[Fwd: Re: I'm Running A Tor Exit But Never Initiated It]
-------- Weitergeleitete Nachricht --------
Von: Christian Adam <hirnwurst@t-online.de> An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated It Datum: Mon, 30 May 2016 22:14:51 +0200
Dear Percy,
I read all of your messages very carefully and, please, believe me, I don't mean to be rude, but just want to provide you a little bit of relief.
First of all, I have to share that I AM in fact a schizophrenic for 16 years now, but fully therapied to the extent I do a job as a system administrator and get certified for being a data security officer this week. This won't reveal any competence on my side, but gives a clue about my functional level which is, after all, related to sanity.
Why do I tell this? Because you don't seem to know much about computers AND because 60% of the population experience states during their lifetime resembling mine while diagnosed, but nobody minds and it goes away and was just triggered by external circumstances and internal attributions.
I tell this, because my delusional system did not involve at all any technical devices, but was completely interpersonal and cultural, which is a little seldom in western countries.
So, I learned that even if improbable, it helps keeping a harmless, maybe also annoying, possibility in mind.
Read Foster-Wallace, This Is Water?
So, let's have a clue at the facts. You moved to a new region. So, you were not yet closely related to your new environment and the old one you left might have been more and more distant, which makes people sometimes do morally questionable things.
You don't know anything about computers, so, someone must have installed your linuxes.
I also do that for people. My 73-year-old mom uses linux. And a former friends mother. I do remote administration via Teamviewer as I prefer users being graphically informed I am on their box after their consent.
Maybe the girl or guy who installed your linuxes has enabled SSH remote access combined with a DynDNS name resolving to remotely administrate (and spy) you (out).
Maybe things got socially weird, not technically. Maybe the computer shutdown at the library was just coincidence, as this also happened to me at a university terminal which might have been poorly maintained.
In my educational company, the public PCs are the most poorly maintained and I know that because I am in charge of that and not every library is financially well off.
The config you posted reveals two things: 1. NOT an exit. 2. You don't know that. Let me explain. The hash symbol # comments out lines, i.e. these lines don't contain config, but human readable remarks. Of course, in a default config file, you can include commented out options because the easily can be activated by removing the #. Lines beginning with # are just nothing.
The second thing is, that your "hard drive is partitioned". Every hard drive is partitioned. Operating systems don't use the raw physical devices, but the partitions made up on them containing the file systems.
On the most basic Windows installs, there's at least one partition which you might know as device C:. Personally, when I install linux, I separate system and user data which results in two partitions at minimum, one containing /, the root directory ("file system" in your file browser), and /home containing the users' personal folders.
Next thing is that /var/lib/tor contains among others sensitive statistical data concerning the relays users and are therefore is only accessible as root via a sudo command. If you type "sudo -i" and "cd /var/lib/tor", you should be able to access it as sudo provides you with administrator privileges which are called root privileges on linux. You cannot do "sudo cd /var/lib/tor".
If this folder was normally accessible, someone could just use a vulnerability in your firefox and learn from where your users originate and if he knows your record of connections, he would know what the people from region X do with your connection: accessing a relay or a bridge, which sets users not only in other jurisdictions at risk of uncontrolled data collection by whoever it is.
I asked my mom whether she wants to run a bridge. She didn't and so I did not install one. I asked my CEO if he wants to run a bridge. He didn't and so I did not install one. I just got the job because I told everything an employer is not allowed to ask here in Germany, because I told them that they first have to decide whether to trust me as I will have highest privileges on the entire network including their private PCs.
What is true that remote administration is great for saving time and miles to do people a quick favour. But it can be used irresponsibly.
Maybe the one providing you your installs decided you won't even notice and you get that relay, period. Not nice. Not responsible. Morally highly questionable. But after all, quite probable, as every device has a partitioned hard drive and real adversaries have a keen eye on you not noticing never ever you have been compromised, except ransomware tricking you into sending money via Western Union or Bitcoins.
Criminals want to do criminal business, except ransomware tricking you into sending money via Western Union or Bitcoins, and agencies want to prosecute, but scaring you is not an aim of either if you're not an agent yourself.
In my house are 8 appartements. Two of us are schizos. We integrate well (public health system) and our neighbours like us, but, of course, we use linux and of course, we have paranoid passwords and of course... you understand, I guess.
I have never ever been hacked. But in my company, I can access every computer without prompting for consent as everybody finds that comfortable cause they know about that. I'm in the network at 3 a.m. and I can turn on half of the workstations while laying in my bed.
I know how that feels. My diagnosis reads "paranoid-hallucinatoric schizophrenia" and I know how it feels to have a perspective not even one of 7 billion people share.
Sensitivity is paranoia's beautiful sister. I strongly suggest someone just wants to mock you.
Given my experience with newbie users, paranoia and system administration, what you wrote seemed quite normal and you didn't provide (as far as I remember) any unusual technical details.
Maybe what just happened was a lack of informed consent resulting in a tasteless prank.
I don't want to do injustice to you, but since Edward Snowden, we're all used to question every system crash and honestly, our times seem to be hysterical and violence-saturated.
The rule is simple. When a user thinks he's infected, he's almost always not. If he's infected, he wouldn't notice.
Hugs, I hope you find peace again soon.
Please don't feel offended, I only told my story based on the facts you gave.
And kind regards,
christian
Am Montag, den 30.05.2016, 13:25 +0200 schrieb Christian Pietsch:
Hi GDR!
On Mon, May 30, 2016 at 12:54:41PM +0200, GDR! wrote:
On Sun, 29 May 2016 15:23:24 +0000 "krutt@anche.no" <krutt@anche.no> wrote:
I can't image a single reason why Tor should be configured to run a relay without the system admins knowledge.
Debian did this - I'm not sure if it does that any more.
This bug is not present in current and recent versions of Debian.
`apt-get install tor` used to run an exit relay unless you uncomment "ExitPolicy reject *:*" in torrc. I had the same problem a few years ago, suddenly captchas started appearing everywhere after installing tor.
Do you mean this bug in Tor 0.1.0 which was fixed in 2005?
-------------- begin quote from the Debian changelog --------------
tor (0.1.0.11-1) unstable; urgency=high
* New upstream version (closes: #316753): - Fixes a serious bug: servers now honor their exit policies - In 0.1.0.x only clients enforced them so far. 0.0.9.x is not affected. * Build depend on libevent-dev >= 1.1. * Urgency high because 0.0.9.10-1 did not make it into testing after like 3 weeks because of an impending ftp-master move. So I might just as well upload this one.
-- Peter Palfrader <weasel@debian.org> Mon, 4 Jul 2005 17:53:48 +0200
-------------- end quote from the Debian changelog --------------
Cheers, Christian
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am a tech, a good one, who also runs 2 relays from my shop. I have found in client PC's many hidden things - such as proxys running for malware delivery. They were totally unaware except for slow and losing disk space. (Finding Tor running is a bit too extreme) I've also had two clients that were "absolutely" sure that someone was out to get them - cyber-stalking in their eyes. I actually did all of the suggestions made prior - new drive, reset or new router, even walked the home and perimeter looking for connections. I was positive of my security (30 years doing this) but they were calm for less than 4 weeks then started again. Their spouses, to their credit, stayed quiet and just rolled their eyes. Could a malicious technician do this? Hell yeah - most of us could do it dozens of times and they'd never know. We have too much moral decency, but.... others don't. More than likely, it is a scenario as christian states .... too much overload somewhere. Or a troll, we hope not. Me On 05/30/2016 04:27 PM, Christian wrote:
-------- Weitergeleitete Nachricht --------
Von: Christian Adam <hirnwurst@t-online.de> An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated It Datum: Mon, 30 May 2016 22:14:51 +0200
Dear Percy,
I read all of your messages very carefully and, please, believe me, I don't mean to be rude, but just want to provide you a little bit of relief.
First of all, I have to share that I AM in fact a schizophrenic for 16 years now, but fully therapied to the extent I do a job as a system administrator and get certified for being a data security officer this week. This won't reveal any competence on my side, but gives a clue about my functional level which is, after all, related to sanity.
<< snip >>
Given my experience with newbie users, paranoia and system administration, what you wrote seemed quite normal and you didn't provide (as far as I remember) any unusual technical details.
Maybe what just happened was a lack of informed consent resulting in a tasteless prank.
I don't want to do injustice to you, but since Edward Snowden, we're all used to question every system crash and honestly, our times seem to be hysterical and violence-saturated.
The rule is simple. When a user thinks he's infected, he's almost always not. If he's infected, he wouldn't notice.
Hugs, I hope you find peace again soon.
Please don't feel offended, I only told my story based on the facts you gave.
