- tor-relays - lists.torproject.org

New Fallbacks from December 2018
by teor 15 Jan '19

15 Jan '19

Dear Relay Operators, Thanks to everyone who opted-in their relays as fallback directory mirrors. We rebuilt the list of fallbacks in December 2018. [0] The new list was released in Tor 0.3.5.6-rc, and it was backported to all supported Tor releases. [1] The FallbackDir flags on Consensus Health [2] have been updated. The flags on Relay Search [3] might take a few days to update. Don't worry if your relay missed out this time. It's still helping Tor users. And we will rebuild the fallback list again in 6-12 months time. We are tracking fallback changes in this ticket [4]. To opt-in your relays, add a comment to the ticket [4], or reply to this thread. If you have multiple relays, you can opt-in as many as you like. (We picked up to 7 per operator this time, and we may pick more next time.) T [0]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc https://trac.torproject.org/projects/tor/ticket/24801 [1]: 0.2.9, 0.3.3, 0.3.4, 0.3.5, and 0.4.0. See https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… [2]: https://consensus-health.torproject.org/graphs.html [3]: For example, this relay is a new fallback: https://metrics.torproject.org/rs.html#details/0C039F35C2E40DCB71CD8A07E97C… [4]: https://trac.torproject.org/projects/tor/ticket/28794 T -- teor ----------------------------------------------------------------------

1 0

Adding Obfuscation Types To Windows Bridge
by Keifer Bly 15 Jan '19

15 Jan '19

Hello, So I am running an obfuscated bridge using the tor expert bundle and the compiled version of obfs4. There are some questions I wanted to ask. So, I am looking to add pluggable transports to my bridge, which currently only supports obfs4. I do not have access to any services that offer domain fronting, or third party servers, so I cannot run meek as a result. However, is it possible to add more than one pluggable transport, such as Format-Transferring Encryption or ScrambleSuit and also have obfs4? Are there compiled versions of these pluggable transports for windows? I also wanted to ask, do I need to update obfs4.exe when I update tor.exe? Another question, so I have in my torrc file, Contact Info: followed by an obfuscated version of this email address. However, as seen on my bridge listing at https://metrics.torproject.org/rs.html#details/148BD64BED9F2C27637D986DE032… The contact into does not appear. I do not want to give this email address out publicly, but I do want to register with bridge authorities so they can contact me if something is wrong with my bridge. Here is my torrc, with the ContactInfo line listed. Nickname torland ContactInfo keifer dot bly at gmail dot com SOCKSPort 0 # no local SOCKS proxy ORPort 9002 # public bridge must have an open ORPort ExtORPort auto # configure ExtORPort for obfs4proxy ExitPolicy reject *:* # no exits allowed BridgeRelay 1 # relay won't show up in the public consensus PublishServerDescriptor 1 # publish to the bridge authority # use obfs4proxy to provide obfs4 on port 9003 ServerTransportPlugin obfs4 exec C:\Users\keife\AppData\Roaming\tor\PluggableTransports\obfs4proxy.exe ServerTransportListenAddr obfs4 0.0.0.0:9003 Thanks all very much. --Keifer

1 0

Re: [tor-relays] why the network lost 350 relays and some, bridges
by Argo2 12 Jan '19

