguil_server_install.sh: Set up Sguil server.

  • sguil_client_install.sh: Set up Sguil client.


If you are careful you can choose which scripts to run in order to have an all-in-one distribution or a separate box for every component (sensor, database, server, and client).

These are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 prerequisites for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sensor and server.

  • Register at Snort.org to download snortrules-snapshot-CURRENT.tar.gz and put cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m in /tmp on your sensor.

The client box should be installed with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 X packages. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise, you can add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following manually:

# pkg_add -r xorg-server
# pkg_add -r xorg-clients
# pkg_add -r bitstream-vera
# pkg_add -r perl
# pkg_add -r xorg-fonts-100dpi
# pkg_add -r xorg-fonts-75dpi
# pkg_add -r xorg-fonts-miscbitmaps

All systems should have a user sguil and a user analyst to support cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 components.

The smoocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365st use of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scripts involves cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following.

  • FreeBSD 6.1 RELEASE or SECURITY.

  • Sensor name is taosecurity.

  • Sensor is a VMware image with lnc0 interface for management and monitoring.

  • Avoid cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 snort_pkg_install.sh, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort package with FreeBSD 6.1 RELEASE is Snort 2.4.x. That will not work as I have written cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scripts. Use snort_src_install.sh instead.


Those suggestions will require cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 least number of modifications.

There is still a problem with this setup, however. The mysqltcl package shipped with FreeBSD 6.1 RELEASE requires mysql40-client as a dependency. I install mysql50-client prior, which conflicts with mysql40-client. This means cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 addition of mysqltcl as a package fails while running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sguil_server_install.sh script. Without mysqltcl, you can't start sguild, which means you can't add a sguil client user and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365reby can't access Sguil.

You can work around this problem by retrieving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package from my Web server www.bejtlich.net/mysqltcl-3.01.tbz and adding it manually as root:

# pkg_add -v mysqltcl-3.01.tbz

You'll cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n need to add a sguil client user manually.

# cd /usr/local/src/sguil-0.6.1/server
# ./sguild -c sguild.conf -u sguild.users -adduser sguil
# cp sguild.users /usr/local/etc/nsm/
# chown sguil:sguil /usr/local/etc/nsm/sguild.users

You could also use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sguild_adduser.sh script which contains basically cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same, including a LD_LIBRARY_PATH in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 even you have trouble creating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sguil client user manually.

#!/bin/sh -x
SGUIL=sguil-0.6.1
LD_LIBRARY_PATH=/usr/local/lib/mysql
export LD_LIBRARY_PATH
cd /usr/local/src/$SGUIL/server/
./sguild -c sguild.conf -u sguild.users -adduser sguil
cp sguild.users /usr/local/etc/nsm/
chown sguil:sguil /usr/local/etc/nsm/sguild.users

Note that as an example of grappling with problems with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD ports tree, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current databases/mysqltcl port is broken.

I recommend viewing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 included README to see what you should run in order to get Sguil installed with all components on a single box.

If you have questions I strongly recommend posting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to sguil-users [at] lists.sourceforge.net. Any question I receive I usually send to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 list. You may also find faq.sguil.net helpful.

It is important to realize that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se scripts do not check to see what is installed prior to acting. Parts may fail if something is missing. If something is already installed (say, Tcl) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pkg_add for a second instance of Tcl will fail -- but that won't cause any problems.

Please consider all Sguil installation guidance prior to this to be obsolete. This post and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scripts are probably not as clear as I would like, but this is free work and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time I have allocated for it is done!

SwitchProxy and Tor

I just wrote about Web Browsing with Tor. You might wonder if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's an easy way to switch to using Tor while running Firefox. I looked at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Torbutton extension, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I found SwitchProxy. I like SwitchProxy because can you configure multiple proxies and decide when to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

If you click on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 thumb image above you'll see me accessing a Hidden Service using Tor while I have Privoxy and Tor working togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r. Notice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 URL -- http://6sxoyfb3h2nvok2d.onion/

I can just as easily switch to my production proxy, or even import a list of anonymous proxies and have SwitchProxy cycle through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m every X seconds.

Installing Privoxy

A task I'm going to blog shortly recommends that I install Privoxy. I encounted some troubles using FreeBSD so I thought I would document cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

First I installed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

orr:/root# pkg_add -vr privoxy
...edited...
Running pre-install for privoxy-3.0.3_4..
extract: Package name is privoxy-3.0.3_4
extract: CWD to /usr/local
extract: /usr/local/man/man1/privoxy.1.gz
extract: /usr/local/sbin/privoxy
extract: /usr/local/etc/privoxy/config
extract: /usr/local/etc/privoxy/default.action
extract: /usr/local/etc/privoxy/default.filter
extract: /usr/local/etc/privoxy/trust
...edited...

