- tor-relays - lists.torproject.org

New Exit-Relay / First abuse issues
by tor-markus 26 Sep '18

26 Sep '18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey *, I run C65EF5E06B8338CF976D376048BE2C8FBD499C9C for about a month. On Monday I received the first abuse ticket from my ISP (Contabo GmbH). The ticket contained lots and lots of log information from a fail2ban system so GMail sent it right into the spam folder. 24 hours later I received a monitoring e-mail that my server was down. After a little search through my mails I found out that Contabo shuts down all services within 24h if there is no reply. That kinda sucked because I run some private services on this machine (different ip). Contabo's mail claimed that a 30€ fee would be due in order to cover their work for disabling and enabling the server. A very very unfriendly e-mail and about an hour of time later my server was back online :) (Note: the e-mail was sent around 10 PM and I received the answer at about 11 PM, so the abuse department is there 24/7. Their hotline however, can't deal with abuse complaints, they can only be handled via e-mail.) Contabo sent me a (probably) automated e-mail that the issue was resolved and no further action is needed. Overall I think its a little unprofessional to shutdown servers within 24 hours without trying to call a customer, or at least several e-mail reminders over a day or two. Markus This is my new abuse e-mail template for German speaking hosting providers: Sehr geehrte Damen und Herren, Auf dem Server wird eine Tor-Exit Node betrieben. NachTMG §8ist der Betreiber von jeder Haftung für die durchgeleiteten Daten befreit, dies gilt für mich als Ihren Kunden sowohl als auch für Sie als mein ISP. Die IP X.X.X.X leitet ausschließlich Tor-Exit Traffic durch. Diese Übermittlungen sind weder von mir veranlasst noch wird der Adressant oder die zu übermittelnden Informationen ausgesucht und oder verändert. Unter der IP Adresse X.X.X.X werden keinerlei Daten bereitgestellt. Diese Ports werden durchgeleitet: 20-21, 43, 53, 80-81, 88, 110, 143, 194, 220, 389, 443, 464-465, 531, 543-544, 554, 563, 587, 636, 706, 749, 853, 873, 902-904, 981, 989-995, 1194, 1220, 1293, 1500, 1533, 1677, 1723, 1755, 1863, 2082-2083, 2086-2087, 2095-2096, 2102-2104, 3128, 3389, 3690, 4321, 4643, 5050, 5190, 5222-5223, 5228, 5900, 6660-6669, 6679, 6697, 8000, 8008, 8074, 8080, 8082, 8087-8088, 8232-8233, 8332-8333, 8443, 8888, 9418, 9999-10000, 11371, 19294, 19638, 50002, 64738. Im Falle von Spam / Brute Force empfehlen ich dem Absender der abuse E-Mail seine Systeme mit Tools wieFail2Ban,reCAPTCHA zu schützen. Im Falle von gehäuften (D)DoS Attacken gibt es die Möglichkeit das gesamte Tor Netzwerk zu blockieren. Hierfür steht ein eine jederzeit aktuelle Blacklist aller Tor-ExitNodes bereit: https://www.torproject.org/projects/tordnsel.html Falls ausschließlich über die IP X.X.X.X bösartiger Traffic ausgeht kann der Absender der abuse E-Mail diesen mithilfe von iptables blockieren: iptables -A INPUT -s X.X.X.X -j DROP Falls der Absender diese Möglichkeit nicht hinnehmen möchte, kann von meiner Seite aus jeder Traffic zu seiner IP bzw. zu einzelnen Ports unterbunden werden. Dem Absender der Abuse E-Mail können sie in meinem Namen folgende Nachricht zukommen lassen: > Dear Sir or Madame, > > we would like to forward this message on behalf of our customer who is responsible for this particular server with the IP X.X.X.X. > > The IP address in question is a Tor exit node.https://www.torproject.org/overview.html > > There is little we can do to trace this matter further. As can be seen from theoverview page, the Tor network is designed to make tracing of users impossible. The Tor network is run by some 5000 volunteers who use the free software provided by the Tor Project to run Tor routers. Client connections are routed through multiple relays, and are multiplexed together on the connections between relays. The system does not record logs of client connections or previous hops. This is because the Tor network is a censorship resistance, privacy, and anonymity system used by whistle blowers, journalists, Chinese dissidents skirting the Great Firewall, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. Seehttps://www.torproject.org/about/torusers.html.enfor more info. Unfortunately, some people misuse the network. However, compared to the rate of legitimate use, abuse complaints are rare.https://www.torproject.org/docs/faq-abuse.html.en > This does not mean that nothing can be done, however. The Tor project provides an automated DNSRBL for you to query to flag traffic coming from Tor nodes.https://www.torproject.org/projects/tordnsel.html.en. In general, we believe that problems like this are best solved by improving your service to defend against the attack from the Internet at large. > > As a German individual I fully comply with the Germantelemedia law §15. This prohibits logging any personally identifiable data or usage data except for billing purposes. As we do not charge any users any fees we will not be able to keep any connection data now and in the future. Furthermore I am protected by German telemedia law §8, which protects me from any liability for traffic that passes through my infrastructure on behalf of users. This also protects my ISP (XXX) from any liability. > > Thanks for your understanding, > XXX Für dringliche Angelegenheiten bitte ich Sie mich direkt unter +XXXX zu kontaktieren. Mit dieser automatisierten Antwort erkenne ich eine Fristsetzung für ein Abuse-Ticket nicht an. Desweiteren fordere ich Sie dazu auf den Server nicht zu deaktivieren, da keine Rechtsverletzungen in irgendeiner Form durch den Server und seine angebotenen Dienste entstehen können. Das TMG im Paragraphen 8 schützt sowohl Sie als auch mich vor jedweder Haftung für den Traffic der durch die Nutzer der Tor-Exit Node entsteht. Einer etwaigen Bearbeitungsgebühr widerspreche ich, da dies weder im Vertrag noch in den AGBs zum Zeitpunkt des Vertragsschluss kommuniziert wurde. Im Falle einer ungerechtfertigten Deaktivierung behalte ich mir vor Zahlungen für den Zeitraum den Zeitraum der Deaktivierung einzubehalten. Mit freundlichen Grüßen, XXX Sent with ProtonMail Secure Email. -----BEGIN PGP SIGNATURE----- Version: ProtonMail Comment: https://protonmail.com wsBcBAEBCAAQBQJboklXCRB9CI1YHT0L1QAAZIEIAKRgL+rUVz255CLBxGIj 9Iq34ifPlGJr0xtJUWZoB0/+dWtqc253dU1JqLiEzUlzwiVUhBclFzM6WsIr KoEjOvUqMc3Bfq3g3cj4FhPASXPCAw8ZxSUIV8KI85uLCbzwAI/nU/LUnh99 7v351MPxIZJsdCTuWjT5MjxAndys/g5gC3XtrwC7pCQ1D2gpEAAIRWA7NvUW xJBaMb4KADnVBAMETj8oV9q8KxX3fXJwPLSC5cldC3jiA7wV3njHIiV70V08 1ZT3rEVKryAt82tvNY86MKRLxvi/OJMiSM0kFbAlsGs5s9czPnzw3Jau9bk8 2ccQ3G8IMyLdrHjKhcaMvBU= =tyGN -----END PGP SIGNATURE-----