And kind regards,
christian
Am Montag, den 30.05.2016, 13:25 +0200 schrieb Christian Pietsch:
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I'm not offended in the least. No worries. The only reason I'm contacting anyone about this is the sheer fact Tor folders, files and connections are running through my systems and connection. Otherwise, I would have kept all of this to myself. Tor is extremely important and my fear is that someone out there maybe attempting to disguise themselves to enter it. I'm far from being IT savvy, however, I've spent the last six or so months trying to read everything I can possibly read to get a better understanding as to what's going on. Now, according to my Dell and Acer which both run Mint, when I try to install Tor I'm told I already have it. When I try to run Tor I'm told I don't have it. When I try to remove it, it comes back. However, I have a Lenovo with Windows10 on it. With that computer I was able to install the Tor browser with no problems. So here I am with one laptop that has the browser installed while my other two computers show that I'm running a relay. If this is nothing to be concerned over then that's that but I would like to make sure from possibly the friendly people here just in case. This is what I have as of today: May 31 07:35:23.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 31 09:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 12:00 hours, with 0 circuits open. I've sent 6.34 MB and received 138.42 MB. May 31 09:48:33.000 [notice] Average packaged cell fullness: 77.895% May 31 09:48:33.000 [notice] TLS write overhead: 7% May 31 12:42:51.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening log file. May 31 12:42:53.000 [notice] Bootstrapped 5%: Connecting to directory server. May 31 12:42:53.000 [notice] Bootstrapped 45%: Asking for relay descriptors. May 31 12:42:53.000 [notice] Bootstrapped 50%: Loading relay descriptors. May 31 12:42:53.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7013, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) May 31 12:42:53.000 [notice] Bootstrapped 51%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 53%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 54%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 56%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 57%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 59%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 60%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 62%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 63%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 65%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 66%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 68%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 69%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 71%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 72%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 74%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 75%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 77%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 78%: Loading relay descriptors. May 31 12:42:54.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 3220/7013, and can only build 11% of likely paths. (We have 48% of guards bw, 48% of midpoint bw, and 49% of exit bw.) May 31 12:42:56.000 [notice] We now have enough directory information to build circuits. May 31 12:42:56.000 [notice] Bootstrapped 80%: Connecting to the Tor network. May 31 12:42:56.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. May 31 12:42:57.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 31 12:42:57.000 [notice] Bootstrapped 100%: Done. May 30 07:35:20.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 30 09:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 12:00 hours, with 0 circuits open. I've sent 6.00 MB and received 128.80 MB. May 30 09:48:33.000 [notice] Average packaged cell fullness: 78.591% May 30 09:48:33.000 [notice] TLS write overhead: 7% May 30 15:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 18:00 hours, with 0 circuits open. I've sent 6.06 MB and received 130.60 MB. May 30 15:48:33.000 [notice] Average packaged cell fullness: 78.468% May 30 15:48:33.000 [notice] TLS write overhead: 7% May 30 21:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 0:00 hours, with 0 circuits open. I've sent 6.19 MB and received 134.22 MB. May 30 21:48:33.000 [notice] Average packaged cell fullness: 78.172% May 30 21:48:33.000 [notice] TLS write overhead: 7% May 31 03:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 6:00 hours, with 0 circuits open. I've sent 6.25 MB and received 136.02 MB. May 31 03:48:33.000 [notice] Average packaged cell fullness: 78.053% May 31 03:48:33.000 [notice] TLS write overhead: 7% May 31 07:35:23.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. May 31 07:35:23.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". May 31 07:35:23.000 [notice] Read configuration file "/etc/tor/torrc". On Tue, May 31, 2016 at 2:12 PM, Gumby <info@gumbyzee.torzone.net> wrote:
I am a tech, a good one, who also runs 2 relays from my shop. I have found in client PC's many hidden things - such as proxys running for malware delivery. They were totally unaware except for slow and losing disk space. (Finding Tor running is a bit too extreme) I've also had two clients that were "absolutely" sure that someone was out to get them - cyber-stalking in their eyes. I actually did all of the suggestions made prior - new drive, reset or new router, even walked the home and perimeter looking for connections. I was positive of my security (30 years doing this) but they were calm for less than 4 weeks then started again. Their spouses, to their credit, stayed quiet and just rolled their eyes. Could a malicious technician do this? Hell yeah - most of us could do it dozens of times and they'd never know. We have too much moral decency, but.... others don't. More than likely, it is a scenario as christian states .... too much overload somewhere. Or a troll, we hope not.
Me
On 05/30/2016 04:27 PM, Christian wrote:
-------- Weitergeleitete Nachricht --------
Von: Christian Adam <hirnwurst@t-online.de> An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated It Datum: Mon, 30 May 2016 22:14:51 +0200
Dear Percy,
I read all of your messages very carefully and, please, believe me, I don't mean to be rude, but just want to provide you a little bit of relief.
First of all, I have to share that I AM in fact a schizophrenic for 16 years now, but fully therapied to the extent I do a job as a system administrator and get certified for being a data security officer this week. This won't reveal any competence on my side, but gives a clue about my functional level which is, after all, related to sanity.
<< snip >>
Given my experience with newbie users, paranoia and system administration, what you wrote seemed quite normal and you didn't provide (as far as I remember) any unusual technical details.
Maybe what just happened was a lack of informed consent resulting in a tasteless prank.
I don't want to do injustice to you, but since Edward Snowden, we're all used to question every system crash and honestly, our times seem to be hysterical and violence-saturated.
The rule is simple. When a user thinks he's infected, he's almost always not. If he's infected, he wouldn't notice.
Hugs, I hope you find peace again soon.
Please don't feel offended, I only told my story based on the facts you gave.
And kind regards,
christian
Am Montag, den 30.05.2016, 13:25 +0200 schrieb Christian Pietsch:
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
And this: # Tor state file last generated on 2016-05-31 14:31:06 local time # Other times below are in UTC # You *do not* need to edit this file. EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardUnlistedSince 2016-05-31 18:00:11 EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20 EntryGuardPathBias 104.000000 104.000000 100.000000 4.000000 0.000000 0.000000 EntryGuard Unnamed B2CB9E5C80367C9026A806EC4801E22425AA7E8A DirCache EntryGuardAddedBy B2CB9E5C80367C9026A806EC4801E22425AA7E8A 0.2.4.27 2016-04-20 04:00:54 EntryGuardPathBias 5.000000 4.000000 4.000000 0.000000 0.000000 0.000000 EntryGuard Unnamed 1DE193C88576C3B377CEFCDB6E6E8B91F195D252 DirCache EntryGuardUnlistedSince 2016-05-17 01:51:36 EntryGuardAddedBy 1DE193C88576C3B377CEFCDB6E6E8B91F195D252 0.2.4.27 2016-04-20 10:24:57 EntryGuard CatRelay12 ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC DirCache EntryGuardAddedBy ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC 0.2.4.27 2016-04-22 14:09:45 TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a) LastWritten 2016-05-31 18:31:06 TotalBuildTimes 108 CircuitBuildTimeBin 325 3 CircuitBuildTimeBin 375 1 CircuitBuildTimeBin 425 18 CircuitBuildTimeBin 475 22 CircuitBuildTimeBin 525 9 CircuitBuildTimeBin 575 13 CircuitBuildTimeBin 625 5 CircuitBuildTimeBin 675 8 CircuitBuildTimeBin 725 4 CircuitBuildTimeBin 775 4 CircuitBuildTimeBin 825 4 CircuitBuildTimeBin 875 3 CircuitBuildTimeBin 925 2 CircuitBuildTimeBin 975 2 CircuitBuildTimeBin 1025 3 CircuitBuildTimeBin 1075 1 CircuitBuildTimeBin 1125 1 CircuitBuildTimeBin 1175 1 CircuitBuildTimeBin 1275 1 CircuitBuildTimeBin 1375 1 CircuitBuildTimeBin 1525 1 CircuitBuildTimeBin 2275 1 On Tue, May 31, 2016 at 3:02 PM, Percy Blakeney <di99in5@gmail.com> wrote:
I'm not offended in the least. No worries. The only reason I'm contacting anyone about this is the sheer fact Tor folders, files and connections are running through my systems and connection. Otherwise, I would have kept all of this to myself. Tor is extremely important and my fear is that someone out there maybe attempting to disguise themselves to enter it. I'm far from being IT savvy, however, I've spent the last six or so months trying to read everything I can possibly read to get a better understanding as to what's going on. Now, according to my Dell and Acer which both run Mint, when I try to install Tor I'm told I already have it. When I try to run Tor I'm told I don't have it. When I try to remove it, it comes back. However, I have a Lenovo with Windows10 on it. With that computer I was able to install the Tor browser with no problems. So here I am with one laptop that has the browser installed while my other two computers show that I'm running a relay. If this is nothing to be concerned over then that's that but I would like to make sure from possibly the friendly people here just in case. This is what I have as of today:
May 31 07:35:23.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 31 09:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 12:00 hours, with 0 circuits open. I've sent 6.34 MB and received 138.42 MB. May 31 09:48:33.000 [notice] Average packaged cell fullness: 77.895% May 31 09:48:33.000 [notice] TLS write overhead: 7% May 31 12:42:51.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening log file. May 31 12:42:53.000 [notice] Bootstrapped 5%: Connecting to directory server. May 31 12:42:53.000 [notice] Bootstrapped 45%: Asking for relay descriptors. May 31 12:42:53.000 [notice] Bootstrapped 50%: Loading relay descriptors. May 31 12:42:53.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7013, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) May 31 12:42:53.000 [notice] Bootstrapped 51%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 53%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 54%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 56%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 57%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 59%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 60%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 62%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 63%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 65%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 66%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 68%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 69%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 71%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 72%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 74%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 75%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 77%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 78%: Loading relay descriptors. May 31 12:42:54.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 3220/7013, and can only build 11% of likely paths. (We have 48% of guards bw, 48% of midpoint bw, and 49% of exit bw.) May 31 12:42:56.000 [notice] We now have enough directory information to build circuits. May 31 12:42:56.000 [notice] Bootstrapped 80%: Connecting to the Tor network. May 31 12:42:56.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. May 31 12:42:57.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 31 12:42:57.000 [notice] Bootstrapped 100%: Done.