***********************************************************
** Before running privoxy you must modify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file **
** /usr/local/etc/privoxy/config **
** **
** Start privoxy with: **
** /usr/local/sbin/privoxy /usr/local/etc/privoxy/config **
** **
** For documentation see: **
** /usr/local/share/doc/privoxy-manual or 'man privoxy' **
***********************************************************

Next I enabled Privoxy in /etc/rc.conf.

orr:/root# echo "privoxy_enable=YES" >> /etc/rc.conf

Next I tried starting Privoxy. I ran into some problems that I fixed with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

orr:/usr/local/etc/rc.d# mkdir /var/run/privoxy
orr:/usr/local/etc/rc.d# chown privoxy:privoxy /var/run/privoxy
orr:/usr/local/etc/rc.d# mkdir /var/log/privoxy
orr:/usr/local/etc/rc.d# chown privoxy:privoxy /var/log/privoxy

Here's what Privoxy looks like while running.

orr:/usr/local/etc/rc.d# ./privoxy start
Starting privoxy.
orr:/usr/local/etc/rc.d# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
privoxy privoxy 40053 3 tcp4 127.0.0.1:8118 *:*
richard firefox-bi 37850 22 tcp4 192.168.2.5:62936 66.249.83.83:80
richard ssh 691 3 tcp4 192.168.2.5:49499 172.16.3.2:22
root sendmail 468 4 tcp4 127.0.0.1:25 *:*
root sshd 462 4 tcp4 *:22 *:*
root syslogd 320 7 udp4 *:514 *:*

So what is this good for? Well, now that I have Privoxy listening on port 8118 TCP I can point my Web browser toward it. I tell Firefox to use localhost port 8118 and now all my Web requests use Privoxy.

I can test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 difference between normal Web browsing and Privoxy Web browsing by visiting http://config.privoxy.org/show-status. It shows information like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following.

Show-Request



Here you see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original headers that your client sent when requesting this page, along with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 headers that Privoxy would have sent to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remote server if this request hadn't been intercepted.


Original Client Request:


GET http://config.privoxy.org/show-request HTTP/1.1
Host: config.privoxy.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.7)
Gecko/20060917 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://config.privoxy.org/show-status
If-Modified-Since: Mon, 18 Sep 2006 15:25:41 GMT
Cache-Control: max-age=0

Processed Request:


GET /show-request HTTP/1.1
Host: config.privoxy.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.7)
Gecko/20060917 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: http://config.privoxy.org/
If-Modified-Since: Mon, 18 Sep 2006 15:25:41 GMT
Cache-Control: max-age=0
X-Actions-File-Version: 1.8
Connection: close

This doesn't appear to be a big deal, but I'm using Privoxy's default configuration. In my next post I'll combine Privoxy with Tor to facilitate (but not guarantee) anonymous Web browsing.

Web Browsing with Tor

In my Installing Privoxy post I said I needed to install Privoxy for a certain task. I decided to use Privoxy with Tor to facilitate anonymous Web browsing.

First I installed Tor via package.

orr:/root# pkg_add -vr tor
...edited...
Package 'tor-0.1.1.23' depends on 'tsocks-1.8.b5_3' with 'net/tsocks' origin.
...edited...
extract: Package name is tsocks-1.8.b5_3
extract: CWD to /usr/local
extract: /usr/local/man/man1/tsocks.1.gz
extract: /usr/local/man/man5/tsocks.conf.5.gz
extract: /usr/local/man/man8/tsocks.8.gz
extract: /usr/local/bin/tsocks
extract: /usr/local/etc/tsocks.conf.sample
extract: /usr/local/lib/libtsocks.so.1
extract: /usr/local/lib/libtsocks.so
extract: /usr/local/share/examples/tsocks/tsocks.conf.complex.example
extract: /usr/local/share/examples/tsocks/tsocks.conf.simple.example
extract: /usr/local/share/examples/tsocks/README
...edited...
Package 'tor-0.1.1.23' depends on 'libevent-1.2' with 'devel/libevent' origin.
- already installed.
Running pre-install for tor-0.1.1.23..
Added group "_tor".
Added user "_tor".
extract: Package name is tor-0.1.1.23
extract: CWD to /usr/local
extract: /usr/local/man/man1/tor.1.gz
extract: /usr/local/man/man1/tor-resolve.1.gz
extract: /usr/local/man/man1/torify.1.gz
extract: /usr/local/bin/tor
extract: /usr/local/bin/tor-resolve
extract: /usr/local/bin/torify
extract: /usr/local/etc/tor/tor-tsocks.conf.sample
extract: /usr/local/etc/tor/torrc.sample
extract: CWD to /usr/local
extract: /usr/local/etc/rc.d/tor
...edited.
================================================================================
To enable cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tor server, set tor_enable="YES" in your /etc/rc.conf
and edit /usr/local/etc/tor/torrc. Also note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rc.subr script overrides
many torrc options and is tunable. See /usr/local/etc/rc.d/tor.sh for details
================================================================================
...truncated...

