Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

Search found 285 matches

by df
Sat Mar 14, 2015 5:23 am
Forum: general chat, suggestions, industry news
Topic: [CS] No Mention Of I2P Access On Website
Replies: 9
Views: 10609

Re: [CS] No Mention Of I2P Access On Website

To parityboy: That's basically it. We use pdns-recursor in one part of deepdns so that all .onion requests resolve to the tor DNS server specified by the DNSPort config directive, and the VirtualAddrNetworkIPv4 directive uses 10.99.0.0/16 to resolve .onion's to IPs in that b-class. So when you're on...
by df
Sat Mar 14, 2015 5:09 am
Forum: general chat, suggestions, industry news
Topic: [CS] No Mention Of I2P Access On Website
Replies: 9
Views: 10609

Re: [CS] No Mention Of I2P Access On Website

i2p functionality is enabled on all the nodes, it's just that some of them was recently restarted and it does take a while for them to start working again for all eepsites.
by df
Thu Feb 26, 2015 6:37 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Linux/RAW IP reference chart
Replies: 13
Views: 20482

Re: Linux/RAW IP reference chart

I just updated the list, replaced the old mishigami IP 167.88.9.27 with the new 198.204.245.2 one, and added the new singapore IP
by df
Thu Jan 15, 2015 6:02 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm.is/goodies - handy cstorm tools & projects & goodies list
Replies: 10
Views: 82731

Re: a directory of useful cryptostorm resources (cryptostorm.is/goodies)

I just modified the original post. Fixed the poodlescan link (needed to replace https with http since that site is http only), and the cryptostorm.nu/webchat link (should be /chat).

Also, I added that OpenVPN pinger and a random password generator.
by df
Sun Jan 11, 2015 2:08 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 30753

Re: beta testing of new, in-house DNS resolvers | DNSchain

The Google one makes sense though, the default DNS server was set to forward to 8.8.8.8 (Google's public DNS server) for normal DNS traffic.

It's since been changed to ccc.de's 213.73.91.35 though, so if you run the test again you should no longer see anything Google related in the results.
by df
Sun Jan 11, 2015 1:10 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 30753

Re: beta testing of new, in-house DNS resolvers | DNSchain

Thing is, there's nothing in the configs that would cause or suggest that. When I tested it at grc.com (and when Pattern_Juggled tested it) we both saw the leaked IP as something that's in the b-class of the ccc.de public DNS server that's set in /etc/resolv.conf on the server running dnschain/dnsma...
by df
Sat Jan 10, 2015 1:23 pm
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 30753

Re: beta testing of new, in-house DNS resolvers | DNSchain

Trying to figure out where those IPs are coming from in our setup. It's basically just dnsmasq + dnschain. dnsmasq.conf is: listen-address=74.121.182.147 listen-address=167.88.9.30 server=/bit/127.0.0.1#5333 server=/dns/127.0.0.1#5333 server=/eth/127.0.0.1#5333 server=/p2p/127.0.0.1#5333 and .dnscha...
by df
Sun Jan 04, 2015 10:06 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: Kali Linux distro | ONGOING
Replies: 11
Views: 16250

Re: HOWTO: Kali Linux distro | ONGOING

You're probably installing openvpn without specifying --prefix or the openssl version you want it to use, so the correct openvpn is probably in /usr/local/sbin/openvpn (which isn't in your $PATH environment variable). Try this (in /root/): wget --no-check-certificate https://www.openssl.org/source/o...
by df
Wed Dec 17, 2014 11:52 pm
Forum: member support & tech assistance
Topic: more open ports to help bypass simple firewalls
Replies: 8
Views: 19852

more open ports to help bypass simple firewalls

tldr; You can now use any UDP or TCP port to connect to Cryptofree Someone on twitter was asking for more ports to be opened up to help bypass a simple firewall. Instead of creating a new server-side openvpn instance for each port we wanted open, I thought it'd be better to use iptables to forward ...
by df
Mon Dec 08, 2014 4:30 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 27950

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Something = a LUA script that does the same thing as tor2web :-)

I forget the exact syntax for Apache, but in nginx it's a simple proxy_pass to get it to access the backend Tor2web server. Apache can do the same thing with a similar directive (google around for "apache reverse proxy").
by df
Mon Dec 08, 2014 2:44 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 27950

