tor-relays

tor-relays@lists.torproject.org

36 participants
4815 discussions

[France] Invitation to HACKarnaval, May 17th
by gus 14 May '18

14 May '18

Hello Tor operators from France! Next thursday, May 17th, some Tor Project contributors are going to be at HACKarnaval, in Paris. Come to say 'bonjour' and meet new friends! :) cheers!, gus * * * * HACKarnaval + Tor Meetup - 17 mai au Musée des Arts et Métiers [HACKarnaval!] est un événement ouvert au publique pour célébrer le “hacking” comme une forme de partage des connaissances. Des techniciens, des chercheurs, des artistes et des bricoleurs de tous les coins du monde proposeront des ateliers, des conférences et des expositions. Rejoignez-nous le jeudi 17 mai au Musée des Arts et Métiers, de 11:00 à 21 heures. Venez explorer les mondes socio-techniques du logiciel, de l'électronique ou du wetware, et discuter des changements qu’ils promettent! https://hackarnaval.online Rencontre Tor https://hackarnaval.online/abstracts-fr/tor-meetup.html Musée des Arts et Métiers 60 rue Réaumur, 75003 Paris Métro : Arts et métiers - Entrée libre ! -- PGP: 427F 2D71 7664 D215 378C B412 8BDC 87FB 7215 E189 XMPP/OTR: 62f58f8062da3e48e0aa076f20807ecb1488658e https://gus.computer/

1 0

Strange BGP activity with my node
by Trevor Ellermann 14 May '18

14 May '18

Hi, I just a notification from my data center that someone is trying to hijack the IP of my exit node. Seems like the sort of thing someone might do when trying to attack Tor. I'm in a very remote area with limited access but any suggestions on actions I should take? ==================================================================== Possible Prefix Hijack (Code: 10) ==================================================================== Your prefix: 204.17.32.0/19: Prefix Description: GBLX-US-BGP Update time: 2018-05-09 12:11 (UTC) Detected by #peers: 1 Detected prefix: 204.17.56.42/32 Announced by: AS200005 (Asavie Technologies Limited) Upstream AS: AS200005 (Asavie Technologies Limited) ASpath: 200005 https://torstatus.blutmagie.de/router_detail.php?FP=383d6e34d9bea92e97092b1… Thanks, --Trevor

5 6

Tor Relay Bandwidth Question
by Keifer Bly 14 May '18

14 May '18

Hello, So I have been away from the computer where my relay is running off of for a few days. I have been wanting to check how much data my relay has been receiving during this time. I check it at http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e7213…, but that only shows how many “bytes” have been sent. I am wondering, is there a way to show this in megabytes / gigabytes? Thank you very much.

3 2

Problem with MyFamily config (doesn't work correctly)
by Olaf Grimm 13 May '18

13 May '18

Dear Tor controllers, For some time now I have relays in different locations and with different systems. All relays have the same torrc, except nickname. The following list shows the excerpt from metrics.torproject.org. Hydra1 (5) Hydra2 (5) Hydra5 (6) Hydra3 (2) Hydra4 (5) Hydra (5) Some time ago I checked all the torrc exactly, if the MyFamily config is correct. All relays have been restarted. Again today. I expect that the number in brackets is equal for all relays in the group. Part of my torrc: (the same for all relays (exerpt nickname), including the own fingerprint) # Hydra MyFamily $E9A31E7EFF7A062AA67DA601CC70605AACF9F385 # Hydra1 MyFamily $0647C3F8352BBFA0D57A1C3E0DCF67FC3E073D2C # Hydra2 MyFamily $B16D271047B18D29F62AE9F3CFC7094258506A03 # Hydra3 MyFamily $A766BF5C5AF7F897D81BD98797B17B1E8C014650 # Hydra4 MyFamily $2D919C1E0DFA4D7760471F971C2CA96E383AEBE0 # Hydra5 MyFamily $3E76E15E6BE6CFF409D44CCC40281AB5BB0B61C2 In the Tor Manual I've found "MyFamily fingerprint,fingerprint,… This option can be repeated many times, for convenience in defining large families: all fingerprints in all MyFamily lines are merged into one list. " With fewer relays in the past I had the variant "MyFamily $KeyID_1,$KeyID_2,$KeyID_3,...". Now this line is longer than the screen is wide. That's why I changed the spelling according the dokumentation. Why does it seem to work in one place while misrepresenting other configs? The correctly displayed one was added last week. Do I interpret the documentation incorrectly that this spelling is possible? How long is the update cycle of the metrics? I think one hour. Nothing happened for days. Now the metrics registered the restart of the relays 1:45h before, but still with the wrong MyFamily ad. Hydra1 (5) 1h 47m Hydra2 (5) 1h 44m Hydra5 (6) 1h 36m Hydra3 (2) 1h 40m Hydra4 (5) 1h 37m Hydra (5) 1h 51m Olaf

2 1

Change Tor's security settings
by dave` dave 13 May '18

13 May '18

There is a way to cancel/change Tor's security settings(which means that i can't use same ip for two parts of the circuit-Guard/Bridge or Middle or Exit) and set him to use the same ip for all his circuit(Guard, middle and exit). and or instead of doing that can i set a specific Middle-Relay?