12 Jan '19

I was intrigued by the high number of consumer IP's that these relay are supposed to be running on while seemingly automated updating the relay version. The nickname made me look into Ubuntu Snaps as a possible tor distribution which led me to this snap: https://snapcraft.io/tor-middle-relay. It was last updated the 9th of January and when you download the stable snap it is actually named 'snap269'. So the maintainer in this case is the snap maintainer, but not necessarily the relay(s) operator. I have not looked into how these snaps actually work but it may be the case that they actually needed the PortForwaring functionality to get tor running inside a snap. Given that information it could very well be the case that these relays are not running behind a NAT and not run by the same operator but actually by a group of different people. > Date: Sat, 12 Jan 2019 08:07:00 +0000 > From: nusenu <nusenu-lists(a)riseup.net> > >> this occurred when these relays upgraded from tor 0.3.3.10 to 0.3.4.9 >> (package maintainer update) >> >> All these relays were behind NAT devices and they relied on a tor >> feature that got removed between these two versions: >> >>> o Removed features: >>> - The PortForwarding and PortForwardingHelper features have been >>> removed. [...]https://trac.torproject.org/projects/tor/ticket/25409 > > I guess I somehow expected that: the maintainer patched tor 0.3.4.10 to added this > feature again and here we go again with the flood of relays using that version of tor: > > 79 relays from 2019-01-11: > > | Up | Ext | JoinTime | Nickname | Version | IP | AS | CC | ORp | Dirp | OS | Contact | eFamMembers | FP | > |------+-------+------------+------------+-----------+-----------------+------------------------------------------+------+-------+--------+-------+-----------+---------------+------------------------------------------| > | 0 | 0 | 01:06:55 | snap269 | 0.3.4.10 | 117.104.229.222 | Instatelecom Limited | af | 43453 | 0 | Linux | None | 1 | CF52FF9F481C618E540D5DACB0C2875F1B7687B5 | > | 0 | 0 | 01:27:25 | snap269 | 0.3.4.10 | 90.253.141.146 | Vodafone Limited | gb | 46089 | 0 | Linux | None | 1 | B483C5FE8A2888F8E02885D8488404DBBEFBCF3B | > [SNIP]

3 3

why the network lost >350 relays and some bridges
by nusenu 12 Jan '19

12 Jan '19

As some of you might have noticed the tor network recently lost a noticeable number of relays and bridges as seen in the metrics.tpo relay graphs (0.7% cw fraction). https://metrics.torproject.org/networksize.html https://pbs.twimg.com/media/DwGAESoXgAEoB6L.jpg this occurred when these relays upgraded from tor 0.3.3.10 to 0.3.4.9 (package maintainer update) All these relays were behind NAT devices and they relied on a tor feature that got removed between these two versions: > o Removed features: > - The PortForwarding and PortForwardingHelper features have been > removed. [...]https://trac.torproject.org/projects/tor/ticket/25409 The portforwarding worked only in about 5% of cases so only 350 of the over 6000 relays actually became reachable. Since I still believe these relays are not run by humans I hope they remain unreachable behind their NAT routers. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

3 4

Tor Relay Configuration: 'MyFamily' missing - byelitehacks
by nusenu 10 Jan '19

10 Jan '19

Hi byEliteHacks, thanks for helping the tor network by running relays. please do not forget to set your "MyFamily" configuration parameter on all your relays, so Tor clients are not at risk of using your relays in multiple positions in a single circuit. https://nusenu.github.io/OrNetStats/endtoend-correlation-groups#conatfynndo… Some more background: https://medium.com/@nusenu/some-tor-relays-you-might-want-to-avoid-5901597a… Let us know if you need any help with this. regards, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

1 0

google Public DNS now Supports DNS-over-TLS
by I 10 Jan '19

10 Jan '19

2 1

torservers.net impersonation: exit relay "Dontbleed9"
by nusenu 07 Jan '19

07 Jan '19

Hi, if you are the operator of the following relay, please stop impersonating torservers.net via ContactInfo and DirFrontPage or risk getting removed from the tor network. +----------------------------------------------------------------------------+------------------+----------------+----------------------------------------+-------------+ | contact | nickname | IP | as_name | efamMembers | +----------------------------------------------------------------------------+------------------+----------------+----------------------------------------+-------------+ | https://www.torservers.net/donate.html <support .AT. torservers .DOT. net> | Dontbleed9 | 213.61.215.54 | COLT Technology Services Group Limited | 1 | +----------------------------------------------------------------------------+------------------+----------------+----------------------------------------+-------------+ https://metrics.torproject.org/rs.html#details/C332CB1924619CF9E74898154232… -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