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

We ditched the python Tor2web and went with something else that we can use alongside nginx for more flexibility & stability, and since I strongly suspect hardware problems on torstorm.org, I moved it to a free IP on emerald. Seems fine for the last 12 or so hours. Oh and doing it this way DOES c...
by df
Sat Dec 06, 2014 8:19 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 27950

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

meh, I suck at filtering. It kinda half works right now, probably non-functional just on gzip encoded sites. But webmasters who want to support torstorm.org or tor2web.org or any other place using tor2web should stop using absolute URLs on their HS pages. That'll mean visitors using one of these tor...
by df
Sat Dec 06, 2014 6:32 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 27950

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Yea, the box is back up, went down (along with the IPMI) probably due to hardware issues. After much tweaking it seems functional right now, but while I'm in here, I'm gonna try to use nginx's sub_filter to have it where if a .onion page has any .onion links, it'll automagically replace them with .t...
by df
Mon Nov 03, 2014 12:24 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: forum upgrade to 3.1.1
Replies: 1
Views: 5103

done

Bug is squashed. Forum upgrade complete. On a side note, and just to make everyone happy, I'd like to mention that we took our time upgrading to the latest version mostly because exploitation of all of the known vulnerabilities that were present in the other phpBB version we were using would have ha...
by df
Sat Nov 01, 2014 6:12 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree.me: kernel hardening via grsec & service excision
Replies: 2
Views: 17827

cryptofree.me: kernel hardening via grsec & service excision

{direct link: grsec.cryptostorm.org } Here's a status update on the alpha cryptofree server: [root@cf-i ~]# uname -a Linux cf-i 3.17.1-cryptostorm #1 SMP Sat Oct 25 10:15:40 CEST 2014 x86_64 x86_64 x86_64 GNU/Linux On this server, we're running a hardened kernel, most of which consists of the grsec...
by df
Sun Oct 26, 2014 7:58 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: "No logging" - doing it right, cryptostorm-style
Replies: 1
Views: 15952

"No logging" - doing it right, cryptostorm-style

{direct link: https://cryptostorm.org/logging/ } Just wanted to go into detail with our logging compared to how other VPN providers do it... Most VPN providers will claim not to log, even though they do. The few honest ones out there (I've only seen one admit to this) will explain that they can onl...
by df
Sat Oct 18, 2014 2:10 pm
Forum: member support & tech assistance
Topic: OpenWrt TLS problem
Replies: 14
Views: 9371

Re: OpenWrt TLS problem

Works fine on centos and ubuntu. Oh well, get back to getting openvpn/openssl compiling on there first, then worry about iptables :-P

As for me, I'm going to bed. Have fun!
by df
Sat Oct 18, 2014 1:52 pm
Forum: member support & tech assistance
Topic: OpenWrt TLS problem
Replies: 14
Views: 9371

Re: OpenWrt TLS problem

That's odd. that says they're both using the same libs. Maybe the $PATH environment variable is set with /usr/local/bin before /usr/bin or something else different so the `which` command isn't being accurate. do `whereis openssl;whereis openvpn`. if there's more than one openssl, do `ldd` against it...
by df
Sat Oct 18, 2014 1:28 pm
Forum: member support & tech assistance
Topic: OpenWrt TLS problem
Replies: 14
Views: 9371

Re: OpenWrt TLS problem

:geek:
by df
Sat Oct 18, 2014 1:10 pm
Forum: member support & tech assistance
Topic: OpenWrt TLS problem
Replies: 14
Views: 9371

Re: OpenWrt TLS problem

Not sure if it's causing this, but having different openssl versions on one system has always caused problems with anything to do with ssl. Since OpenVPN is probably using shared libraries, see if you can upgrade openssl. Do: ldd `which openssl`|grep crypto.so ldd `which openvpn`|grep crypto.so To s...
by df
Sat Oct 18, 2014 12:34 pm
Forum: member support & tech assistance
Topic: OpenWrt TLS problem
Replies: 14
Views: 9371

Re: OpenWrt TLS problem

Well wtf. `openssl version`? `openvpn --version` too while you're at it.
by df
Sat Oct 18, 2014 11:56 am
Forum: member support & tech assistance
Topic: OpenWrt TLS problem
Replies: 14
Views: 9371

Re: OpenWrt TLS problem

Yea, you need the tls-cipher bit and it has to be set to the correct ciphers in order to connect. Try doing the command `openssl ciphers -v DHE-RSA-AES256-SHA` to see if that cipher is even supported. Pretty sure that 1410D0B9 error code means it's not. If that's the case, you'll have to find a way ...
by df
Thu Oct 16, 2014 3:13 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: POODLE vulnerability scanner
Replies: 2
Views: 5904

POODLE vulnerability scanner

I already posted a topic with the subject "OpenSSL 1.0.1j released" that fixed this vulnerability (yes, we're patched).

