<div dir="ltr"><div>first, Thank you all for you answers and help.</div><div>let me make it a bit harder. now, im running a relay which is Guard and Exit relays.</div><div>i have defined in my relay(the server that's running the relay in /torrc file) to be "AllowSingleHopExits 1"</div><div>and set in my computer that running the TOR(in /torrc file) with the 1(one) hop to:</div><div>
<span style="color:rgb(36,39,41);font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;text-align:left;white-space:pre-wrap;background-color:rgb(239,240,241);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none">"ExcludeSingleHopRelays</span>
0" and</div><div>
<span style="color:rgb(36,39,41);font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;text-align:left;white-space:pre-wrap;background-color:rgb(239,240,241);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none">"AllowSingleHopCircuits</span>
1"</div><div>so now every thing needs to be ok right? <br></div><div>but, still its not working <br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 26, 2018 at 5:34 PM, <span dir="ltr"><<a href="mailto:tor-relays-request@lists.torproject.org" target="_blank">tor-relays-request@lists.torproject.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send tor-relays mailing list submissions to<br>
<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:tor-relays-request@lists.torproject.org">tor-relays-request@lists.<wbr>torproject.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:tor-relays-owner@lists.torproject.org">tor-relays-owner@lists.<wbr>torproject.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of tor-relays digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Is Tor-network protected from using one hop? (dave levi)<br>
2. Re: Is Tor-network protected from using one hop? (Logforme)<br>
3. Re: Is Tor-network protected from using one hop? (Matt Traudt)<br>
4. Re: Is Tor-network protected from using one hop? (Nagaev Boris)<br>
5. Re: Is Tor-network protected from using one hop?<br>
(Roger Dingledine)<br>
6. Re: Is Tor-network protected from using one hop? (Matt Traudt)<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
Message: 1<br>
Date: Tue, 26 Jun 2018 17:16:46 +0300<br>
From: dave levi <<a href="mailto:levi72827@gmail.com">levi72827@gmail.com</a>><br>
To: <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
Subject: [tor-relays] Is Tor-network protected from using one hop?<br>
Message-ID:<br>
<CAJUku5hQa5JCk1UCn_CynyVG=<wbr>kxhXkQpC0-ApW=<a href="mailto:k7vJxPrTM5g@mail.gmail.com">k7vJxPrTM5g@<wbr>mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I'm testing few things in Tor and I noticed that if im changing(from the<br>
source code) the number of hop's(nodes) to be more then 3 hop's it work's<br>
fine(slowly, but still working) and if im sting only 2 hop's its still<br>
works great. but, when i'm setting only 1 hop, i can open the Tor-browser<br>
but i can't use it(Tor-browser) to visit site(regular site or onion site<br>
too). so im thinking maybe the Tor-network have protected from users who<br>
are using 1 hop?<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.torproject.org/pipermail/tor-relays/attachments/20180626/0ee9a653/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.torproject.org/<wbr>pipermail/tor-relays/<wbr>attachments/20180626/0ee9a653/<wbr>attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 26 Jun 2018 14:25:42 +0000<br>
From: Logforme <<a href="mailto:m7527@abc.se">m7527@abc.se</a>><br>
To: <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?<br>
Message-ID: <emc7fcd1ee-3ce9-4161-9a90-<wbr>c2fd28b951b5@mats-win7><br>
Content-Type: text/plain; charset="utf-8"; Format="flowed"<br>
<br>
On 2018-06-26 16:16:46, "dave levi" <<a href="mailto:levi72827@gmail.com">levi72827@gmail.com</a>> wrote:<br>
<br>
>I'm testing few things in Tor and I noticed that if im changing(from <br>
>the source code) the number of hop's(nodes) to be more then 3 hop's it <br>
>work's fine(slowly, but still working) and if im sting only 2 hop's <br>
>its still works great. but, when i'm setting only 1 hop, i can open the <br>
>Tor-browser but i can't use it(Tor-browser) to visit site(regular site <br>
>or onion site too). so im thinking maybe the Tor-network have protected <br>
>from users who are using 1 hop?<br>
<br>
I guess it's part of the DoS protection recently implemented. My guard <br>
relay DoS statistics in the heartbeat log entry:<br>
<br>
[notice] DoS mitigation since startup: 0 circuits killed with too many <br>
cells. 232704 circuits rejected, 15 marked addresses. 2939 connections <br>
closed. 1534 single hop clients refused.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.torproject.org/pipermail/tor-relays/attachments/20180626/5eeea141/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.torproject.org/<wbr>pipermail/tor-relays/<wbr>attachments/20180626/5eeea141/<wbr>attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Tue, 26 Jun 2018 10:27:29 -0400<br>
From: Matt Traudt <<a href="mailto:pastly@torproject.org">pastly@torproject.org</a>><br>
To: <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?<br>
Message-ID: <<a href="mailto:35ec8dd3-43bc-1c71-4cb0-00029ba56e64@torproject.org">35ec8dd3-43bc-1c71-4cb0-<wbr>00029ba56e64@torproject.org</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 6/26/18 10:16, dave levi wrote:<br>
> I'm testing few things in Tor and I noticed that if im changing(from the<br>
> source code) the number of hop's(nodes) to be more then 3 hop's it<br>
> work's fine(slowly, but still working) and if im sting only 2 hop's its<br>
> still works great. but, when i'm setting only 1 hop, i can open the<br>
> Tor-browser but i can't use it(Tor-browser) to visit site(regular site<br>
> or onion site too). so im thinking maybe the Tor-network have protected<br>
> from users who are using 1 hop?<br>
> <br>
<br>
Yes.<br>
<br>
Even before the DoS mitigation stuff, relays wouldn't allow themselves<br>
to be used as the only hop in a circuit. Apparently this affects onion<br>
service circuits too.<br>
<br>
If you want a single-hop proxy, then you don't want Tor.<br>
<br>
Matt<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Tue, 26 Jun 2018 17:29:29 +0300<br>
From: Nagaev Boris <<a href="mailto:bnagaev@gmail.com">bnagaev@gmail.com</a>><br>
To: <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?<br>
Message-ID:<br>
<<a href="mailto:CAFC_Vt7906rh2R33hb-tXr3TME5Op2gVbOGvuT79kMRyivTNhQ@mail.gmail.com">CAFC_Vt7906rh2R33hb-<wbr>tXr3TME5Op2gVbOGvuT79kMRyivTNh<wbr>Q@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt <<a href="mailto:pastly@torproject.org">pastly@torproject.org</a>> wrote:<br>
> On 6/26/18 10:16, dave levi wrote:<br>
>> I'm testing few things in Tor and I noticed that if im changing(from the<br>
>> source code) the number of hop's(nodes) to be more then 3 hop's it<br>
>> work's fine(slowly, but still working) and if im sting only 2 hop's its<br>
>> still works great. but, when i'm setting only 1 hop, i can open the<br>
>> Tor-browser but i can't use it(Tor-browser) to visit site(regular site<br>
>> or onion site too). so im thinking maybe the Tor-network have protected<br>
>> from users who are using 1 hop?<br>
>><br>
><br>
> Yes.<br>
><br>
> Even before the DoS mitigation stuff, relays wouldn't allow themselves<br>
> to be used as the only hop in a circuit. Apparently this affects onion<br>
> service circuits too.<br>
><br>
> If you want a single-hop proxy, then you don't want Tor.<br>
><br>
> Matt<br>
> ______________________________<wbr>_________________<br>
> tor-relays mailing list<br>
> <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
<br>
How does a relay know if there is another relay in the circuit? What<br>
if the attacker runs a "relay" locally?<br>
<br>
-- <br>
Best regards,<br>
Boris Nagaev<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Tue, 26 Jun 2018 10:31:53 -0400<br>
From: Roger Dingledine <<a href="mailto:arma@mit.edu">arma@mit.edu</a>><br>
To: <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?<br>
Message-ID: <<a href="mailto:20180626143153.GC19069@moria.seul.org">20180626143153.GC19069@moria.<wbr>seul.org</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
On Tue, Jun 26, 2018 at 10:27:29AM -0400, Matt Traudt wrote:<br>
> Even before the DoS mitigation stuff, relays wouldn't allow themselves<br>
> to be used as the only hop in a circuit. Apparently this affects onion<br>
> service circuits too.<br>
<br>
Right. Relays protect themselves from being used as one-hop proxies,<br>
because it could make life harder for the operators:<br>
<br>
"Currently there is no reason to suspect that investigating a single<br>
relay will yield user-destination pairs, but if many people are using<br>
only a single hop, we make it more likely that attackers will seize or<br>
break into relays in hopes of tracing users."<br>
<br>
<a href="https://www.torproject.org/docs/faq#ChoosePathLength" rel="noreferrer" target="_blank">https://www.torproject.org/<wbr>docs/faq#ChoosePathLength</a><br>
<br>
--Roger<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Tue, 26 Jun 2018 10:34:50 -0400<br>
From: Matt Traudt <<a href="mailto:pastly@torproject.org">pastly@torproject.org</a>><br>
To: <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?<br>
Message-ID: <<a href="mailto:a72e788e-1083-5f4c-8aec-9ba6cfd96959@torproject.org">a72e788e-1083-5f4c-8aec-<wbr>9ba6cfd96959@torproject.org</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 6/26/18 10:29, Nagaev Boris wrote:<br>
> On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt <<a href="mailto:pastly@torproject.org">pastly@torproject.org</a>> wrote:<br>
>> On 6/26/18 10:16, dave levi wrote:<br>
>>> I'm testing few things in Tor and I noticed that if im changing(from the<br>
>>> source code) the number of hop's(nodes) to be more then 3 hop's it<br>
>>> work's fine(slowly, but still working) and if im sting only 2 hop's its<br>
>>> still works great. but, when i'm setting only 1 hop, i can open the<br>
>>> Tor-browser but i can't use it(Tor-browser) to visit site(regular site<br>
>>> or onion site too). so im thinking maybe the Tor-network have protected<br>
>>> from users who are using 1 hop?<br>
>>><br>
>><br>
>> Yes.<br>
>><br>
>> Even before the DoS mitigation stuff, relays wouldn't allow themselves<br>
>> to be used as the only hop in a circuit. Apparently this affects onion<br>
>> service circuits too.<br>
>><br>
>> If you want a single-hop proxy, then you don't want Tor.<br>
>><br>
>> Matt<br>
>> ______________________________<wbr>_________________<br>
>> tor-relays mailing list<br>
>> <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
>> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
> <br>
> How does a relay know if there is another relay in the circuit? What<br>
> if the attacker runs a "relay" locally?<br>
> <br>
<br>
The way a client connects to a relay and the way a relay connects to<br>
another relay is different.<br>
<br>
Technically the attacker/user could run a relay/bridge locally and<br>
connect to that before the remote relay, creating a 2-hop circuit that<br>
**might** have performance similar to a 1-hop circuit.<br>
<br>
Matt<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
______________________________<wbr>_________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
<br>
<br>
------------------------------<br>
<br>
End of tor-relays Digest, Vol 89, Issue 49<br>
******************************<wbr>************<br>
</blockquote></div><br></div>