November 2017 - tor-relays - lists.torproject.org

Detecting Network Attack [re: exit synflooded]
by grarpamp 26 Nov '17

26 Nov '17

On Fri, Nov 24, 2017 at 6:23 PM, <tor(a)t-3.net> wrote: > Was anyone else's exit being synflooded yesterday and today? There could be a combined monitoring array deployed among all nodes that might start to answer these questions. And further alert on all sorts of interesting network attacks launched at Tor. Software exploits... segmentation / modulation attacks... etc. This is perimeter security 101, and Tor currently has no fence, no guard dogs, not even a janitor you can ask the next day. That's beyond bad. And big oppurtunity for new research project.

2 2

Tor Metrics issue
by Arisbe 25 Nov '17

25 Nov '17

In the immediate past I monitored both my relays and my bridges through atlas. So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base? Arisbe

4 5

Re: [tor-relays] Detecting Network Attack [re: exit synflooded]
by tor＠t-3.net 25 Nov '17

25 Nov '17

I went and added a reject for exit to port 8888 and HUPed the process. Maybe this is the fix! :)

1 0

Exit from Different IP from OR Port
by Dr Gerard Bulger 25 Nov '17

25 Nov '17

Direct Exit to a different IP. I naively thought that the proxy lines in torrc could to that via an https proxy. Alas that's not what that line is for! I got an impression from earlier chats a while ago that exiting to a non-advertised IP was regarded as simply not cricket, in that the internet should know the IP or Tor exits exiting. The trouble now is too many are sites apply blanket bans on Tor exits. I failed get a Tor on my VPS to use a VPN as the final exit, as my knowledge of routing is too limited. I kept cutting myself off from the branch I was sitting on fiddling with this remotely. As some exits to do manage this, I wonder if anyone can post be a script or point me in the right direction as to how they do it. Scenario: Set up a VPN connection. Have a script that in effect offers split tunnelling for TOR to allow exit via the VPN. The OR port needs to remain local fixed IP. The default route of the VPN server remains local. Doing everything in and out via most VPNs would not be useful as these services have very dynamic IPs. Gerry >>>Detecting exit nodes is error prone, as you point out. Some exit >>> nodes have their traffic exit a different address than their >>> listening port. Hey does Exonerator handle these? >> Right. It's not trivial for tor to figure out what exit relays are >> multi-homed -- at least not without actually establishing circuits >> and fetching content over each exit relay. >> >> I just finished an exitmap scan and found 17 exit relays that exit >> from an IP address that is different from what's listed in the >> consensus: > This mode of operation, regardless of how it happens, is not in itself > a problem, nor cause for alarm. In fact, the nature of these "exit IP > different than ORPort" relays can and often does assist users in > circumventing censorship... a fundamental use case of Tor. > For instance, the arbitrary automated and blind blocking via dumb > blocklists that prevent even such most basic user activity and human > right to knowledge as simply reading websites via Tor. Such blocking > examples can often be found here: > https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBl > ockingTor > > It's also entirely up to the exit operator to determine if the third > party non contractual / SLA exonerator service is of any particular > use or benefit to them or not... perhaps they have other notary means, > or are immune or not subject to any such legal or jurisdictional > issues, for which it becomes moot. > > Similarly, realtime TorDNSEL and the like could be considered to be > censorship enabling tools. > -----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of teor Sent: 25 November 2017 07:31 To: tor-relays(a)lists.torproject.org Subject: Re: [tor-relays] Tor Metrics issue > On 25 Nov 2017, at 17:36, Arisbe <arisbe(a)cni.net> wrote: > > In the immediate past I monitored both my relays and my bridges through atlas. So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base? How do you search for your relays and bridges? T _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

3 2

Pretty sure our exit was being synflooded.
by tor＠t-3.net 25 Nov '17

25 Nov '17

Was anyone else's exit being synflooded yesterday and today? I put some iptables code in to help, it might have mitigated it. I'm pretty sure our exit "Libero" was being synflooded. Managed to lose all our flags shortly after the instability was (finally) resolved, go figure =p

2 1

Re: [tor-relays] my IP got blocked -> closed
by Patrice 25 Nov '17

25 Nov '17

Hi, I want to tell that the issue is no longer exists. I can now visit ebay, ikea, ect. without a problem. It was like grarpamp said, there was a bunch of malicious software on one of my Computers. Very shameful, there was no virus detection installed. Therefore my tor relay was not the problem but my windows pc. ;-) Thank you for your help! Kind regards Kalle > 2. Re: my IP got blocked (grarpamp) > >>> Detecting exit nodes is error prone, as you point out. Some exit nodes >>> have their traffic exit a different address than their listening >>> port. Hey does Exonerator handle these? >> Right. It's not trivial for tor to figure out what exit relays are >> multi-homed -- at least not without actually establishing circuits and >> fetching content over each exit relay. >> >> I just finished an exitmap scan and found 17 >> exit relays that exit from >> an IP address that is different from what's listed in the consensus: > This mode of operation, regardless of how it happens, is not in > itself a problem, nor cause for alarm. In fact, the nature of these > "exit IP different than ORPort" relays can and often does assist > users in circumventing censorship... a fundamental use case of Tor. > For instance, the arbitrary automated and blind blocking via dumb > blocklists that prevent even such most basic user activity and human > right to knowledge as simply reading websites via Tor. Such blocking > examples can often be found here: > https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockin… > > It's also entirely up to the exit operator to determine if the > third party non contractual / SLA exonerator service is of any > particular use or benefit to them or not... perhaps they have other > notary means, or are immune or not subject to any such legal or > jurisdictional issues, for which it becomes moot. > > Similarly, realtime TorDNSEL and the like could be considered > to be censorship enabling tools. >