May 30 07:35:20.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 30 09:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 12:00 hours, with 0 circuits open. I've sent 6.00 MB and received 128.80 MB. May 30 09:48:33.000 [notice] Average packaged cell fullness: 78.591% May 30 09:48:33.000 [notice] TLS write overhead: 7% May 30 15:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 18:00 hours, with 0 circuits open. I've sent 6.06 MB and received 130.60 MB. May 30 15:48:33.000 [notice] Average packaged cell fullness: 78.468% May 30 15:48:33.000 [notice] TLS write overhead: 7% May 30 21:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 0:00 hours, with 0 circuits open. I've sent 6.19 MB and received 134.22 MB. May 30 21:48:33.000 [notice] Average packaged cell fullness: 78.172% May 30 21:48:33.000 [notice] TLS write overhead: 7% May 31 03:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 6:00 hours, with 0 circuits open. I've sent 6.25 MB and received 136.02 MB. May 31 03:48:33.000 [notice] Average packaged cell fullness: 78.053% May 31 03:48:33.000 [notice] TLS write overhead: 7% May 31 07:35:23.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. May 31 07:35:23.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". May 31 07:35:23.000 [notice] Read configuration file "/etc/tor/torrc".
On Tue, May 31, 2016 at 2:12 PM, Gumby <info@gumbyzee.torzone.net> wrote:
I am a tech, a good one, who also runs 2 relays from my shop. I have found in client PC's many hidden things - such as proxys running for malware delivery. They were totally unaware except for slow and losing disk space. (Finding Tor running is a bit too extreme) I've also had two clients that were "absolutely" sure that someone was out to get them - cyber-stalking in their eyes. I actually did all of the suggestions made prior - new drive, reset or new router, even walked the home and perimeter looking for connections. I was positive of my security (30 years doing this) but they were calm for less than 4 weeks then started again. Their spouses, to their credit, stayed quiet and just rolled their eyes. Could a malicious technician do this? Hell yeah - most of us could do it dozens of times and they'd never know. We have too much moral decency, but.... others don't. More than likely, it is a scenario as christian states .... too much overload somewhere. Or a troll, we hope not.
Me
On 05/30/2016 04:27 PM, Christian wrote:
-------- Weitergeleitete Nachricht --------
Von: Christian Adam <hirnwurst@t-online.de> An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated It Datum: Mon, 30 May 2016 22:14:51 +0200
Dear Percy,
I read all of your messages very carefully and, please, believe me, I don't mean to be rude, but just want to provide you a little bit of relief.
First of all, I have to share that I AM in fact a schizophrenic for 16 years now, but fully therapied to the extent I do a job as a system administrator and get certified for being a data security officer this week. This won't reveal any competence on my side, but gives a clue about my functional level which is, after all, related to sanity.
<< snip >>
Given my experience with newbie users, paranoia and system administration, what you wrote seemed quite normal and you didn't provide (as far as I remember) any unusual technical details.
Maybe what just happened was a lack of informed consent resulting in a tasteless prank.
I don't want to do injustice to you, but since Edward Snowden, we're all used to question every system crash and honestly, our times seem to be hysterical and violence-saturated.
The rule is simple. When a user thinks he's infected, he's almost always not. If he's infected, he wouldn't notice.
Hugs, I hope you find peace again soon.
Please don't feel offended, I only told my story based on the facts you gave.
And kind regards,
christian
Am Montag, den 30.05.2016, 13:25 +0200 schrieb Christian Pietsch:
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Wow – I’m looking to see if mine has been taken over. How do I find that file below on mine? From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Percy Blakeney Sent: Tuesday, May 31, 2016 12:07 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] [Fwd: Re: I'm Running A Tor Exit But Never Initiated It] And this: # Tor state file last generated on 2016-05-31 14:31:06 local time # Other times below are in UTC # You *do not* need to edit this file. EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardUnlistedSince 2016-05-31 18:00:11 EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20 EntryGuardPathBias 104.000000 104.000000 100.000000 4.000000 0.000000 0.000000 EntryGuard Unnamed B2CB9E5C80367C9026A806EC4801E22425AA7E8A DirCache EntryGuardAddedBy B2CB9E5C80367C9026A806EC4801E22425AA7E8A 0.2.4.27 2016-04-20 04:00:54 EntryGuardPathBias 5.000000 4.000000 4.000000 0.000000 0.000000 0.000000 EntryGuard Unnamed 1DE193C88576C3B377CEFCDB6E6E8B91F195D252 DirCache EntryGuardUnlistedSince 2016-05-17 01:51:36 EntryGuardAddedBy 1DE193C88576C3B377CEFCDB6E6E8B91F195D252 0.2.4.27 2016-04-20 10:24:57 EntryGuard CatRelay12 ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC DirCache EntryGuardAddedBy ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC 0.2.4.27 2016-04-22 14:09:45 TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a) LastWritten 2016-05-31 18:31:06 TotalBuildTimes 108 CircuitBuildTimeBin 325 3 CircuitBuildTimeBin 375 1 CircuitBuildTimeBin 425 18 CircuitBuildTimeBin 475 22 CircuitBuildTimeBin 525 9 CircuitBuildTimeBin 575 13 CircuitBuildTimeBin 625 5 CircuitBuildTimeBin 675 8 CircuitBuildTimeBin 725 4 CircuitBuildTimeBin 775 4 CircuitBuildTimeBin 825 4 CircuitBuildTimeBin 875 3 CircuitBuildTimeBin 925 2 CircuitBuildTimeBin 975 2 CircuitBuildTimeBin 1025 3 CircuitBuildTimeBin 1075 1 CircuitBuildTimeBin 1125 1 CircuitBuildTimeBin 1175 1 CircuitBuildTimeBin 1275 1 CircuitBuildTimeBin 1375 1 CircuitBuildTimeBin 1525 1 CircuitBuildTimeBin 2275 1 On Tue, May 31, 2016 at 3:02 PM, Percy Blakeney <di99in5@gmail.com <mailto:di99in5@gmail.com> > wrote: I'm not offended in the least. No worries. The only reason I'm contacting anyone about this is the sheer fact Tor folders, files and connections are running through my systems and connection. Otherwise, I would have kept all of this to myself. Tor is extremely important and my fear is that someone out there maybe attempting to disguise themselves to enter it. I'm far from being IT savvy, however, I've spent the last six or so months trying to read everything I can possibly read to get a better understanding as to what's going on. Now, according to my Dell and Acer which both run Mint, when I try to install Tor I'm told I already have it. When I try to run Tor I'm told I don't have it. When I try to remove it, it comes back. However, I have a Lenovo with Windows10 on it. With that computer I was able to install the Tor browser with no problems. So here I am with one laptop that has the browser installed while my other two computers show that I'm running a relay. If this is nothing to be concerned over then that's that but I would like to make sure from possibly the friendly people here just in case. This is what I have as of today: May 31 07:35:23.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 31 09:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 12:00 hours, with 0 circuits open. I've sent 6.34 MB and received 138.42 MB. May 31 09:48:33.000 [notice] Average packaged cell fullness: 77.895% May 31 09:48:33.000 [notice] TLS write overhead: 7% May 31 12:42:51.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening log file. May 31 12:42:53.000 [notice] Bootstrapped 5%: Connecting to directory server. May 31 12:42:53.000 [notice] Bootstrapped 45%: Asking for relay descriptors. May 31 12:42:53.000 [notice] Bootstrapped 50%: Loading relay descriptors. May 31 12:42:53.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7013, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) May 31 12:42:53.000 [notice] Bootstrapped 51%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 53%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 54%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 56%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 57%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 59%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 60%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 62%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 63%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 65%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 66%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 68%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 69%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 71%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 72%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 74%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 75%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 77%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 78%: Loading relay descriptors. May 31 12:42:54.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 3220/7013, and can only build 11% of likely paths. (We have 48% of guards bw, 48% of midpoint bw, and 49% of exit bw.) May 31 12:42:56.000 [notice] We now have enough directory information to build circuits. May 31 12:42:56.000 [notice] Bootstrapped 80%: Connecting to the Tor network. May 31 12:42:56.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. May 31 12:42:57.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 31 12:42:57.000 [notice] Bootstrapped 100%: Done. May 30 07:35:20.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 30 09:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 12:00 hours, with 0 circuits open. I've sent 6.00 MB and received 128.80 MB. May 30 09:48:33.000 [notice] Average packaged cell fullness: 78.591% May 30 09:48:33.000 [notice] TLS write overhead: 7% May 30 15:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 18:00 hours, with 0 circuits open. I've sent 6.06 MB and received 130.60 MB. May 30 15:48:33.000 [notice] Average packaged cell fullness: 78.468% May 30 15:48:33.000 [notice] TLS write overhead: 7% May 30 21:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 0:00 hours, with 0 circuits open. I've sent 6.19 MB and received 134.22 MB. May 30 21:48:33.000 [notice] Average packaged cell fullness: 78.172% May 30 21:48:33.000 [notice] TLS write overhead: 7% May 31 03:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 6:00 hours, with 0 circuits open. I've sent 6.25 MB and received 136.02 MB. May 31 03:48:33.000 [notice] Average packaged cell fullness: 78.053% May 31 03:48:33.000 [notice] TLS write overhead: 7% May 31 07:35:23.