Re: Ping Dr Who
- From: Doctor Who <doctor_who@xxxxxxxxxxx>
- Date: Tue, 27 Nov 2007 23:57:51 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On Tue, 27 Nov 2007 21:45:45 GMT, Justwatchin <dis@xxxxxxx> wrote:
:Thank you for the help in your FAQ
:
:I am able to use your advice and make secure connection to easynews on
:port 563 Using SocksCap Stunnel and tor and an Xnews reader and have
:no problems.
:
:I would also Like to make secure connections using Xnews and a
:commercial proxy such as Cotse's service or Anonymizer total net
:shield.
:
:But I find when trailing these I can only make a connection using port
:119,
:
:I know my connection to anonymizer or Cotse is secure but Can you give
:me some pointers how to get the connection secure once it exits the
:commercial tunnel service to easynews?
:
:Thanks
: Justwatchin
How do you know your connection to Cotse is secure? Do you mean your
connection to Easynews via Cotse is secure, or do you believe just routing
thru Cotse is itself secure?
How have you setup your config file to route thru Cotse? If you are routing
directly into Cotse, they will know your IP address, if they were interested
that is. In any case you only have 1 proxy between you and Easynews. Not
the safest way to connect to them.
For total security you should use Tor to access Cotse. I have to assume
Cotse are not themselves running a Tor exit node, otherwise they could try
a man in the middle attack by being able to see in and out traffic in real
time and suss your IP. But hang on, they can do that at present anyway if
you are simply connecting directly into Cotse. No need for any
sopbhisticated RTTA. I assume you already have Tor. If not get it here:
http://tor.eff.org/index.html.en
You should be running Tor in conjunction with Putty and have your SSH
connection setup to run thru port 22 (default for SSH). On leaving Cotse,
it is essential for security that you then use Stunnel to allow a TLS
(Transport Layer Security) secure connection into the news server.
Basically the traffic routing is this:
Agent > Stunnel > Freecap > Tor > SSH server > news server (or wherever).
Looks long winded and it is, but it is secure.
Right, to setup you will need Putty (assuming you are not already using
it). If not, get it here: http://www.tucows.com/preview/195286.html
Putty is a terminal emulation program. It is the means by which you
send your traffic through a SSH (Secure Shell Tunnel).
To setup Putty add the following to your Stunnel config file:
[putty_nntps]
accept = 119
connect = 127.0.0.1:563
delay = no
Now you must configure Putty. Do the following:
Open Putty. Load Cotse or another of your SSH servers, but do not
yet open the connection.
Go down left hand column to Proxy. Click on Socks5
Enter 127.0.0.1 into Proxy Hostname and 9050 into Port.
Click on Yes for "Do DNS name lookup at Proxy end."
Go down to Tunnels.
Input 563 for local port. Then input "secure.news.easynews.com:563"
(or whatever name your news provider has assigned you) in the
destination host box (without the quotes) and click on ADD.
Your entry will then look something like this:
L563 secure.news.easynews.com:563
Go back up to the opening screen in Putty and click on Save.
That's it. To connect you must first start Stunnel in the usual way
from within Sockscap (or freecap an alternative program I favor
because it is open source). Start Tor. Now start Putty. Putty must
be the last to start because it relies on both Stunnel and Tor being
up and running before it attempts to make a connection to Cotse.
Open the connection into Cotse. This will always take longer when
routed via Tor as the Tor proxy route has to be first setup in the
usual way.
Always test before using for real by closing Tor when the connection
should close immediately. Then do the same by closing Stunnel and
then Freecap each in turn. In each case the connection shoul drop
immediately. If all is well it should be very difficult and time
consuming to do a trace on you. Any trace would almost certainly need
to be done in real time. Tor servers do not keep logs, although you
must assume that some of the Tor servers will have been modified by
interested parties in trying to ascertain what the contents of traffic
passing across their servers might be. Only the exit server can tell
where you are going and if it is TLS encrypted cannot determine its
content. In this case it is double encrypted, first with TLS then SSH.
They will only know you were routing into Cotse, nothing else. All
that Tor is doing is screening your real IP from Cotse. Some are not
concerned about that. It is down to you to determine the level of
security you need. I know that Easynews has a secure server using
port 563. If you setup as suggested you should be very secure indeed.
I am not familiar with cotse. For all I know they may have special
needs which require different settings. If so, check with Steve Gielda.
In my experience of witnessing him in this group, he is very helpful
indeed.
Doctor Who
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt
iQEVAwUBR0yuRGToeXEUpganAQPgPgf8Cl/0kkV4jHWR1VmukftwEZS1CC5a545w
13je8BzeW0pwY1j0Nok54qxvId+LwpuUBI04oR2gqpDzJfQ016ctulrb70MUEHhJ
duYMDOw7ESuI50gYt4uB1YZW4LD4TY7uDL2N73ulji3YBpzH0NHKu/zCchP9vHu1
Y/mvLsLGCJp+9Pm34GB9BsXmbRHbVq9rk/R/UfEG2a6fZYKWtw4ffCMY4pxyqXgM
t67hL69QOub4SgfiiL0KRvh2Wh8Rq2rdbYkXA2NQ9fdE3P/KXZTK75cG07UacCGu
UJeFCfNUKyzRMx7eGWfHcIIjfoxVrS2cF0OExBnsgw/IzfRvBIJIqw==
=7IqH
-----END PGP SIGNATURE-----
.
- Prev by Date: Re: Cell phones
- Next by Date: Re: Cell phones
- Previous by thread: Re: Can anybody help me understand this?
- Next by thread: Is your phone bugged?
- Index(es):
Relevant Pages
|