2 2

what ip,port combinations do Tor clients need?
by Martin Kepplinger 12 May '18

12 May '18

Hi, How does a usable ipset (hash:ip,port) look like, so that it is a whitelist for in/out tcp connections? *Everything* else from/to the outside world is assumed to be dropped. (DNS too). * dir auths from src/or/auth_dirs.inc * fallback dirs from scripts/maint/fallback.whitelist * current guard relays (parsed from a consensus file) anything else? Bonus question: how would you write this whitelist in iptables rules, assuming you have the complete ipset? thanks martin

2 3

PSA regarding Quad9 DNS Resolver
by Nathaniel Suchy (Lunorian) 11 May '18

11 May '18

Like OpenDNS, Quad9 is a censoring DNS resolver and exits using it are / should be considered bad exits. I haven’t seen any exits using it yet however I thought I’d bring it up. Thoughts? Cheers, Nathaniel Sent from my iPhone

4 4

Re: [tor-relays] tor-relays Digest, Vol 88, Issue 13
by flipchan 11 May '18

11 May '18

Great thread! I just use the recommended onces that support dnssec On May 11, 2018 11:55:39 AM UTC, tor-relays-request(a)lists.torproject.org wrote: >Send tor-relays mailing list submissions to > tor-relays(a)lists.torproject.org > >To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >or, via email, send a message with subject or body 'help' to > tor-relays-request(a)lists.torproject.org > >You can reach the person managing the list at > tor-relays-owner(a)lists.torproject.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of tor-relays digest..." > > >Today's Topics: > > 1. lets stop using central big DNS resolvers (Google, Level3, > OpenDNS, Quad9, Cloudflare) (nusenu) > 2. Re: lets stop using central big DNS resolvers (Google, > Level3, OpenDNS, Quad9, Cloudflare) (Tyler Durden) > 3. Re: lets stop using central big DNS resolvers (Google, > Level3, OpenDNS, Quad9, Cloudflare) (nusenu) > 4. PSA regarding Quad9 DNS Resolver (Nathaniel Suchy (Lunorian)) > 5. Re: Strange BGP activity with my node (Johan Nilsson) > 6. Re: lets stop using central big DNS resolvers (Google, > Level3, OpenDNS, Quad9, Cloudflare) (Nathaniel Suchy (Lunorian)) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Thu, 10 May 2018 22:16:00 +0000 >From: nusenu <nusenu-lists(a)riseup.net> >To: tor-relays(a)lists.torproject.org >Subject: [tor-relays] lets stop using central big DNS resolvers > (Google, Level3, OpenDNS, Quad9, Cloudflare) >Message-ID: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec(a)riseup.net> >Content-Type: text/plain; charset="utf-8" > >Dear Exit Relay Operators, > >I'd like to invite you to check your exit's DNS resolver by >having a look at the following list of exits using resolvers >outside their AS (especially if it is Google, OpenDNS, Quad9 or >Cloudflare). > >You can search the list for you contactinfo, relay nickname or relay >fingerprint (first 8 characters): > >https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dn… > > >I extended the "DNS on Exit Relays" section in the Tor Relay Guide >to include specific instructions what is recommended for Tor exit >operators with >regards to DNS on exit relays. > >https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays > >If you found yourself on the list above and changed your DNS to a local >(same host or same AS) >resolver or found a false-positive, please drop me an email (off-list >is also ok). > > >The goal is to be bellow the following thresholds within one year: >- not have any single remoteAS entity control more than 10% exit >capacity >- reduce the overall remoteAS share to bellow 20% exit capacity > >the longer version of this can be found at: >https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca > >thanks for helping with DNS decentralization on the tor network, >nusenu > >-- >https://mastodon.social/@nusenu >twitter: @nusenu_ > >

1 0

TOR Relay Activity Reset
by Keifer Bly 09 May '18

09 May '18

Hello, for some reason the read/write status of my relay at http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e7213… has been reset to nothing (all flat lines) however the relay is still marked as “running” with it’s current uptime of 11 days 20 hours. I’d also like to note that my relay usually only takes 8 days to get stable flag, however it’s been up for almost 12 days now and that still hasn’t happened. Why might this have happened? Thank you.

2 2

Secret Google and Microsoft Blacklists affecting non tor IPs if on same server.
by gerard＠bulger.co.uk 09 May '18

09 May '18

Secret Google and Microsoft Blacklists affecting non tor IPs if on same server. Just had to shut down my exit temporally while Google sorts out their secret blacklisting system on my innocent non-tor IP. My server has two IPs, not consecutive. One I use for my own email server and public web server, locked tight and private. No relays, no proxy. This IP is not on any blacklist. Second IP is used for TOR alone and forced exit is via this second IP, and only has TOR-use ports open. This IP is not on any blacklist other than being listed as a tor exit. Torrc config has careful port selection, not port 80 except to a single /8 block. 443 open etc. Despite many other ports open, apart from the obvious at risk ones which are blocked, I have had no abuse notices over last year it has been up. Quiet ISP. ISP have no idea as to why Google blocked my IP (despite high traffic from second IP!). Alas it seems that both Google now and Microsoft before tar both IPs with the same brush and reject. Google just stared blocking emails from my domain to all gmail accounts It is a real performance finding out who to contact to undo this block. Microsoft was a pain last year, but this year is it is Google. Google’s own postmaster tools reports no issues about my domain! Alas: Mailog: May 8 20:17:16 server postfix/smtp[4079]: E36533E07F4: host gmail-smtp-in.l.google.com[64.233.166.26] said: 421-4.7.0 [109.228.50.196 15] Our system has detected an unusual rate of 421 -4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 4 21-4.7.0 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.0 review our Bulk Email Senders Guidelines. o31-v6si13678468wrc.44 - gsmtp (in reply to end of DATA command) Really annoying that my email server IP has never sent anything, no relay, no spam, almost no traffic so what is stated is not true and even their own tools reports nothing. Is Google looking at MAC addresses to do this? How can we stop it? I really do not want to run another server just for tor as that costs! Gerry

3 4

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays