World Community Grid - View Thread

World Community Grid Forums

Category: Support

Forum: Suggestions / Feedback

Thread: SOCKS

Quick Go »

No member browsing this thread

Thread Status: Active
Total posts in this thread: 3

[ ]

Author

This topic has been viewed 1078 times and has 2 replies

siavoshkc
Cruncher
Joined: Aug 2, 2010
Post Count: 2
Status: Offline
Project Badges:

1 year badge for Human Proteome Folding - Phase 2

90 day badge for The Clean Energy Project - Phase 2

90 day badge for Computing for Clean Water

14 day badge for Drug Search for Leishmaniasis

14 day badge for GO Fight Against Malaria

90 day badge for Uncovering Genome Mysteries

1 year badge for FightAIDS@Home - Phase 2

1 year badge for Microbiome Immunity Project

90 day badge for OpenPandemics - COVID-19


SOCKS

[-DATE-] Potentially Dangerous Connection! - One of your applications established a connection through Tor to "169.229.217.147:80" using a protocol that may leak information about your destination. Please ensure you configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution.

This message is returned by Tor. Please fix this issue if possible.

[Jul 27, 2014 8:29:31 AM]

Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline


Re: SOCKS

Lol, there's nothing to hide here, opposed you seem to have that very desire running tor. And, 169.229.217.147:80 is a regular http port, not even https if you'd like secure connecting. Moreover, 169.229.217.147 points to isaac.SSL.Berkeley.EDU, not wcg hosted in toronto. That agent periodically connects to the makers website to see if there's a new version, about every 14 days. This means several things, to include that you're running wcg without running the recommended wcg client version, which also when clean installed never connects to berkeley for version information. It then looks at a secure ibm address to a) check for new versions which happen about every 3 years b) checks if the internet is up against an ibm network and not against google.

As we say, have a good day.

[Jul 27, 2014 9:03:10 AM]

Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline


Re: SOCKS

Btw, fyi, ibm and wcg are the only boinc project using https connectivity, partner security requirement such as corporations volunteering their computing resources, the rest uses http. There's the agent re-install clean change of course, but you could also firewall block the berkeley ip, assuming you've got a firewall, or configure the agent to not check for new versions or at ibm instead of berkeley. The configuration manual at https://boinc.berkeley.edu/wiki/Cc_config.xml gives various options how to nail security further down such as <suppress_net_info> and a slew of proxy configs so, as per the warning in your tor message, to use socks 5 for instance. Up to you.

Oh, it seems the tor network is being used for hard to track attacks on websites and companies as well. Interesting that tor in this can then be deemed as a facilitator, to include your tor running computer. Think about that.

[Jul 27, 2014 9:34:17 AM]

[ ]