September 2020 - tor-relays - lists.torproject.org

Expiration time from torbulkexitlist
by Julien Moutinho 21 Sep '20

21 Sep '20

Hello Tor fans, New to Tor here, nonetheless this month I've tried to work on some type-checking and hardening of Tor in NixOS (see https://github.com/NixOS/nixpkgs/pull/97740 in case this interests you), hence I've tested Tor as an Exit node a few hours behind 80.67.180.251, as visible in: https://collector.torproject.org/recent/exit-lists/2020-09-22-01-02-00 > ExitNode 483F3347218DA225540D67AC3B9D48235A23DB89 > Published 2020-09-07 19:22:15 > LastStatus 2020-09-08 01:00:00 > ExitAddress 80.67.180.251 2020-09-08 01:59:25 And, if I'm not mistaken, only used it as a non Exit node since then (mostly to test a new NixOS abstraction around onion services). It's now 14 days past my Exit node test, yet that IPv4 is still listed in: https://check.torproject.org/torbulkexitlist despite https://lists.torproject.org/pipermail/tor-project/2020-March/002759.html announcing that: > This list is updated at most once every 40 minutes depending on the > number of exit relays in the network at the time, fetching it every hour > would be reasonable. A quick grep in https://collector.torproject.org/archive/exit-lists/exit-list-2020-07.tar.xz shows that in the past at least some exit nodes have been removed after one month: > $ grep LastStatus exit-list-2020-07/13/2020-07-13-18-02-00 | sort -r | tail -1 > LastStatus 2020-06-15 03:00:00 > $ grep LastStatus exit-list-2020-07/13/2020-07-13-19-02-00 | sort -r | tail -1 > LastStatus 2020-07-11 20:00:00 Am I right to assume that one month is the expiration time from torbulkexitlist? And can I do anything to trigger the removal before that delay? Thanks in advance for your answers, Julien

1 0

Fwd: Re: "Your server (xxxx:443) has not managed to confirm that its ORPort is reachable."
by lists＠for-privacy.net 17 Sep '20

17 Sep '20

Please always reply to the list so that everyone can help you. -------- Original Message -------- Subject: Re: [tor-relays] "Your server (xxxx:443) has not managed to confirm that its ORPort is reachable." Date: 17.09.2020 13:42 From: Pham Minh Duc <phamducvn.0308(a)gmail.com> To: lists(a)for-privacy.net > Help, I've followed steps on your Github but I still see this error. My > IP address is dynamic. It may affects? How to fix this? dynamic IP = you have your relay running at home? Then things are quite different. I guess: You have a router that connects you to the Internet and your computer running Tor gets the IP/IPv6 via DHCP? Then you have to set up port forward (ORPort, DirPort) on the router and don't need iptables on the computer in the LAN. Which OS do you have exactly. Your syslog can be every GNU/Linux, *BSD or another UNIX. Be sure you have absolutely no exit traffic, add to your torrc: ExitPolicy reject *:* and advertise the directory service on some port: DirPort 80 -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

1 0

Become a Fallback Directory Mirror (deadline: July 23)
by gus 17 Sep '20

17 Sep '20

Dear Relay Operators, Do you want your relay to be a Tor fallback directory mirror? Will it have the same address and port for the next 2 years? Just reply to this email with your relay's fingerprint. Important: you have until July 23 2020 to reply to this message to get in the fallback directory mirror list. If your relay is on the current fallback list, you don't need to do anything. If you're asking: Q: What's a fallback directory mirror? Fallback directory mirrors help Tor clients connect to the network. For more details, see [1]. Q: Is my relay on the current list? Search [2] and [3] for your relay fingerprint or IP address and port. [2] is the current list of fallbacks in Tor. [3] is used to create the next list of fallbacks. Q: What do I need to do if my relay is on the list? Keep the same IP address, keys, and ports. Email tor-relays if the relay's details change. Q: Can my relay be on the list next time? We need fast relays that will be on the same IP address and port for 2 years. Reply to this email to get on the list, or to update the details of your relay. Once or twice a year, we run a script to choose about 150-200 relays from the potential list [3] for the list in Tor [2]. Q: Why didn't my relay get on the list last time? We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might be down when we check. That's ok, we will check it again next time. It's good to have some new relays on the list every release. That helps tor clients, because blocking a changing list is harder. cheers, Gus [1] https://gitlab.torproject.org/tpo/core/tor/-/wikis/NetworkTeam/FallbackDire… [2] https://gitweb.torproject.org/tor.git/tree/src/app/config/fallback_dirs.inc [3] https://gitweb.torproject.org/fallback-scripts.git/tree/fallback_offer_list [4] https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_… -- The Tor Project Community Team Lead http://expyuzz4wqqyqhjn.onion/