1 0

Re: [tor-relays] Pretty sure our exit was being synflooded.
by Paul Templeton 25 Nov '17

25 Nov '17

Happening to middles as well - I get black hold all the time - ISP has auto rules. Paul ----- Original Message ----- From: tor(a)t-3.net To: tor-relays(a)lists.torproject.org Sent: Saturday, November 25, 2017 10:23:24 AM Subject: [tor-relays] Pretty sure our exit was being synflooded. Was anyone else's exit being synflooded yesterday and today? I put some iptables code in to help, it might have mitigated it. I'm pretty sure our exit "Libero" was being synflooded. Managed to lose all our flags shortly after the instability was (finally) resolved, go figure =p _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 1

Tor meetup at Primavera hacker (Santiago de Chile) [es/en/pt]
by ilv＠torproject.org 21 Nov '17

21 Nov '17

[ES][EN][PT]¡Encuentro Tor en la Primavera Hacker! ¡Ven! ======================================================== [ES] ¡Encuentro Tor en la Primavera Hacker! ¡Ven! [EN] Tor Meetup at Primavera Hacker! Join us! [PT] Encontro Tor na Primavera Hacker! Venha! [ES] ¡Encuentro Tor en la Primavera Hacker! ¡Ven! ------------------------------------------------- ¡Hola! La Primavera Hacker está por llegar. Durante los días 2 y 3 de diciembre, hackers, activistas, tecnólogos, feministas y demás fauna se darán cita en Santiago de Chile. Esta es una invitación para todos los interesadas e interesados en colaborar con la comunidad Tor. Tor es software libre, estructurado alrededor de una red de servidores mantenidos por voluntarias y voluntarios a lo largo del globo para proteger el anonimato en línea y evadir la censura en Internet. Durante los dos días, miembros de la comunidad Tor estarán presentes en la Primavera Hacker con agenda abierta, dispuestos a conversar, intercambiar experiencias, aprender y enseñar respecto a las tecnologías contra la vigilancia y, principalmente, discutir sobre cómo colaborar con Tor. Tendremos también una mesa llena de stickers y regalitos de Tor :-) Encuentro Tor ------------- La red Tor está compuesta por más de 6 mil computadoras alrededor del mundo. Sin embargo, América Latina tiene una participación muy pequeña. Actualmente en Chile hay solamente 2 nodos en funcionamiento. En Brasil, apenas 25. ¡Necesitamos aumentar la diversidad de la red más allá de los Estados Unidos y Europa! Ven y participa del Encuentro Tor, y aprende como ser parte de la comunidad. Durante los dos días del festival, nuestra idea es cubrir los siguientes temas: - Como funciona Tor, por qué Tor tiene problemas con los VPNs y con los servicios proxy de un salto (1-hop) - Install fest: ¡Instala Tor Browser y Orbot con nosotros! - Como colaborar con la traducción de la documentación al castellano. - Como instalar, configurar y administrar su nodo de Tor. - Como ser voluntario más allá de mantener nodos. - Como usar OONI para detectar la censura en redes. - Como usar herramientas como onion-share. - Tor en universidades y buenas prácticas de investigación. - Tor y la ley, ajustar la legislación sobre Tor en Latinoamérica. - Mejorar la metodología de pruebas para OONI -- Listas de URLs de prueba (https://ooni.torproject.org/get-involved/contribute-test-lists/) - OONI y bloqueos: Cómo analizar los datos de OONI (https://api.ooni.lo) Si no puedes llegar al encuentro, puedes hablar por el canal: IRC: irc.oftc.net #tor-south Por la lista de correo: https://lists.torproject.org/pipermail/global-south/ Y el Wiki (Trac) para la documentación, eventos y otras cosas: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Proje… Primavera Hacker: https://phacker.org - http://u5ed42u6sbzq7xzs.onion Un abrazo, =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [EN] Tor Meetup at Primavera Hacker! Join us! Hi! Primavera Hacker (Hacker Spring) is coming. During December 2 and 3, hackers, activists, technologists, feminists and related people will meet in Santiago de Chile. This is an invitation for all people interested in collaborating with the Tor community. Tor is free software, structured around a network of volunteer-run servers, spread all around the world to anonymity online and circumvent Internet censorship. During the two days of the meeting, Tor community members will be present at Primavera Hacker with an open schedule, eager to tealk, exchange experiences, learn and teach about technologies against surveillance and, mainly, discuss how to collaborate with Tor. We will also have a table full of stickers and other Tor swag :-) Tor Meetup ---------- The Tor network is formed by over 6 thousand computers around the world. However, Latin America hosts a very small share of it. Nowadays, in Chile there are only 2 working servers. In Brasil, just 25. We need to increase the diversity of the network beyond the United States and Europe! Come and be a part of the Tor Meetup, and learn how to engage in the Tor community. During the two days of primavera hacker we will cover the following topics: - How does Tor work, why does Tor have problems with VPNs and 1-hop proxy services. - Install fest: Install Tor Browser and Orbot with us! - How to collaborate translating documentation into Spanish. - How to install, configure and administer your Tor relay. - How to use OONI to detect network censorship. - How to use tools such as onion-share. - Tor for universities and good research practices. - Tor and the law, adjust legislation about Tor in Latin America. - Improve the OONI testing methodology -- List of test URLs (https://ooni.torproject.org/get-involved/contribute-test-lists/) - OONI and blocking: How to analyze OONI data (https://api.ooni.lo) If you cannot make it to the meeting, you can talk with the participants on the following channel: IRC: irc.oftc.net #tor-south On our mailing list: https://lists.torproject.org/pipermail/global-south/ And the Wiki (Trac) for documentation, events and other things: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Proje… Primavera Hacker: https://phacker.org - http://u5ed42u6sbzq7xzs.onion hugs, ==== Encontro Tor na Primavera Hacker! Venha! ======================================== Hola! A Primavera Hacker está chegando! Nos dias 2 e 3 de dezembro, hackers, ativistas, tecnologistas, feministas se encontrarão em Santiago, no Chile. Este é um convite para todos interessados e interessadas em colaborar com a comunidade Tor. O Tor é um software livre rodado por uma rede de servidores voluntários distribuída pelo mundo para garantir o anonimato online e contornar a censura na Internet. Durante os dois dias membros da comunidade Tor estarão presentes na Primavera Hacker com a agenda aberta para conversar, trocar experiências, aprender e ensinar as tecnologias anti vigilância e, principalmente, discutir sobre como colaborar com o Tor. Teremos uma mesa cheia de adesivos e brindes do Tor :) Encontro Tor ------------- A rede Tor é composta por mais de 6 mil computadores ao redor do mundo. No entanto, a América Latina tem uma participação muito pequena. Atualmente, no Chile há apenas 2 servidores em funcionamento. E no Brasil apenas 25. Nós precisamos aumentar a diversidade da rede além dos Estados Unidos e Europa! Venha participar do Encuentro Tor e saiba como se engajar na comunidade Tor. Durante os dois dias a nossa ideia é ensinar: - Como funciona o Tor, porque Tor, os problemas com as VPNs e serviços proxy de 1-hop. - Install fest: instale Tor browser & Orbot com a gente! - Como colaborar na tradução da documentação em ES/PT. - Como instalar, configurar e gerenciar o seu relay do Tor. - Como usar o OONI para detectar a censura na rede. - Como usar ferramentas como onion-share. - Como ser voluntário além da hospedagem de servidores. - Tor em universidades e boas práticas de pesquisa. - Tor e a lei: ajustar as leis para o Tor na América Latina. - OONI melhorar a metodologia testada -- listas de URL de testes (https://ooni.torproject.org/get-involved/contribute-test-lists/) - OONI e bloqueios, como analisar OONI data (https://api.ooni.io) Se você não puder comparecer no Encontro, você pode falar com a gente por esse canal: IRC: irc.oftc.net #tor-south E pela lista de email: https://lists.torproject.org/pipermail/global-south/ E wiki (Trac) para documentacao, eventos e outras coisas: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Proje… Primavera Hacker: https://phacker.org - http://u5ed42u6sbzq7xzs.onion um abraço, -- ilv, gus, vasilis, gwolf