Next I made a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 config file and enabled Tor's startup script.

orr:/root# cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc
orr:/root# echo "tor_enable=YES" >> /etc/rc.conf

Finally I told Privoxy to accept connections and send cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to Tor, which would listen on port 9050 TCP.

orr:/root# echo "forward-socks4a / localhost:9050 ." >> /usr/local/etc/privoxy/config

Using SOCKS4A means my local host will not make DNS requests. Instead, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will be made by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SOCKS server (ostensibly through Tor).

Thanks to this guide for help!

Now I start Privoxy.

orr:/root# /usr/local/etc/rc.d/privoxy start
Starting privoxy.


Finally I start Tor.

orr:/root# /usr/local/etc/rc.d/tor start
/usr/local/etc/rc.d/tor: WARNING: /var/db/tor is not a directory.

That's no good. I make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 required directory. (Why isn't that a default?)

orr:/root# mkdir /var/db/tor
orr:/root# /usr/local/etc/rc.d/tor start
Starting tor.
Sep 18 10:50:59.336 [notice] Tor v0.1.1.23. This is experimental software.
Do not rely on it for strong anonymity.
Sep 18 10:50:59.346 [notice] Initialized libevent version 1.2 using method kqueue. Good.
Sep 18 10:50:59.348 [warn] /var/db/tor is not owned by this user (_tor, 256) but by root (0).
Perhaps you are running Tor as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wrong user?
Sep 18 10:50:59.349 [warn] Failed to parse/validate config: Couldn't access/create private data
directory "/var/db/tor"
Sep 18 10:50:59.350 [err] tor_init(): Reading config failed--see warnings above. For usage, try -h.

Shoot. I need to let cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 _tor user access cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory I just made.

orr:/root# chown _tor:_tor /var/db/tor

Now I start Tor.

orr:/root# /usr/local/etc/rc.d/tor start
Sep 18 11:12:06.587 [notice] Tor v0.1.1.23. This is experimental software.
Do not rely on it for strong anonymity.
Sep 18 11:12:06.597 [notice] Initialized libevent version 1.2 using method kqueue. Good.
Sep 18 11:12:06.597 [notice] connection_create_listener(): Opening Socks listener on
127.0.0.1:9050
Sep 18 11:12:06.600 [warn] options_init_logs(): Can't log to stdout with RunAsDaemon set;
skipping stdout

Let's see what's listening.

orr:/root# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
_tor tor 39325 4 tcp4 192.168.2.5:57518 62.35.214.207:9030
_tor tor 39325 5 tcp4 127.0.0.1:9050 *:*
_tor tor 39325 6 tcp4 192.168.2.5:56850 70.32.145.204:9001
_tor tor 39325 8 tcp4 192.168.2.5:64675 218.189.210.17:4806
root privoxy 39312 3 tcp4 127.0.0.1:8118 *:*
richard ssh 691 3 tcp4 192.168.2.5:49499 172.16.3.2:22
root sendmail 468 4 tcp4 127.0.0.1:25 *:*
root sshd 462 4 tcp4 *:22 *:*
root syslogd 320 7 udp4 *:514 *:*

Now I configure my Web browser to connect to port 8118 (where Privoxy is listening), and Privoxy will send my traffic to port 9050 TCP where Tor is listening.

Now if I browse to a site like whatismyip.com I get a result like 195.71.8.10, which is plug.rfc822.org.

You can see Tor node status at sites like serifos.eecs.harvard.edu/cgi-bin/exit.pl and node2.xenobite.eu/torstat.php.

Thursday, September 14, 2006

Simple Tiny Network Name Services

A great way to start a religious war is to discuss domain name services. I previously documented my experiences with BIND 9 on FreeBSD, and I really didn't want to repeat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process for my small lab network.

Looking in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports tree I found Dnsmasq, "a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network." Wow, that sounds perfect (but I don't need DHCP).

I decided to try this on a Debian host that had a fully populated /etc/hosts file.

macmini:~# apt-get install dnsmasq
Reading Package Lists... Done
Building Dependency Tree... Done
Suggested packages:
resolvconf
The following NEW packages will be installed:
dnsmasq
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 114kB of archives.
After unpacking 303kB of additional disk space will be used.
Get:1 http://mirrors.kernel.org stable/main dnsmasq 2.22-2 [114kB]
Fetched 114kB in 1s (78.8kB/s)
Selecting previously deselected package dnsmasq.
(Reading database ... 13695 files and directories currently installed.)
Unpacking dnsmasq (from .../dnsmasq_2.22-2_powerpc.deb) ...
Setting up dnsmasq (2.22-2) ...
Starting DNS forwarder and DHCP server: dnsmasq.

macmini:/etc/init.d# netstat -natup | grep dnsmasq
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3279/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 3279/dnsmasq
udp 0 0 0.0.0.0:32770 0.0.0.0:* 3279/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 3279/dnsmasq
udp6 0 0 :::53 :::* 3279/dnsmasq

Note that by default, no DHCP server is started.

That's it. Now I point all my hosts to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IP address of this Debian box, and it resolves local and remote IPs. I made sure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Debian host had my ISP's DNS servers in its /etc/resolv.conf file. Easy.