This topic is to let everyone know we hacked up a POODLE scanner: http://www.poodlescan.net/

Have fun!
by df
Wed Oct 15, 2014 9:49 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: OpenSSL 1.0.1l released
Replies: 1
Views: 5040

OpenSSL 1.0.1l released

OpenSSL 1.0.1l was just released. Although the only major change in this version from 1.0.1k was "Build fixes for the Windows and OpenVMS platforms", we still upgraded to it just because it's a good habit to always have the most current version. So all the servers/nodes are upgraded to the...
by df
Fri Oct 10, 2014 9:38 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Response to "OpenVPN 2.2.29 - ShellShock Exploit"
Replies: 1
Views: 5110

Response to "OpenVPN 2.2.29 - ShellShock Exploit"

This is about the exploit mentioned in http://www.exploit-db.com/exploits/34879/ ("OpenVPN 2.2.29 - ShellShock Exploit"). tl;dr We're patched, even before the patch, we weren't vulnerable. You're good :-) Someone else here posted about the Shell Shock vulnerability that I'm sure you've all...
by df
Thu Oct 09, 2014 1:23 am
Forum: member support & tech assistance
Topic: Network timeouts periodically
Replies: 27
Views: 12404

Re: Network timeouts periodically

Back to the original problem with the 20 minute disconnects... I talked with PJ (he'll probably post something more detailed in an hour or so), and he said he's seen this problem before with a few other clients. On the server-side we do: reneg-sec 1200 # cycle symmetric keys via tls renegotiation ev...
by df
Tue Oct 07, 2014 7:37 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree.me: pre-launch brainstorming & roadmap | CLOSED
Replies: 33
Views: 49470

Re: cryptofree.me - alpha announcement

@parityboy "if a client supplies no token and no password, will that result in an AUTH_FAIL or will OpenVPN simply hang/keel over/panic?" There has to be a token and a password, just won't matter what they are. If you try to remove the auth-user-pass bit from the client conf you'll see: &q...
by df
Sun Oct 05, 2014 2:46 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree.me: pre-launch brainstorming & roadmap | CLOSED
Replies: 33
Views: 49470

Re: cryptofree.me - alpha announcement

I couldn't see any way this would work by doing the capping from the widget's side. As someone said above, that would only work on Windows. Since the widget is basically just a front-end to OpenVPN, it wouldn't be hard to just use OpenVPN manually to bypass it. Plus doing anything like that client-s...
by df
Tue Sep 30, 2014 11:49 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: #SHELLSHOCK (another heartbleed, sorta, but not really :P )
Replies: 5
Views: 10610

Re: #SHELLSHOCK (another heartbleed, sorta, but not really :

CGI is still fairly popular these days, even on major sites. What most of them do (including some of my websites) is use rewrites to hide the .cgi (or .pl) extension from the URL. They often do the same for .php/.asp/.aspx/etc. I don't have a problem with letting people know I'm using CGI, it's just...
by df
Thu Sep 11, 2014 1:07 am
Forum: member support & tech assistance
Topic: Windows Widget keeps losing the connection
Replies: 3
Views: 3497

Re: Windows Widget keeps losing the connection

Where do you see "cannot resolve IP"? Can you post a screenshot?
by df
Wed Aug 20, 2014 12:17 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Forum Outage - Aug 16/2014
Replies: 2
Views: 5989

Re: Forum Outage - Aug 16/2014

Sorry about that, took us a while to figure out where we originally bought that SSL cert.
It's renewed now, as is the cryptostorm.is cert.
by df
Fri Jul 04, 2014 12:49 am
Forum: general chat, suggestions, industry news
Topic: XKEYSCORE source code
Replies: 8
Views: 12506