1 0

The Onion Box v4.0
by Ralph Wetzel 18 Nov '17

18 Nov '17

3 3

Re: [tor-relays] [tor-dev] Detecting multi-homed exit relays (was: Onion auto-redirects using Alt-Svc HTTP header)
by grarpamp 18 Nov '17

18 Nov '17

>> Detecting exit nodes is error prone, as you point out. Some exit nodes >> have their traffic exit a different address than their listening >> port. Hey does Exonerator handle these? > > Right. It's not trivial for tor to figure out what exit relays are > multi-homed -- at least not without actually establishing circuits and > fetching content over each exit relay. > > I just finished an exitmap scan and found 17 > exit relays that exit from > an IP address that is different from what's listed in the consensus: This mode of operation, regardless of how it happens, is not in itself a problem, nor cause for alarm. In fact, the nature of these "exit IP different than ORPort" relays can and often does assist users in circumventing censorship... a fundamental use case of Tor. For instance, the arbitrary automated and blind blocking via dumb blocklists that prevent even such most basic user activity and human right to knowledge as simply reading websites via Tor. Such blocking examples can often be found here: https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockin… It's also entirely up to the exit operator to determine if the third party non contractual / SLA exonerator service is of any particular use or benefit to them or not... perhaps they have other notary means, or are immune or not subject to any such legal or jurisdictional issues, for which it becomes moot. Similarly, realtime TorDNSEL and the like could be considered to be censorship enabling tools.

1 0