26 30

OVH Warnings
by Dr Gerard Bulger 15 Sep '20

15 Sep '20

OVH seemed to have upped their game with more information than just throwing all traffic into "mitigation" which can result in bad exit status, with no information as to what their systems are detecting as a threat of denial of service attack. For the first time I got an email.no mitigation. Dear Customer, Abnormal activity has been detected on your VPS Attack detail : 4Kpps/2Mbps dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason 2020.09.15 19:02:21 CEST <http://51.38.64.136:42845/> my ip:42845 <http://212.22.93.124:25565/> 212.22.93.124:25565 TCP SYN 60 ATTACK:TCP_SYN 2020.09.15 19:02:21 CEST <http://51.38.64.136:39673/> my ip:39673 <http://212.22.93.124:25565/> 212.22.93.124:25565 TCP SYN 60 ATTACK:TCP_SYN Etc Gerry

1 0

Odd error with tor 4.3 log file
by Keifer Bly 14 Sep '20

14 Sep '20

1 0

non-encrypted connections from Tor exit relays
by kirgali＠riseup.net 10 Sep '20

10 Sep '20

hi, generalized question about Tor exit relays and exit relay operators. do some exit relay operators have a policy to prevent connections leaving their exit node via non-encrypted ports (e.g. port 25)? this could be a philosophical position - not even wanting to be in a position to observe users' data passing through the exit node in clear text. or a pragmatic position - hoping that encrypted connections provide some level (even very weak) of plausible deniability in the event that a connection attracts the attention of law enforcement. this is just my thoughts.

3 2

Re: [tor-relays] Could Zoom be using the wrong dan-tor blacklist
by Eddie 10 Sep '20

10 Sep '20

Gus, It's "OnNoNotAnotherTorRelay"; D195E5CE8AE77BAC91673E6CFB7BD0AF57281646 Cheers. On 9/9/2020 7:44 PM, gus wrote: > Hi Eddie, > > Could you inform your relay fingerprint? > > Thanks, > Gus > > On Mon, Sep 07, 2020 at 11:54:47AM -0700, Eddie wrote: >> Starting yesterday (maybe Saturday) we have been unable to initiate any Zoom >> calls. They just sit "connecting". According to Zoom, there are no issues >> that would lead to this. >> >> My investigation, traces I have run on the server, and using a VPN (on a >> tablet on my LAN) show the exact same symptoms I had a year (or so) ago with >> a couple of AT&T sites, which I eventually narrowed down to being caused by >> the same blacklist by routinely switching IPs and then eventually shutting >> down my relay temporarily. >> >> Is anyone else seeing similar and/or have any suggestions as I rather not >> have to shut my relay down. Running a multitude of VPNs on my internal >> machines is not really an option and my relay isn't going to function if I >> throw a VPN on my server. >> >> Cheers. >> >> _______________________________________________ >> tor-relays mailing list >> tor-relays(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 0

SMTP port 465/587
by kirgali＠riseup.net 10 Sep '20

10 Sep '20

Hi, question for Tor exit relay operators. Do exit relay operators allow connections to SMTP port 587 more than port 465? The RiseUp webpage says “SMTP port 465 is often blocked by Tor exit nodes but port 587 is less frequently blocked” (https://riseup.net/en/email/clients) because port 465 is considered deprecated (see RFC 8314). In practice do most exit relay operators allow connections to both SMTP ports? Thanks

1 0

OVH Mitigation
by Dr Gerard Bulger 10 Sep '20

10 Sep '20

I know we should dilute our dependence on OVH, but cheap and seem to ignore the fact the machine is an exit node. OVH has a seemingly patented a system to deal with denial of service attacks. I am not sure what they detect but when they do we get this: "We have just detected an attack on IP address x.x.x.x. In order to protect your infrastructure, we vacuumed up your traffic onto our mitigation infrastructure. The entire attack will thus be filtered by our infrastructure, and only legitimate traffic will reach your servers. At the end of the attack, your infrastructure will be immediately withdrawn from the mitigation" To be fair, the automated system takes it off after an our or two. If my tor server is left in this mitigated state, the tor exit gets labelled a BAD EXIT which is something to avoid as takes days to be trusted again. As soon as I get their email I now stop TOR to prevent that embarrassing label, and perhaps doing so stops whatever it is OVH is detecting. Being shutdown for a few hours seems better than being a bad exit. Gerry

3 2

Could Zoom be using the wrong dan-tor blacklist
by Eddie 07 Sep '20

07 Sep '20

Starting yesterday (maybe Saturday) we have been unable to initiate any Zoom calls. They just sit "connecting". According to Zoom, there are no issues that would lead to this. My investigation, traces I have run on the server, and using a VPN (on a tablet on my LAN) show the exact same symptoms I had a year (or so) ago with a couple of AT&T sites, which I eventually narrowed down to being caused by the same blacklist by routinely switching IPs and then eventually shutting down my relay temporarily. Is anyone else seeing similar and/or have any suggestions as I rather not have to shut my relay down. Running a multitude of VPNs on my internal machines is not really an option and my relay isn't going to function if I throw a VPN on my server. Cheers.

1 0