Blocked by Websense
John Kimble
det.j.kimble at gmail.com
Mon Nov 27 01:22:07 UTC 2006
On 11/26/06, Roger Dingledine <arma at mit.edu> wrote:
> Oh boy. Looks like they have started that particular arms race.
> Do you know what version of Websense they were using?
>
A friend working in a relevant government department says they're
using Websense Enterprise v5.5.
>
> Get a cached-routers file and the cached-status/* files from
> somewhere. Bring them from home on a USB stick if you like. I'm not
> sure how recent they need to be -- if you're using 0.1.1.x it needs
> to be from within 24 hours. I believe 0.1.2.3-alpha is more forgiving,
> but not by much. Let me know if you get it working and what it takes.
>
I'm using 0.1.2.3-alpha. It appear that no matter how recent
cached-routers and cached-status/* are, Tor insists on requesting
directory info afresh on startup, and won't start building circuits
until the directory requests are completed successfully.
>
> Set "__AllDirActionsPrivate 1" in your torrc.
> (This config option is intended for controllers that bootstrap your
> initial circuits themselves, but it should work fine as a manual
> workaround for now.)
>
This one works like a charm; thank you. The only caveat is that you
cannot set this into torrc, but should only do a "SETCONF
__AllDirActionsPrivate=1" through the control port after Tor has had a
chance to build its circuits. Otherwise Tor goes into an infinite loop
complaining that no circuit is established yet. So the initial burst
of cleartext directory requests can't be avoided, but at least the
subsequent updates are tunneled through Tor.
On 11/27/06, Juliusz Chroboczek <jch at pps.jussieu.fr> wrote:
>
> As Roger implied, working around your network's restrictions is
> counter-productive in the long term. The library's admins will see
> tor users as a bunch of trouble-makers who try to hide from them.
>
> I would like to suggest that you should go speak with the admins, and
> explain what tor is about, that using tor is perfectly legitimate,
> nothing personal against them, and doesn't create any new security
> issues for their network.
>
> Even if they refuse to un-block tor, they'll most likely be taking
> a more friendly view of your further attempts to avoid their restrictions.
>
Thank you for the sage advice. It's a pretty daunting task though, as
the general attitude of administrators (in the generic sense, not just
network admins) towards privacy advocacy in this part of the world is
of the "what are you trying to hide?" kind. But I'll certainly avoid
using Tor from the library for the time being. (A free wi-fi spot is
just 15 minutes' walk away, anyway.)
Thanks and regards to all,
John
More information about the tor-talk
mailing list