Re: XKEYSCORE source code

Looked more like C++ to me at first, but the $ in the variables told me it probably wasn't. It's not standard, but I think there are extensions to C++ that allow that sort of thing. Since I don't know Ruby that well, I just googled random bits of code that looked like it wasn't application-specific ...
by df
Fri Jul 04, 2014 12:25 am
Forum: general chat, suggestions, industry news
Topic: XKEYSCORE source code
Replies: 8
Views: 12506

Re: XKEYSCORE source code

Looks like Ruby
by df
Wed Jul 02, 2014 4:01 am
Forum: member support & tech assistance
Topic: pre-1.21 widget feedback (mostly closed, now...)
Replies: 23
Views: 14670

Re: widget v1.0 official release

Must be a bug in the cron job that checks which node has the least users, cause I just checked manually and got: bruno: 2 cantus: 3 shadow: 6 fenrir: 1 chili: 2 onyx: 3 maple: 1 emerald: 3 but the file the widget grabs (cryptostorm.nu/usercount.txt) says BRUNO (1), which isn't right. I'll look into ...
by df
Wed Jun 18, 2014 2:15 am
Forum: member support & tech assistance
Topic: All nodes down?
Replies: 15
Views: 8993

Re: All nodes down?

You should be able to get to this forum from any node, but I did just noticed I forgot to add "maple" and the other new node "emerald" to the psad whitelist for this server. (Google psad if you don't what it is. It's the first link). Let me know if you can't get to this forum fro...
by df
Wed Jun 18, 2014 2:02 am
Forum: member support & tech assistance
Topic: can I get a sig made
Replies: 9
Views: 6432

Re: can I get a sig made

Tattoos!
by df
Tue May 27, 2014 11:51 am
Forum: member support & tech assistance
Topic: pre-1.21 widget feedback (mostly closed, now...)
Replies: 23
Views: 14670

Re: widget v1.0 official release

No, the disconnect button also exits and kills the vpn (I'll change that in the future).
For now, another fix is to open up the logo.jpg file in \Program Files (x86)\Cryptostorm Client\user\ using a text editor and changing the line:
autocon=on
to
autocon=off
by df
Wed May 21, 2014 2:13 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

I can do raw-bruno-2 right now, but chili doesn't have any available IPs for a new raw instance. Gotta wait for the leaseweb order to go through.
by df
Sat May 17, 2014 10:41 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Then use their IPs. (174.142.78.196 bruno, chili only has windows atm, no more free IPs til we order more).
by df
Sat May 17, 2014 1:56 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

I haven't gotten around to setting up the hostnames for each individual post-heartbleed node, but I did add them to the balancers: windows-balancer-dynamic.cryptostorm.net and raw-balancer-dynamic.cryptostorm.net But you're right, the raw-cantus-2 one isn't listed in the raw balancer on .org or csto...
by df
Fri May 16, 2014 12:17 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm: server-side configuration publication
Replies: 19
Views: 20128

Re: cryptostorm: server-side configuration publication

According to the Linux kernel source code (and https://www.kernel.org/doc/Documentatio ... sysctl.txt ), it's defined as simply an integer.
So whatever INT_MAX is defined as in /usr/include/limits.h would be the max. (on all our systems it's 2147483647).
by df
Wed May 14, 2014 1:33 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Leaseweb finally fixed the IP for the new rawvpn on cantus, it's at raw-cantus-2.cryptostorm.net (46.165.222.248)
by df
Tue May 13, 2014 11:52 pm
Forum: member support & tech assistance
Topic: pre-1.21 widget feedback (mostly closed, now...)
Replies: 23
Views: 14670

Re: widget v1.0 official release

Yea, 10.44.0.4 would be your IP, and 10.44.0.1 is the gateway. Those are just internal IPs for the node though. Without some tricky routing on your side, you wouldn't be able to do anymore to that IP than you would 127.0.0.1.
by df
Tue May 13, 2014 2:24 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Yea, prolly just bad luck. Normally they're quick about this sorta thing, but turns out someone at leaseweb screwed up and gave us an IP that's already assigned to another system on their network. Waiting for the ticket response to that problem now. When I assigned an eth0 alias to cantus for the ne...
by df
Mon May 12, 2014 6:45 am
Forum: member support & tech assistance
Topic: pre-1.21 widget feedback (mostly closed, now...)
Replies: 23
Views: 14670