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. May 31 07:35:23.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". May 31 07:35:23.000 [notice] Read configuration file "/etc/tor/torrc". On Tue, May 31, 2016 at 2:12 PM, Gumby <info@gumbyzee.torzone.net <mailto:info@gumbyzee.torzone.net> > wrote: I am a tech, a good one, who also runs 2 relays from my shop. I have found in client PC's many hidden things - such as proxys running for malware delivery. They were totally unaware except for slow and losing disk space. (Finding Tor running is a bit too extreme) I've also had two clients that were "absolutely" sure that someone was out to get them - cyber-stalking in their eyes. I actually did all of the suggestions made prior - new drive, reset or new router, even walked the home and perimeter looking for connections. I was positive of my security (30 years doing this) but they were calm for less than 4 weeks then started again. Their spouses, to their credit, stayed quiet and just rolled their eyes. Could a malicious technician do this? Hell yeah - most of us could do it dozens of times and they'd never know. We have too much moral decency, but.... others don't. More than likely, it is a scenario as christian states .... too much overload somewhere. Or a troll, we hope not. Me On 05/30/2016 04:27 PM, Christian wrote: -------- Weitergeleitete Nachricht -------- Von: Christian Adam <hirnwurst@t-online.de <mailto:hirnwurst@t-online.de> > An: tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> Betreff: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated It Datum: Mon, 30 May 2016 22:14:51 +0200 Dear Percy, I read all of your messages very carefully and, please, believe me, I don't mean to be rude, but just want to provide you a little bit of relief. First of all, I have to share that I AM in fact a schizophrenic for 16 years now, but fully therapied to the extent I do a job as a system administrator and get certified for being a data security officer this week. This won't reveal any competence on my side, but gives a clue about my functional level which is, after all, related to sanity. << snip >> Given my experience with newbie users, paranoia and system administration, what you wrote seemed quite normal and you didn't provide (as far as I remember) any unusual technical details. Maybe what just happened was a lack of informed consent resulting in a tasteless prank. I don't want to do injustice to you, but since Edward Snowden, we're all used to question every system crash and honestly, our times seem to be hysterical and violence-saturated. The rule is simple. When a user thinks he's infected, he's almost always not. If he's infected, he wouldn't notice. Hugs, I hope you find peace again soon. Please don't feel offended, I only told my story based on the facts you gave. And kind regards, christian Am Montag, den 30.05.2016, 13:25 +0200 schrieb Christian Pietsch: _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
So exactly why is he unable to kill the process? Even as su ? But also, if this is all taking place, what spook "agency" is doing the install, where a new drive gets the same and spreads? Where did the install iso get downloaded from, and did the hash get checked? Me On 05/31/2016 03:16 PM, Greg Moss wrote:
Wow – I’m looking to see if mine has been taken over. How do I find that file below on mine?
*From:*tor-relays [mailto:tor-relays-bounces@lists.torproject.org] *On Behalf Of *Percy Blakeney *Sent:* Tuesday, May 31, 2016 12:07 PM *To:* tor-relays@lists.torproject.org *Subject:* Re: [tor-relays] [Fwd: Re: I'm Running A Tor Exit But Never Initiated It]
And this:
# Tor state file last generated on 2016-05-31 14:31:06 local time # Other times below are in UTC # You *do not* need to edit this file.
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardUnlistedSince 2016-05-31 18:00:11 EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20 EntryGuardPathBias 104.000000 104.000000 100.000000 4.000000 0.000000 0.000000 EntryGuard Unnamed B2CB9E5C80367C9026A806EC4801E22425AA7E8A DirCache EntryGuardAddedBy B2CB9E5C80367C9026A806EC4801E22425AA7E8A 0.2.4.27 2016-04-20 04:00:54 EntryGuardPathBias 5.000000 4.000000 4.000000 0.000000 0.000000 0.000000 EntryGuard Unnamed 1DE193C88576C3B377CEFCDB6E6E8B91F195D252 DirCache EntryGuardUnlistedSince 2016-05-17 01:51:36 EntryGuardAddedBy 1DE193C88576C3B377CEFCDB6E6E8B91F195D252 0.2.4.27 2016-04-20 10:24:57 EntryGuard CatRelay12 ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC DirCache EntryGuardAddedBy ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC 0.2.4.27 2016-04-22 14:09:45 TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a) LastWritten 2016-05-31 18:31:06 TotalBuildTimes 108 CircuitBuildTimeBin 325 3 CircuitBuildTimeBin 375 1 CircuitBuildTimeBin 425 18 CircuitBuildTimeBin 475 22 CircuitBuildTimeBin 525 9 CircuitBuildTimeBin 575 13 CircuitBuildTimeBin 625 5 CircuitBuildTimeBin 675 8 CircuitBuildTimeBin 725 4 CircuitBuildTimeBin 775 4 CircuitBuildTimeBin 825 4 CircuitBuildTimeBin 875 3 CircuitBuildTimeBin 925 2 CircuitBuildTimeBin 975 2 CircuitBuildTimeBin 1025 3 CircuitBuildTimeBin 1075 1 CircuitBuildTimeBin 1125 1 CircuitBuildTimeBin 1175 1 CircuitBuildTimeBin 1275 1 CircuitBuildTimeBin 1375 1 CircuitBuildTimeBin 1525 1 CircuitBuildTimeBin 2275 1
On Tue, May 31, 2016 at 3:02 PM, Percy Blakeney <di99in5@gmail.com <mailto:di99in5@gmail.com>> wrote:
I'm not offended in the least. No worries. The only reason I'm contacting anyone about this is the sheer fact Tor folders, files and connections are running through my systems and connection. Otherwise, I would have kept all of this to myself. Tor is extremely important and my fear is that someone out there maybe attempting to disguise themselves to enter it. I'm far from being IT savvy, however, I've spent the last six or so months trying to read everything I can possibly read to get a better understanding as to what's going on. Now, according to my Dell and Acer which both run Mint, when I try to install Tor I'm told I already have it. When I try to run Tor I'm told I don't have it. When I try to remove it, it comes back. However, I have a Lenovo with Windows10 on it. With that computer I was able to install the Tor browser with no problems. So here I am with one laptop that has the browser installed while my other two computers show that I'm running a relay. If this is nothing to be concerned over then that's that but I would like to make sure from possibly the friendly people here just in case. This is what I have as of today:
May 31 07:35:23.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 31 09:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 12:00 hours, with 0 circuits open. I've sent 6.34 MB and received 138.42 MB. May 31 09:48:33.000 [notice] Average packaged cell fullness: 77.895% May 31 09:48:33.000 [notice] TLS write overhead: 7% May 31 12:42:51.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening log file. May 31 12:42:53.000 [notice] Bootstrapped 5%: Connecting to directory server. May 31 12:42:53.000 [notice] Bootstrapped 45%: Asking for relay descriptors. May 31 12:42:53.000 [notice] Bootstrapped 50%: Loading relay descriptors. May 31 12:42:53.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7013, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) May 31 12:42:53.000 [notice] Bootstrapped 51%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 53%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 54%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 56%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 57%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 59%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 60%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 62%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 63%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 65%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 66%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 68%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 69%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 71%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 72%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 74%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 75%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 77%: Loading relay descriptors. May 31 12:42:54.000 [notice] Bootstrapped 78%: Loading relay descriptors. May 31 12:42:54.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 3220/7013, and can only build 11% of likely paths. (We have 48% of guards bw, 48% of midpoint bw, and 49% of exit bw.) May 31 12:42:56.000 [notice] We now have enough directory information to build circuits. May 31 12:42:56.000 [notice] Bootstrapped 80%: Connecting to the Tor network. May 31 12:42:56.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. May 31 12:42:57.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 31 12:42:57.000 [notice] Bootstrapped 100%: Done.
May 30 07:35:20.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening new log file. May 30 09:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 12:00 hours, with 0 circuits open. I've sent 6.00 MB and received 128.80 MB. May 30 09:48:33.000 [notice] Average packaged cell fullness: 78.591% May 30 09:48:33.000 [notice] TLS write overhead: 7% May 30 15:48:33.000 [notice] Heartbeat: Tor's uptime is 13 days 18:00 hours, with 0 circuits open. I've sent 6.06 MB and received 130.60 MB. May 30 15:48:33.000 [notice] Average packaged cell fullness: 78.468% May 30 15:48:33.000 [notice] TLS write overhead: 7% May 30 21:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 0:00 hours, with 0 circuits open. I've sent 6.19 MB and received 134.22 MB. May 30 21:48:33.000 [notice] Average packaged cell fullness: 78.172% May 30 21:48:33.000 [notice] TLS write overhead: 7% May 31 03:48:33.000 [notice] Heartbeat: Tor's uptime is 14 days 6:00 hours, with 0 circuits open. I've sent 6.25 MB and received 136.02 MB. May 31 03:48:33.000 [notice] Average packaged cell fullness: 78.053% May 31 03:48:33.000 [notice] TLS write overhead: 7% May 31 07:35:23.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. May 31 07:35:23.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". May 31 07:35:23.000 [notice] Read configuration file "/etc/tor/torrc".
