January 2016 - tor-relays - lists.torproject.org

What does this message mean in my tor logs?
by Pat Scharmer 31 Jan '16

31 Jan '16

Hi all, I’m running a server with a couple of relays and was getting good overall performance (120+ Mbps) up until a couple days ago. For the last two days, the log for one of the two relays is showing thousands of the following message: [notice] Resolved [scrubbed] which was already resolved ignoring Prior to yesterday, I hadn’t ever seen this message in my log (and the second relay on this same server/same IP is not showing any such messages). Since this started, my throughput has dropped from around 120Mbps to about 80Mbps. Looking around on the internet, I can’t find anything about this message. My server is running tor 2.7.6 on Ubuntu. The relay in question is: https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B2… <https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B2…> Any suggestions on what might be going would be appreciated. Thanks in advance! Regards, -Pat

3 5

(undeclared) luaktt family running modified version of tor with more logging?
by nusenu 30 Jan '16

30 Jan '16

Hi, ornetradar spotted your group of relays [1][2] presumably running [3]. Thanks for setting the ContactInfo field. Would you mind setting MyFamily as well? [1] http://article.gmane.org/gmane.network.onion-routing.ornetradar/937 [2] http://article.gmane.org/gmane.network.onion-routing.ornetradar/945 [3] https://github.com/LuaKT/Tor/commits/master

1 0

Webiron
by Nicholas Suan 30 Jan '16

30 Jan '16

Looks like Webiron is spamming again, and this time they're including a web bug in the mail to see if you've opened it: https://www.webiron.com/images/misc/91.219.236.218/abuse@1d4.us/webiron-log… https://www.webiron.com/abuse_feed/abuse@1d4.us

8 9

tor-arm bandwidth state file -xxxx seconds is missing?
by SuperSluether 29 Jan '16

29 Jan '16

Found this error when checking my relay today: ARM_NOTICE Read the last day of bandwidth history from the state file (-xxxx seconds is missing) Every time I start arm, the -xxx seconds missing is different. The bandwidth graph is also stuck, but real-time data is still shown. Is this a problem with Tor, or with Arm? Anyone know a fix?

5 7

Relay ssh control/monitor ? Config is secure ?
by Pierre L. 28 Jan '16

28 Jan '16

Hi all, Some noob questions about controlling/monitoring my Tor relay on a Linux box... hosted in an ISP datacenter, so WAN IP and ports are showed to the www. I got SSH access. I've found tor-arm console UI, useful to show real-time bandwidth used, and other stuff. 1. If possible, I need to know if my current config is secure and useful, torrc contains ControlPort 9051 HashedControlPassword xxxxxxxxxxx CookieAuthentication 0 2. On some websites, I see screenshots with something like this on control config : /var/run/tor/control May be it's more secure on an online server ? No need to have another listening port like 9051 Sry I haven't found any information about this config... and how to make it possible... Thx for your help !

4 5

Reload Config Without Restarting?
by Tristan 27 Jan '16

27 Jan '16

Is it possible to reload torrc without restarting Tor? I'm running on a Raspberry Pi compiled from source, so I can't use sudo service tor reload.

3 3

DDoS attack on relay
by Green Dream 26 Jan '16

26 Jan '16

My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours. I know such attacks are not uncommon, but I'm curious if any other operators experienced a DDoS around the same time? I'm also curious to know more about the nature of such attacks -- what type of attack was it, what is the general end goal of attacking a random Tor (non-exit) relay, etc. My hosting provider is unable or unwilling to share additional information.

3 2

EventDNS error
by TorOp AnonymizedDotIo1 25 Jan '16

25 Jan '16

Hi, Over the weekend I started having those kind of error popping on my log at a very high rate (a few per seconds): Jan 25 09:00:00.000 [warn] eventdns: Address mismatch on received DNS packet. Apparent source was xxx.237.192.xxx:61083 Apparent source is not my IP and is different at every error message. I restarted my relay and I have stopped happening. I am running my own local unbound DNS server. Is it some kind of attack or simply an error that happened over the weekend? I have never seen it before. For what it's worth, my relay is an exit relay at about 150mbps.

2 1

Fw: new message
by michael＠deepol.de 24 Jan '16

24 Jan '16

Hey! Open message <http://ks.mpt.ru/opinion.php?wdgm> michael(a)deepol.de

1 0

Tor Bridges
by Roots Babilonia 23 Jan '16

23 Jan '16

Please send me bridges

4 3