1 0

Re: [tor-relays] [OrNetRadar] NickPrefix: "tOr" (14)
by nusenu 07 Jan '19

07 Jan '19

please set a proper contactInfo and MyFamily when running so many relays to avoid getting removed from the network ornetradar(a)riseup.net: > 2019-01-06 > > | Up | Ext | JoinTime | Nickname | Version | IP | AS | CC | ORp | Dirp | OS | Contact | eFamMembers | FP | > |------+-------+------------+------------+-----------+-----------------+---------------------+------+-------+--------+-------+-------------------------------------+---------------+------------------------------------------| > | 1 | 0 | 13:47:33 | tOr | 0.3.4.9 | 176.9.73.145 | Hetzner Online GmbH | de | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 27A01740A87B5861DB4008BB81F8CFA518FDA554 | > | 1 | 0 | 15:15:06 | tOr | 0.3.4.9 | 51.15.47.139 | Online S.a.s. | nl | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 62E436E252D3657D838AA2D3769530DEB0651BD5 | > | 1 | 0 | 15:18:09 | tOr | 0.3.4.9 | 51.15.179.39 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 430708DD45146CD58C18E34F6EF8E249AF5E2795 | > | 1 | 0 | 15:21:51 | tOr | 0.3.4.9 | 51.15.57.43 | Online S.a.s. | nl | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 25E6490C85CCD7B399F816F855BEB1610D8EB56B | > | 0 | 0 | 15:22:12 | tOr | 0.3.4.9 | 51.15.55.204 | Online S.a.s. | nl | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 97C183B6ED91CF734F18E3AE08A19D6886F6CA6F | > | 1 | 0 | 15:22:38 | tOr | 0.3.4.9 | 51.15.84.167 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | B9B11438B56875029AD58FC2806D5B6F6546B4F1 | > | 1 | 0 | 15:27:42 | tOr | 0.3.4.9 | 51.15.141.150 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 758022E3952DBA2E74EAA6A7F71FBC7671F50964 | > | 1 | 0 | 15:27:44 | tOr | 0.3.4.9 | 212.47.231.164 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 5935A516784B11A425B6CF82C2740EE53A20C8E7 | > | 1 | 0 | 15:33:08 | tOr | 0.3.4.9 | 51.15.51.3 | Online S.a.s. | nl | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 89DDCCBAEBDC2B8C94DA657E8ED6C2FD9A810081 | > | 1 | 0 | 15:35:48 | tOr | 0.2.9.14 | 51.15.92.208 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 0CA7D6634359FC7691AC9159996AD0863D0248FF | > | 1 | 0 | 15:36:54 | tOr | 0.3.4.9 | 51.15.52.4 | Online S.a.s. | nl | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | A9A834754E43C80DADCC38E4CF81362F357CABE7 | > | 1 | 0 | 15:37:44 | tOr | 0.3.4.9 | 51.15.84.8 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | B8F0501E3AB911C2EA955EDC30D29B938F5B6B17 | > | 1 | 0 | 15:40:09 | tOr | 0.2.9.14 | 51.15.137.138 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 3FF883A45AEA15721FFFB970EBB7B88719C70E9E | > | 1 | 0 | 15:41:59 | tOr | 0.3.4.9 | 163.172.186.236 | Online S.a.s. | fr | 443 | 0 | Linux | 0xFFFFFFFF Random Person <nobody AT | 1 | 301F7608C5A6213F381BDBD7010EBB81128E0DAA | > > https://nusenu.github.io/OrNetRadar/2019/01/06/a4 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

1 0

tor 0.3.3.x reaches end-of-life on 2019-02-22
by nusenu 06 Jan '19

06 Jan '19

In less than 2 months from now, tor 0.3.3.x will reach its end of life date (2019-02-22). As of today there are still over 640 relays (>10% CW fraction) running that version. If you still run that or another end-of-life version of tor please update to help prevent known issues. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

1 0

having just 1 exit port - helpful?
by Toralf Förster 06 Jan '19

06 Jan '19

If just 1 port would be opened at an relay, eg. 6697, would this help the Tor network or would only spammers and DDoS use that port? -- Toralf PGP C4EACDDE 0076E94E

4 3