On Tue, May 31, 2016 at 2:12 PM, Gumby <info@gumbyzee.torzone.net <mailto:info@gumbyzee.torzone.net>> wrote:
I am a tech, a good one, who also runs 2 relays from my shop. I have found in client PC's many hidden things - such as proxys running for malware delivery. They were totally unaware except for slow and losing disk space. (Finding Tor running is a bit too extreme) I've also had two clients that were "absolutely" sure that someone was out to get them - cyber-stalking in their eyes. I actually did all of the suggestions made prior - new drive, reset or new router, even walked the home and perimeter looking for connections. I was positive of my security (30 years doing this) but they were calm for less than 4 weeks then started again. Their spouses, to their credit, stayed quiet and just rolled their eyes. Could a malicious technician do this? Hell yeah - most of us could do it dozens of times and they'd never know. We have too much moral decency, but.... others don't. More than likely, it is a scenario as christian states .... too much overload somewhere. Or a troll, we hope not.
Me
On 05/30/2016 04:27 PM, Christian wrote:
-------- Weitergeleitete Nachricht --------
Von: Christian Adam <hirnwurst@t-online.de <mailto:hirnwurst@t-online.de>> An: tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> Betreff: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated It Datum: Mon, 30 May 2016 22:14:51 +0200
Dear Percy,
I read all of your messages very carefully and, please, believe me, I don't mean to be rude, but just want to provide you a little bit of relief.
First of all, I have to share that I AM in fact a schizophrenic for 16 years now, but fully therapied to the extent I do a job as a system administrator and get certified for being a data security officer this week. This won't reveal any competence on my side, but gives a clue about my functional level which is, after all, related to sanity.
<< snip >>
Given my experience with newbie users, paranoia and system administration, what you wrote seemed quite normal and you didn't provide (as far as I remember) any unusual technical details.
Maybe what just happened was a lack of informed consent resulting in a tasteless prank.
I don't want to do injustice to you, but since Edward Snowden, we're all used to question every system crash and honestly, our times seem to be hysterical and violence-saturated.
The rule is simple. When a user thinks he's infected, he's almost always not. If he's infected, he wouldn't notice.
Hugs, I hope you find peace again soon.
Please don't feel offended, I only told my story based on the facts you gave.
And kind regards,
christian
Am Montag, den 30.05.2016, 13:25 +0200 schrieb Christian Pietsch:
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
That is a fairly old version of Tor to have installed. On 05/31/2016 03:06 PM, Percy Blakeney wrote:
And this: . . . TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a)
CircuitBuildTimeBin 1175 1 CircuitBuildTimeBin 1275 1 CircuitBuildTimeBin 1375 1 CircuitBuildTimeBin 1525 1 CircuitBuildTimeBin 2275 1
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 05/31/2016 01:34 PM, Gumby wrote:
That is a fairly old version of Tor to have installed.
On 05/31/2016 03:06 PM, Percy Blakeney wrote:
And this: . . . TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a)
So what versions did Mevade, Sefnit, etc use?
CircuitBuildTimeBin 1175 1 CircuitBuildTimeBin 1275 1 CircuitBuildTimeBin 1375 1 CircuitBuildTimeBin 1525 1 CircuitBuildTimeBin 2275 1
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In May of 2016, on a laptop running Mint 17.3 from December 2015 - a newer version is in the repositories, particularly if it has been reinstalled again. Why use an older one? his torrc shows a hidden service, but no Dir uses wrong term for OutboundBindAddress 10.0.0.5 and a Raspberry PI ? questions arise out of the fog..... Sir Percy Blakeney - the Scarlet Pimpernel of fiction. cute. sorry, just looking under the goat bridge, Me On 05/31/2016 04:31 PM, Mirimir wrote:
On 05/31/2016 01:34 PM, Gumby wrote:
That is a fairly old version of Tor to have installed.
On 05/31/2016 03:06 PM, Percy Blakeney wrote:
And this: . . . TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a) So what versions did Mevade, Sefnit, etc use?
CircuitBuildTimeBin 1175 1 CircuitBuildTimeBin 1275 1 CircuitBuildTimeBin 1375 1 CircuitBuildTimeBin 1525 1 CircuitBuildTimeBin 2275 1
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yes. The Scarlet Pimpernel. Sir Percy is my favorite literary character hands down. As for your other questions, I will try to answer them if I can. I'm afraid I'm not yet educated enough to fully grasp half of this. As of right now my Acer laptop that runs Linux MATE is awaiting a new battery. Funny how it's battery drained within minutes as of two days ago. Yes, I mean minutes. Both myself and my spouse watched it happen. As far as my Dell desktop is concerned it will not allow me to upgrade or update. I keep getting this message: "Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" This whole mess really put a damper on my passion to learn Linux Essentials. That was my initial goal. Instead I've been forced to figure this out so I've thrown myself to the wolves, so to speak, in order to learn any and all I can regarding all aspects of IT. Are there folders and/or files I should look for or that anyone out there might suggest I look through? On Tue, May 31, 2016 at 4:51 PM, Gumby <info@gumbyzee.torzone.net> wrote:
In May of 2016, on a laptop running Mint 17.3 from December 2015 - a newer version is in the repositories, particularly if it has been reinstalled again. Why use an older one? his torrc shows a hidden service, but no Dir uses wrong term for OutboundBindAddress 10.0.0.5 and a Raspberry PI ? questions arise out of the fog.....
Sir Percy Blakeney - the Scarlet Pimpernel of fiction. cute.
sorry, just looking under the goat bridge, Me
On 05/31/2016 04:31 PM, Mirimir wrote:
On 05/31/2016 01:34 PM, Gumby wrote:
That is a fairly old version of Tor to have installed.
On 05/31/2016 03:06 PM, Percy Blakeney wrote:
And this: . . . TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a)
So what versions did Mevade, Sefnit, etc use?
CircuitBuildTimeBin 1175 1
CircuitBuildTimeBin 1275 1 CircuitBuildTimeBin 1375 1 CircuitBuildTimeBin 1525 1 CircuitBuildTimeBin 2275 1
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Mate is the desktop type, like cinnamon, xfce, kde. What release? Same one, 17.3? what type media did you use to install? did it come from Mint for sure, and did you check the signature? At the bottom of the download page @ Mint there is the checksum to get. That is why, especially with tor, we should always be confident of the iso... and so should anyone apparently. There were bogus copies of everything going around a couple years ago, and even "Anonymous" released their own iso full of malware. Wasn't them, but irrelevant. Get a good copy and reinstall. Use Tails to download it to a clean flash drive. I assume you have a router after your modem, that is why the ISP sees a different setup. You have both 192.168.0.* and 10.0.0.* listed, both are private addresses. Have you tried sudo apt update, then sudo apt upgrade from a terminal? Me On 05/31/2016 05:14 PM, Percy Blakeney wrote:
Yes. The Scarlet Pimpernel. Sir Percy is my favorite literary character hands down. As for your other questions, I will try to answer them if I can. I'm afraid I'm not yet educated enough to fully grasp half of this. As of right now my Acer laptop that runs Linux MATE is awaiting a new battery. Funny how it's battery drained within minutes
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
My very first bootable flashdrive was created using pendrivelinux universal usb installer. That was early September 2015 and it was Ubuntu 14.04. Then once the OS was installed that's when weird things started to happen which forced me to take the Dell desktop to one place and my Acer laptop (along with the flashdrive) to another repair place and instead of repairing both Android Moto G phones I bought two new Moto E next generation phones. I'm assuming that whomever or whatever partitioned both HDDs and caused visible trouble within my network thought I would leave well enough alone and go back to our typical internet user lives. I couldn't though. I had and still have a drive in me to find out how that was done, why it was done and who did it. Instead of it scaring me it intrigued me. Soon after I found myself going down a rabbit hole. To date I have 11 different flashdrives with 11 different operating systems on them. In addition to the flashdrives I also made 6 different bootable dvds with 6 different operating systems on them. With ALL my ISOs, I did everything by the book and never had an issue with any of them. First I made sure I was downloading my ISO ONLY from the official website. Second I ALWAYS made sure my checksums were exact. I never took my own path while following directions. I wanted to do everything with textbook accuracy. My signatures always checked out. I have Tails. Everything was fine with Tails up until the last I tried to run it, December 28, 2015. (I date everything by the way) It kept crashing and telling me I didn't have a complete installation. It was up to date with, like I said, good signatures but it went weird and eventually just produced a black screen so I disregarded it and moved onto other stuff. No. The only router/modem I have is the Xfinity Arris router/modem combo. I'm on my third replacement. After I got the one I'm using now and noticed the same weird stuff happening I just gave up the fight with Comcast. When I inquire about buying my own I'm told I'm not permitted, contrary to what their site states. When I inquire about changing ISPs I get told by each one (FIOS, Hughesnet, etc) that they don't provide service in my area which is strange considering the guy next to me uses FIOS. Of course I've tried sudo apt-get update, upgrade and everything else under the sun. This is what I get as of a few minutes ago: E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? ps -e | grep ssh 2123 ? 00:00:00 ssh-agent cut -d: -f1 /etc/passwd root daemon bin sys sync games man lp mail news uucp proxy www-data backup list irc gnats nobody libuuid syslog messagebus usbmux dnsmasq avahi-autoipd kernoops avahi pulse colord hplip mdm rtkit saned speech-dispatcher jadeharley (ME) mysql debian-tor tor --list-fingerprint May 31 17:16:16.238 [notice] Tor v0.2.4.27 (git-412e3f7dc9c6c01a) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1f. May 31 17:16:16.238 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning May 31 17:16:16.251 [notice] Read configuration file "/etc/tor/torrc". May 31 17:16:16.257 [err] Clients don't have long-term identity keys. Exiting. On Tue, May 31, 2016 at 5:32 PM, Gumby <info@gumbyzee.torzone.net> wrote:
Mate is the desktop type, like cinnamon, xfce, kde. What release? Same one, 17.3? what type media did you use to install? did it come from Mint for sure, and did you check the signature? At the bottom of the download page @ Mint there is the checksum to get. That is why, especially with tor, we should always be confident of the iso... and so should anyone apparently. There were bogus copies of everything going around a couple years ago, and even "Anonymous" released their own iso full of malware. Wasn't them, but irrelevant. Get a good copy and reinstall. Use Tails to download it to a clean flash drive. I assume you have a router after your modem, that is why the ISP sees a different setup. You have both 192.168.0.* and 10.0.0.* listed, both are private addresses. Have you tried sudo apt update, then sudo apt upgrade from a terminal?
Me
On 05/31/2016 05:14 PM, Percy Blakeney wrote:
Yes. The Scarlet Pimpernel. Sir Percy is my favorite literary character hands down. As for your other questions, I will try to answer them if I can. I'm afraid I'm not yet educated enough to fully grasp half of this. As of right now my Acer laptop that runs Linux MATE is awaiting a new battery. Funny how it's battery drained within minutes
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
If I unplug my router. First, my router/modem does what it wants, when it wants. That thing lights up like a xmas tree by resetting itself sometimes as frequent as once a week to several times a day. Second, once unplugged nothing shows up. The guy next to me has Verizon and his never shows up. I changed my admin/password, password the second I installed it. Not only that but I change my passwords constantly and when I do I always use upper/lower case letters, numbers, and punctuation between 14 to 40 characters in strength. When I look at the admin page/router page it changes. It also depends on which browser I use. When I use firefox the word javascript{0} shows up on the bottom left side of my page only when I hover my mouse over the firewall and MoCA but javascript{0} does not show up if I use Microsoft Edge or Chrome. Also, it's configured in ways I don't fully understand. The last time I called Xfinity to address this situation the tech told me the stuff I was rattling off to him wasn't on the page he was looking at yet him and I were on the same page. Every time I've done a hard factory reset it still goes back to how it is now. Once I called Xfinity and spoke to a tech who told me he was going to do the reset from where he was since for some weird reason I was unable to. After I gave him my new wifi name and password and said and I quote, "Hunh. That was weird." When I asked "what was so weird" he replied with, "Your name and password went to black dots on my screen then disappeared from my screen. Mam, (yeah, I'm a woman) can I ask if you have someone in your router?" I simply told him, "yes." To which he then asks me, "Do you know who they are?" I said, "Nope." Then he placed me on hold, got back on with me and told me after he does the reset again he's going to report this issue but I've yet to hear back from anyone. On Tue, May 31, 2016 at 6:20 PM, Percy Blakeney <di99in5@gmail.com> wrote:
My very first bootable flashdrive was created using pendrivelinux universal usb installer. That was early September 2015 and it was Ubuntu 14.04. Then once the OS was installed that's when weird things started to happen which forced me to take the Dell desktop to one place and my Acer laptop (along with the flashdrive) to another repair place and instead of repairing both Android Moto G phones I bought two new Moto E next generation phones. I'm assuming that whomever or whatever partitioned both HDDs and caused visible trouble within my network thought I would leave well enough alone and go back to our typical internet user lives. I couldn't though. I had and still have a drive in me to find out how that was done, why it was done and who did it. Instead of it scaring me it intrigued me. Soon after I found myself going down a rabbit hole.
To date I have 11 different flashdrives with 11 different operating systems on them. In addition to the flashdrives I also made 6 different bootable dvds with 6 different operating systems on them. With ALL my ISOs, I did everything by the book and never had an issue with any of them. First I made sure I was downloading my ISO ONLY from the official website. Second I ALWAYS made sure my checksums were exact. I never took my own path while following directions. I wanted to do everything with textbook accuracy. My signatures always checked out.
I have Tails. Everything was fine with Tails up until the last I tried to run it, December 28, 2015. (I date everything by the way) It kept crashing and telling me I didn't have a complete installation. It was up to date with, like I said, good signatures but it went weird and eventually just produced a black screen so I disregarded it and moved onto other stuff.
No. The only router/modem I have is the Xfinity Arris router/modem combo. I'm on my third replacement. After I got the one I'm using now and noticed the same weird stuff happening I just gave up the fight with Comcast. When I inquire about buying my own I'm told I'm not permitted, contrary to what their site states. When I inquire about changing ISPs I get told by each one (FIOS, Hughesnet, etc) that they don't provide service in my area which is strange considering the guy next to me uses FIOS.
Of course I've tried sudo apt-get update, upgrade and everything else under the sun. This is what I get as of a few minutes ago:
E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
ps -e | grep ssh 2123 ? 00:00:00 ssh-agent
cut -d: -f1 /etc/passwd root daemon bin sys sync games man lp mail news uucp proxy www-data backup list irc gnats nobody libuuid syslog messagebus usbmux dnsmasq avahi-autoipd kernoops avahi pulse colord hplip mdm rtkit saned speech-dispatcher jadeharley (ME) mysql debian-tor
tor --list-fingerprint May 31 17:16:16.238 [notice] Tor v0.2.4.27 (git-412e3f7dc9c6c01a) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1f. May 31 17:16:16.238 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning May 31 17:16:16.251 [notice] Read configuration file "/etc/tor/torrc". May 31 17:16:16.257 [err] Clients don't have long-term identity keys. Exiting.
On Tue, May 31, 2016 at 5:32 PM, Gumby <info@gumbyzee.torzone.net> wrote:
Mate is the desktop type, like cinnamon, xfce, kde. What release? Same one, 17.3? what type media did you use to install? did it come from Mint for sure, and did you check the signature? At the bottom of the download page @ Mint there is the checksum to get. That is why, especially with tor, we should always be confident of the iso... and so should anyone apparently. There were bogus copies of everything going around a couple years ago, and even "Anonymous" released their own iso full of malware. Wasn't them, but irrelevant. Get a good copy and reinstall. Use Tails to download it to a clean flash drive. I assume you have a router after your modem, that is why the ISP sees a different setup. You have both 192.168.0.* and 10.0.0.* listed, both are private addresses. Have you tried sudo apt update, then sudo apt upgrade from a terminal?
Me
On 05/31/2016 05:14 PM, Percy Blakeney wrote:
Yes. The Scarlet Pimpernel. Sir Percy is my favorite literary character hands down. As for your other questions, I will try to answer them if I can. I'm afraid I'm not yet educated enough to fully grasp half of this. As of right now my Acer laptop that runs Linux MATE is awaiting a new battery. Funny how it's battery drained within minutes
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In addition I DO NOT have the full Xfinity package. They can't even help me figure out my router so I'll be damned if I'm going to put them in charge of my entire home. My home phone runs through my Arris as well. As a matter of fact LONG numbers call here all the time from all over the world. If I go into my Xfinity voice account page it shows numbers that I'm calling that I can tell you first hand no one in this house ever did. Again, I tell Xfinity and they brush me off by telling me they investigate the matter but I never hear back. What gets weirder than that is there is a "phone number" that calls here daily. I wrote the number down like I do with everything else that's weird I see and upon searching through folders and files on my pc I looked through a folder called dbus1 and inside was a file with the exact "phone number" in it. It was some kind of dbus session number. I'm currently trying to find this file again so I can copy and paste exactly what I saw. This is the number: 1-11 26 74 632594. And that's exactly how it shows up on my phone too. On Tue, May 31, 2016 at 6:41 PM, Percy Blakeney <di99in5@gmail.com> wrote:
If I unplug my router. First, my router/modem does what it wants, when it wants. That thing lights up like a xmas tree by resetting itself sometimes as frequent as once a week to several times a day. Second, once unplugged nothing shows up. The guy next to me has Verizon and his never shows up.
I changed my admin/password, password the second I installed it. Not only that but I change my passwords constantly and when I do I always use upper/lower case letters, numbers, and punctuation between 14 to 40 characters in strength. When I look at the admin page/router page it changes. It also depends on which browser I use. When I use firefox the word javascript{0} shows up on the bottom left side of my page only when I hover my mouse over the firewall and MoCA but javascript{0} does not show up if I use Microsoft Edge or Chrome. Also, it's configured in ways I don't fully understand. The last time I called Xfinity to address this situation the tech told me the stuff I was rattling off to him wasn't on the page he was looking at yet him and I were on the same page. Every time I've done a hard factory reset it still goes back to how it is now. Once I called Xfinity and spoke to a tech who told me he was going to do the reset from where he was since for some weird reason I was unable to. After I gave him my new wifi name and password and said and I quote, "Hunh. That was weird." When I asked "what was so weird" he replied with, "Your name and password went to black dots on my screen then disappeared from my screen. Mam, (yeah, I'm a woman) can I ask if you have someone in your router?" I simply told him, "yes." To which he then asks me, "Do you know who they are?" I said, "Nope." Then he placed me on hold, got back on with me and told me after he does the reset again he's going to report this issue but I've yet to hear back from anyone.