Re: widget v1.0 official release

All fixed, grab this one from the same location as before.
by df
Mon May 12, 2014 6:04 am
Forum: member support & tech assistance
Topic: pre-1.21 widget feedback (mostly closed, now...)
Replies: 23
Views: 14670

Re: widget v1.0 official release

Yea, it's a small bug that I introduced when trying to fix another HTTPS bug.
I'm recompiling it now with a fix that should work, shouldn't be more than 10 minutes or so.
I'll replace the setup.exe with the fixed one once it's compiled
by df
Mon May 12, 2014 4:38 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Still waiting on a response from leaseweb. In the meantime, onyx (in France) has a new raw & windows instance at: raw-onyx-1.cryptostorm.net (212.83.167.81) and windows-onyx-2.cryptostorm.net (212.83.163.209) The balancers raw-balancer-dynamic.cryptostorm.net & windows-balancer-dynamic.crypt...
by df
Sun May 11, 2014 10:10 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Windows widget release (v2.22), incl. release notes
Replies: 0
Views: 14846

Windows widget release (v2.22), incl. release notes

This is information about the latest widget, v2.22 "Narwhal". As always, download links are at https://cryptostorm.is/connect.html. Anyone using v1.20 or later should automatically see a notification that this new version is available the next time they run the widget. The only changes in ...
by df
Sat May 10, 2014 8:47 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm: server-side configuration publication
Replies: 19
Views: 20128

Re: cryptostorm: server-side configuration publication

I don't think any other server config tweaks were needed after kfox, but I'm not the one who researched these sysctl settings or the server config settings, so I might not be the best person to ask. As for why we use CentOS, it's mostly a personal preference among most of the staff. They find it eas...
by df
Fri May 09, 2014 9:37 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm: server-side configuration publication
Replies: 19
Views: 20128

Re: cryptostorm: server-side configuration publication

I don't think TCP sessions would cause any problems. In case you don't have it already (I think it's somewhere here on the forum), here's the current sysctl.conf the nodes all use: # cryptostorm.is modded perf-tuned sysctl rev. 1.6 # CentOS 6.whatever - tweaked by p_j # For binary values, 0 is disab...
by df
Wed May 07, 2014 4:01 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Nah, that's just some leftover rDNS from when fenrir did have an android node. Since that's not running anymore and the IP was available, I binded the new windows vpn to it. Don't worry, the rDNS will be changed eventually (and some proper hostnames will be setup).
by df
Wed May 07, 2014 12:39 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Yea, that's a problem I've talked with PJ about before. I think it's great to provide the in-depth analysis of every aspect of what's going on here, but only to the people who actually care about that stuff. Average users just wanna click a buy button, throw some money at it, then click "Connec...
by df
Wed May 07, 2014 12:12 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

I agree this needs to be organized more. I just happened to stumble upon this thread myself, and while I normally don't do anything on the forum I thought it would be nice to share those IPs since they're all setup and good to go. Only thing left is the threads about them. Normally, other people org...
by df
Tue May 06, 2014 9:59 pm
Forum: general chat, suggestions, industry news
Topic: Strange services on exit nodes
Replies: 3
Views: 5575

Re: Strange services on exit nodes

You're misinterpreting the nmap output. Those ports aren't open locally on the systems so there's no need to filter them. What's probably happening is your ISP is firewalling the SYN packets going to those ports to prevent worms/attacks against netbios-based services, since that's a popular attack v...
by df
Tue May 06, 2014 6:33 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Yea, they'll get hostnames shortly. While it's true that you shouldn't get too used to using the IPs, I figured I might as well just send these out as is so people can connect to something with new certs. We'll order more IPs on some of the servers (i.e., cantus) so they all can have an equal amount...
by df
Tue May 06, 2014 9:18 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115307

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

Just an FYI, when I put up the new client certs I forgot to remove the "clientgeneric" ones that aren't even used by our setup. Our setup still only requires the CA cert (ca2.crt, or whatever inline). To everyone who's been waiting forever and a day (sorry, busy with the techie devy stuff)...
by df
Sat Feb 15, 2014 4:29 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: progress update on 1.0 widget... :-)
Replies: 1
Views: 5229

progress update on 1.0 widget... :-)

Current status update on 1.0 widget development:
BgSwpaUIMAAWdxl.jpg

(h/t twitterverse)

BdBp0gwCUAAfpFI.jpg

Go to advanced search

cron
Nothing to display.

Login