October 2013 - tor-relays - lists.torproject.org

Relay security, re: local network
by Joe 21 Oct '13

21 Oct '13

Hi, I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment. I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration? Thanks.

11 13

rm /var/lib/tor/keys/* before changing exit policy?
by Martin Kepplinger 21 Oct '13

21 Oct '13

Really quick not too important question. When switching a relay to become an exit node or the other way round, does it make sense to delete /var/lib/tor/keys/* beforehand and start it over this way? I was thinking, if the relay has the guard flag, it would make sense, but maybe even if it doesn't. I don't know. I'll do it I guess. thanks martin

4 4

VPS
by Eduard 21 Oct '13

21 Oct '13

I rented a VPS with 256mb ram and unmetered bandwidth. Ubuntu 12.04. Can someone please tell me how to configure it as a non-exit relay for Tor? Acess via PuTTy. Cheers, Edward Sent from my Orange Smartphone I <beatthebastards(a)inbox.com> wrote: >_______________________________________________ >tor-relays mailing list >tor-relays(a)lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

6 6

Re: [tor-relays] port 9001 udp
by zwiebel＠quantentunnel.de 20 Oct '13

20 Oct '13

2 5

Botnet issues and upgrading to 0.2.4.x
by Chris Whittleston 20 Oct '13

20 Oct '13

Hey guys, So I just started running a non-exit relay on a Raspberry Pi, and have hit a problem where it seems huge numbers of circuits are being created which overwhelms the system and can cause tor to crash. I read here ( https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients) that upgrading to 0.2.4.x might help with this, so I followed the instructions here: https://www.torproject.org/docs/debian#development And ran apt-get update, apt-get upgrade to get the latest version which turned out to be 0.2.4.11-alpha-1~wheezy+1 There seems to be a problem with this though as when the install finishes (or when I try to restart tor), I get this error: pi@torberrypi /etc/tor $ sudo /etc/init.d/tor restart /etc/init.d/tor: line 111: 9701 Illegal instruction $DAEMON $VERIFY_ARGS > /dev/null [FAIL] Checking if tor configuration is valid ... failed! /etc/init.d/tor: line 111: 972 https://www.torproject.org/docs/debian#development4 Illegal instruction $DAEMON $VERIFY_ARGS 1>&2 Tor is not starting and I'm unsure how to proceed - help appreciated! :) Chris

9 19

Relay behind VPN router
by Jochen 20 Oct '13

20 Oct '13

I have a TOR relay behind a Tomato router on an ADSL line. I activated the vpn client to route all traffic through privateinternetaccess.com. Because a TOR relay does not work behind NAT without port forwarding, I'm looking for a way how to route tor traffic directly to my internet provider. I can add static routes, but I don't now the IPs in advance. Maybe there is no problem to route outgoing traffic through the vpn tunnel, but how can I make my relay publish my WAN IP instead of the tunnel IP? My WAN IP is changing every day, so I cannot configure it as static. -- Mit besten Grüßen Jochen Fahrner

3 6

port 9001 udp
by zwiebel＠quantentunnel.de 19 Oct '13

19 Oct '13

Hi relay-tives! It's my first post here, so please can someone help me with my question Why do I have to open 9001 UDP at the DSL router firewall and not necessarily in iptables? Is it something specific on my side or does someone has an explanation? The OR service seems to work. Ok - I see nearly no traffic may-be because of my small bandwidth. See some information about my system Setup PC (P4 2GB noHDD) with USB-LAN adapter (eth2) connected to DSL router (NAT & firewall) Tails 0.20.1 on SD card with USB adapter write protected Server IP x.x.x.33 received from the DHCP DSL router Goal Run PC as OR relay non exit Run OR service Dont run DIR service DSL router setting Open DSL router firewall IP x.x.x.33 TCP 9001 for OR Open DSL router firewall IP x.x.x.33 UDP 9001 for OR <= IS THE POINT Done to tails manually each time the PC turns on (amnesia!): Root terminal (password) and "/sbin/iptables -A INPUT -i eth2 -p tcp --dport 9001 -j ACCEPT" The the only change to original tails iptables list is the added rule Done to Vidalia: relay-non-exit, nickname, email, port=9001, bandwidth limits typ 20kByte/s and max 25kByte/s The log messages tell me success and all runs for a week. Thanks front-up Zwiebel _||_ / \ / O O \ \ ____ / \\__//

2 1

Re: [tor-relays] minimum ram
by Eduard 19 Oct '13

19 Oct '13

I could say that this is true. I run a relay on my desktop, and I see that after 5-7h the ram ussage increase. Even on a 16GB system, the increase is detectable. Sent from my Orange Smartphone Moritz Bartl <moritz(a)torservers.net> wrote: >On 2013-10-19 03:50, I wrote: >> Is there any utility in the very cheap VPSs with 128mb of ram? > >I did some testing quite a while ago and found that 256MB was the >minimum amount of RAM for a relay. It works for some time with >128MB, but it then runs out of memory, and it is not very good >to have it restart all the time. > >I say "was" because currently, with more than 3 million clients >in the network, a relay might even run out of memory with 256MB >RAM. I don't have any current data on that though. > >-- >Moritz Bartl >https://www.torservers.net/ >_______________________________________________ >tor-relays mailing list >tor-relays(a)lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 0

serious gap in 'chroot' documentation
by starlight.2013q4＠binnacle.cx 19 Oct '13

19 Oct '13

Newer versions of 'openssl' require access to /proc/sys/kernel/random and so the line /proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random auto bind 0 0 must be added to the /etc/fstab file or the command mount -o bind /proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random must be run from somewhere. Keep in mind that issuing the 'mount' more than once causes nested overly mounts rather than doing nothing, so the 'fstab' approach is best. Obviously the directories proc/sys/kernel/random must be created in the 'chroot' jail tree. ---------------- This problem will appear when 'tor' attempts to roll-over it's key after several days. Took significant effort of figure out what happened as 'tor' dies without comment. It appears that if 'tor' fails in the middle of a re-key operation, the node name and state is lost entirely and the relay must rebuild it's reputation from scratch with a new name. Quite vexing.

4 5

My Relay speed has dropped nearly to zero - Why?
by David Carlson 19 Oct '13

19 Oct '13

On October 8 something caused my non-exit relay speed to drop from around 50 KB to less than 10 KB according to Atlas graphs. I have checked with my ISP and run speed tests that verify my upload speed to be .96 Mb and download to be over 3 Mb, as they have been for years. I am running Tor 0.2.4.17-rc on Windows 7 and my consensus weight has dropped to 26. What could have caused this?

2 1