On Tue, May 31, 2016 at 6:20 PM, Percy Blakeney <di99in5@gmail.com> wrote:
My very first bootable flashdrive was created using pendrivelinux universal usb installer. That was early September 2015 and it was Ubuntu 14.04. Then once the OS was installed that's when weird things started to happen which forced me to take the Dell desktop to one place and my Acer laptop (along with the flashdrive) to another repair place and instead of repairing both Android Moto G phones I bought two new Moto E next generation phones. I'm assuming that whomever or whatever partitioned both HDDs and caused visible trouble within my network thought I would leave well enough alone and go back to our typical internet user lives. I couldn't though. I had and still have a drive in me to find out how that was done, why it was done and who did it. Instead of it scaring me it intrigued me. Soon after I found myself going down a rabbit hole.
To date I have 11 different flashdrives with 11 different operating systems on them. In addition to the flashdrives I also made 6 different bootable dvds with 6 different operating systems on them. With ALL my ISOs, I did everything by the book and never had an issue with any of them. First I made sure I was downloading my ISO ONLY from the official website. Second I ALWAYS made sure my checksums were exact. I never took my own path while following directions. I wanted to do everything with textbook accuracy. My signatures always checked out.
I have Tails. Everything was fine with Tails up until the last I tried to run it, December 28, 2015. (I date everything by the way) It kept crashing and telling me I didn't have a complete installation. It was up to date with, like I said, good signatures but it went weird and eventually just produced a black screen so I disregarded it and moved onto other stuff.
No. The only router/modem I have is the Xfinity Arris router/modem combo. I'm on my third replacement. After I got the one I'm using now and noticed the same weird stuff happening I just gave up the fight with Comcast. When I inquire about buying my own I'm told I'm not permitted, contrary to what their site states. When I inquire about changing ISPs I get told by each one (FIOS, Hughesnet, etc) that they don't provide service in my area which is strange considering the guy next to me uses FIOS.
Of course I've tried sudo apt-get update, upgrade and everything else under the sun. This is what I get as of a few minutes ago:
E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
ps -e | grep ssh 2123 ? 00:00:00 ssh-agent
cut -d: -f1 /etc/passwd root daemon bin sys sync games man lp mail news uucp proxy www-data backup list irc gnats nobody libuuid syslog messagebus usbmux dnsmasq avahi-autoipd kernoops avahi pulse colord hplip mdm rtkit saned speech-dispatcher jadeharley (ME) mysql debian-tor
tor --list-fingerprint May 31 17:16:16.238 [notice] Tor v0.2.4.27 (git-412e3f7dc9c6c01a) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1f. May 31 17:16:16.238 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning May 31 17:16:16.251 [notice] Read configuration file "/etc/tor/torrc". May 31 17:16:16.257 [err] Clients don't have long-term identity keys. Exiting.
On Tue, May 31, 2016 at 5:32 PM, Gumby <info@gumbyzee.torzone.net> wrote:
Mate is the desktop type, like cinnamon, xfce, kde. What release? Same one, 17.3? what type media did you use to install? did it come from Mint for sure, and did you check the signature? At the bottom of the download page @ Mint there is the checksum to get. That is why, especially with tor, we should always be confident of the iso... and so should anyone apparently. There were bogus copies of everything going around a couple years ago, and even "Anonymous" released their own iso full of malware. Wasn't them, but irrelevant. Get a good copy and reinstall. Use Tails to download it to a clean flash drive. I assume you have a router after your modem, that is why the ISP sees a different setup. You have both 192.168.0.* and 10.0.0.* listed, both are private addresses. Have you tried sudo apt update, then sudo apt upgrade from a terminal?
Me
On 05/31/2016 05:14 PM, Percy Blakeney wrote:
Yes. The Scarlet Pimpernel. Sir Percy is my favorite literary character hands down. As for your other questions, I will try to answer them if I can. I'm afraid I'm not yet educated enough to fully grasp half of this. As of right now my Acer laptop that runs Linux MATE is awaiting a new battery. Funny how it's battery drained within minutes
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Tue, May 31, 2016 at 07:05:23PM -0400, Percy Blakeney wrote:
In addition I DO NOT have the full Xfinity package.
Hi folks, I'm going to put an end to this thread now. Please be aware that 1700+ people are on the tor-relays list, so we really need to keep things concise and on-topic. Thanks! --Roger
Actually, looks like it used the 2.3.25 browser bundle. But it was through emule file sharing. If he is legit, and I have concerns, could the daughter download some old infected files - and was it network aware enough to spread and infect a new Mint/Ubuntu? New variant back to life, finding any network, shared or not, like the new ransomeware? Me On 05/31/2016 04:31 PM, Mirimir wrote:
So what versions did Mevade, Sefnit, etc use?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I've recently taken her Dell out of her room and into mine. She knows the rules and ALWAYS grabs me before installing or attempting to install anything. The ONLY thing she successfully installed was Minecraft. As of two days ago I ran several network scans using different Android apps. I received the same result with each one: 10.0.0.1 Arris (router number ends with 23:04 which is correct) 10.0.0.6 arrisxb3atom (router number ends with 22:FC which is incorrect) 10.0.0.45 android port 111 rpcbind portmapper 10.0.0.61 inspirion port(s) 139 netbios-ssn smb directly over IP, 445 microsoft-ds Also, it shows my two (2.4GHZ & 5GHZ) secured wifi names and one xfinity network, as it should, however, it also shows HOME-E2DE 2.4, HOME-E2DE 5 and another xfinity network. Though I don't even bother contacting xfinity about this anymore, when I did in the past I was always, ALWAYS, asked the same thing: "Unplug your modem from your router." And each time I've had to tell them, I don't have a separate modem, I have the Arris router/modem combo that you gave me. On Tue, May 31, 2016 at 5:15 PM, Gumby <info@gumbyzee.torzone.net> wrote:
Actually, looks like it used the 2.3.25 browser bundle. But it was through emule file sharing. If he is legit, and I have concerns, could the daughter download some old infected files - and was it network aware enough to spread and infect a new Mint/Ubuntu? New variant back to life, finding any network, shared or not, like the new ransomeware?
Me
On 05/31/2016 04:31 PM, Mirimir wrote:
So what versions did Mevade, Sefnit, etc use?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
If you unplug your router, what shows as wireless signal? There could be neighbors. Else yours may have guest wireless turned on - but E2DE means End 2 Display Encryption, _someone_ has a tunnel. the 2.4 and 5 are the frequencies, looks like they are on the same router, whomsoever it belongs to. can you log into it to see settings? most default logins are admin/password or admin/1234. turn off any guest wireless, or do a reset. Me On 05/31/2016 05:27 PM, Percy Blakeney wrote:
I've recently taken her Dell out of her room and into mine. She knows the rules and ALWAYS grabs me before installing or attempting to install anything. The ONLY thing she successfully installed was Minecraft.
As of two days ago I ran several network scans using different Android apps. I received the same result with each one:
10.0.0.1 Arris (router number ends with 23:04 which is correct) 10.0.0.6 arrisxb3atom (router number ends with 22:FC which is incorrect) 10.0.0.45 android port 111 rpcbind portmapper 10.0.0.61 inspirion port(s) 139 netbios-ssn smb directly over IP, 445 microsoft-ds
Also, it shows my two (2.4GHZ & 5GHZ) secured wifi names and one xfinity network, as it should, however, it also shows HOME-E2DE 2.4, HOME-E2DE 5 and another xfinity network. Though I don't even bother contacting xfinity about this anymore, when I did in the past I was always, ALWAYS, asked the same thing: "Unplug your modem from your router." And each time I've had to tell them, I don't have a separate modem, I have the Arris router/modem combo that you gave me.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
You said that your daughter installed Minecraft. Was it from a pirate website or an online store(Steam, Origin, trusted website etc.)? On Jun 1, 2016 00:27, "Percy Blakeney" <di99in5@gmail.com> wrote:
I've recently taken her Dell out of her room and into mine. She knows the rules and ALWAYS grabs me before installing or attempting to install anything. The ONLY thing she successfully installed was Minecraft.
As of two days ago I ran several network scans using different Android apps. I received the same result with each one:
10.0.0.1 Arris (router number ends with 23:04 which is correct) 10.0.0.6 arrisxb3atom (router number ends with 22:FC which is incorrect) 10.0.0.45 android port 111 rpcbind portmapper 10.0.0.61 inspirion port(s) 139 netbios-ssn smb directly over IP, 445 microsoft-ds
Also, it shows my two (2.4GHZ & 5GHZ) secured wifi names and one xfinity network, as it should, however, it also shows HOME-E2DE 2.4, HOME-E2DE 5 and another xfinity network. Though I don't even bother contacting xfinity about this anymore, when I did in the past I was always, ALWAYS, asked the same thing: "Unplug your modem from your router." And each time I've had to tell them, I don't have a separate modem, I have the Arris router/modem combo that you gave me.
On Tue, May 31, 2016 at 5:15 PM, Gumby <info@gumbyzee.torzone.net> wrote:
Actually, looks like it used the 2.3.25 browser bundle. But it was through emule file sharing. If he is legit, and I have concerns, could the daughter download some old infected files - and was it network aware enough to spread and infect a new Mint/Ubuntu? New variant back to life, finding any network, shared or not, like the new ransomeware?
Me
On 05/31/2016 04:31 PM, Mirimir wrote:
So what versions did Mevade, Sefnit, etc use?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Minecraft is not very easy to install in Linux. - @Percy - so why would */Tor accept /**/192.168.0.0/16 <http://192.168.0.0/16>/*be in your torrc? you don't have that address, and I don't think the command is correct anyway.. anyone? Me On 05/31/2016 05:45 PM, Jim Electro House wrote:
You said that your daughter installed Minecraft. Was it from a pirate website or an online store(Steam, Origin, trusted website etc.)?
On Jun 1, 2016 00:27, "Percy Blakeney" <di99in5@gmail.com <mailto:di99in5@gmail.com>> wrote:
I've recently taken her Dell out of her room and into mine. She knows the rules and ALWAYS grabs me before installing or attempting to install anything. The ONLY thing she successfully installed was Minecraft.
As of two days ago I ran several network scans using different Android apps. I received the same result with each one:
10.0.0.1 Arris (router number ends with 23:04 which is correct) 10.0.0.6 arrisxb3atom (router number ends with 22:FC which is incorrect) 10.0.0.45 android port 111 rpcbind portmapper 10.0.0.61 inspirion port(s) 139 netbios-ssn smb directly over IP, 445 microsoft-ds
Also, it shows my two (2.4GHZ & 5GHZ) secured wifi names and one xfinity network, as it should, however, it also shows HOME-E2DE 2.4, HOME-E2DE 5 and another xfinity network. Though I don't even bother contacting xfinity about this anymore, when I did in the past I was always, ALWAYS, asked the same thing: "Unplug your modem from your router." And each time I've had to tell them, I don't have a separate modem, I have the Arris router/modem combo that you gave me.
On Tue, May 31, 2016 at 5:15 PM, Gumby <info@gumbyzee.torzone.net <mailto:info@gumbyzee.torzone.net>> wrote:
Actually, looks like it used the 2.3.25 browser bundle. But it was through emule file sharing. If he is legit, and I have concerns, could the daughter download some old infected files - and was it network aware enough to spread and infect a new Mint/Ubuntu? New variant back to life, finding any network, shared or not, like the new ransomeware?
Me
On 05/31/2016 04:31 PM, Mirimir wrote:
So what versions did Mevade, Sefnit, etc use?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Off topic, but Minecraft is VERY easy to install in Linux because you don't actually install it. You simply "apt-get install openjdk-8-jre" and run the Minecraft.jar file. On 05/31/2016 05:10 PM, Gumby wrote:
Minecraft is not very easy to install in Linux. - @Percy - so why would */Tor accept /**/192.168.0.0/16 <http://192.168.0.0/16>/*be in your torrc? you don't have that address, and I don't think the command is correct anyway.. anyone?
Me
On 05/31/2016 05:45 PM, Jim Electro House wrote:
You said that your daughter installed Minecraft. Was it from a pirate website or an online store(Steam, Origin, trusted website etc.)?
On Jun 1, 2016 00:27, "Percy Blakeney" <di99in5@gmail.com <mailto:di99in5@gmail.com>> wrote:
I've recently taken her Dell out of her room and into mine. She knows the rules and ALWAYS grabs me before installing or attempting to install anything. The ONLY thing she successfully installed was Minecraft.
As of two days ago I ran several network scans using different Android apps. I received the same result with each one:
10.0.0.1 Arris (router number ends with 23:04 which is correct) 10.0.0.6 arrisxb3atom (router number ends with 22:FC which is incorrect) 10.0.0.45 android port 111 rpcbind portmapper 10.0.0.61 inspirion port(s) 139 netbios-ssn smb directly over IP, 445 microsoft-ds
Also, it shows my two (2.4GHZ & 5GHZ) secured wifi names and one xfinity network, as it should, however, it also shows HOME-E2DE 2.4, HOME-E2DE 5 and another xfinity network. Though I don't even bother contacting xfinity about this anymore, when I did in the past I was always, ALWAYS, asked the same thing: "Unplug your modem from your router." And each time I've had to tell them, I don't have a separate modem, I have the Arris router/modem combo that you gave me.
On Tue, May 31, 2016 at 5:15 PM, Gumby <info@gumbyzee.torzone.net <mailto:info@gumbyzee.torzone.net>> wrote:
Actually, looks like it used the 2.3.25 browser bundle. But it was through emule file sharing. If he is legit, and I have concerns, could the daughter download some old infected files - and was it network aware enough to spread and infect a new Mint/Ubuntu? New variant back to life, finding any network, shared or not, like the new ransomeware?
Me
On 05/31/2016 04:31 PM, Mirimir wrote:
So what versions did Mevade, Sefnit, etc use?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Too much paranoia in this thread. Comcast's default wifi SSID is of the format HOME-ABCD where ABCD are 4 hex chars, I'd guess the last 4 of the MAC. If that's not this person's network, it's probably their neighbor's. Minecraft is only available from minecraft.net and maybe the microsoft store, not steam or origin. Someone else beat me to it, but it's trivial to run on linux - install java, run .jar with java, sign in, don't see sunlight for 18 months. On 05/31/2016 06:10 PM, Gumby wrote:
Minecraft is not very easy to install in Linux. - @Percy - so why would */Tor accept /**/192.168.0.0/16 <http://192.168.0.0/16>/*be in your torrc? you don't have that address, and I don't think the command is correct anyway.. anyone?
Me
On 05/31/2016 05:45 PM, Jim Electro House wrote:
You said that your daughter installed Minecraft. Was it from a pirate website or an online store(Steam, Origin, trusted website etc.)?
On Jun 1, 2016 00:27, "Percy Blakeney" <di99in5@gmail.com <mailto:di99in5@gmail.com>> wrote:
I've recently taken her Dell out of her room and into mine. She knows the rules and ALWAYS grabs me before installing or attempting to install anything. The ONLY thing she successfully installed was Minecraft.
As of two days ago I ran several network scans using different Android apps. I received the same result with each one:
10.0.0.1 Arris (router number ends with 23:04 which is correct) 10.0.0.6 arrisxb3atom (router number ends with 22:FC which is incorrect) 10.0.0.45 android port 111 rpcbind portmapper 10.0.0.61 inspirion port(s) 139 netbios-ssn smb directly over IP, 445 microsoft-ds
Also, it shows my two (2.4GHZ & 5GHZ) secured wifi names and one xfinity network, as it should, however, it also shows HOME-E2DE 2.4, HOME-E2DE 5 and another xfinity network. Though I don't even bother contacting xfinity about this anymore, when I did in the past I was always, ALWAYS, asked the same thing: "Unplug your modem from your router." And each time I've had to tell them, I don't have a separate modem, I have the Arris router/modem combo that you gave me.
On Tue, May 31, 2016 at 5:15 PM, Gumby <info@gumbyzee.torzone.net <mailto:info@gumbyzee.torzone.net>> wrote:
Actually, looks like it used the 2.3.25 browser bundle. But it was through emule file sharing. If he is legit, and I have concerns, could the daughter download some old infected files - and was it network aware enough to spread and infect a new Mint/Ubuntu? New variant back to life, finding any network, shared or not, like the new ransomeware?
Me
On 05/31/2016 04:31 PM, Mirimir wrote:
So what versions did Mevade, Sefnit, etc use?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
do you have the full xfinity system with security and wireless cameras? that would be the encryption points probably - if you do. Me On 05/31/2016 05:27 PM, Percy Blakeney wrote:
I've recently taken her Dell out of her room and into mine. She knows the rules and ALWAYS grabs me before installing or attempting to install anything. The ONLY thing she successfully installed was Minecraft.
As of two days ago I ran several network scans using different Android apps. I received the same result with each one:
10.0.0.1 Arris (router number ends with 23:04 which is correct) 10.0.0.6 arrisxb3atom (router number ends with 22:FC which is incorrect) 10.0.0.45 android port 111 rpcbind portmapper 10.0.0.61 inspirion port(s) 139 netbios-ssn smb directly over IP, 445 microsoft-ds
Also, it shows my two (2.4GHZ & 5GHZ) secured wifi names and one xfinity network, as it should, however, it also shows HOME-E2DE 2.4, HOME-E2DE 5 and another xfinity network. Though I don't even bother contacting xfinity about this anymore, when I did in the past I was always, ALWAYS, asked the same thing: "Unplug your modem from your router." And each time I've had to tell them, I don't have a separate modem, I have the Arris router/modem combo that you gave me.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (9)
-
Christian -
Greg Moss -
Gumby -
Jim Electro House -
JovianMallard -
Mirimir -
Percy Blakeney -
Roger Dingledine -
SuperSluether