6 6

Ten Hours of White Noise Got Five Copyright Notices
by I 26 Sep '18

26 Sep '18

1 0

(no subject)
by Kai Sullivan 26 Sep '18

26 Sep '18

Envoyé de mon iPhone

1 0

Re: [tor-relays] Running an exit node behind NAT?
by Isaac Grover, Aileron I.T. 25 Sep '18

25 Sep '18

Good afternoon nusenu, Thank you for your offer of assistance. I sent the requested information to your -lists email address. Make your day great, Isaac Grover, Senior I.T. Consultant Aileron I.T. - "Practical & Proactive I.T. Solutions" O: 715-377-0440, F:715-690-1029, W: www.aileronit.com LinkedIn: https://www.linkedin.com/in/IsaacGrover/ YouTube: https://www.youtube.com/channel/UCqrwZNFKdR-guKtuQzFPObQ -----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of tor-relays-request(a)lists.torproject.org Sent: Monday, September 24, 2018 5:01 PM To: tor-relays(a)lists.torproject.org Subject: tor-relays Digest, Vol 92, Issue 62 Send tor-relays mailing list submissions to tor-relays(a)lists.torproject.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays or, via email, send a message with subject or body 'help' to tor-relays-request(a)lists.torproject.org You can reach the person managing the list at tor-relays-owner(a)lists.torproject.org When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..." Today's Topics: 1. Re: Memory leak in 0.3.4.8? (nusenu) 2. Re: Jerk spammers on tor-relays (Ralph Seichter) 3. Reminder: Meeting in #tor-relays (Colin Childs) 4. Running an exit node behind NAT? (Isaac Grover, Aileron I.T.) 5. Re: Running an exit node behind NAT? (nusenu) ---------------------------------------------------------------------- Message: 1 Date: Mon, 24 Sep 2018 12:14:00 +0000 From: nusenu <nusenu-lists(a)riseup.net> To: tor-relays(a)lists.torproject.org Subject: Re: [tor-relays] Memory leak in 0.3.4.8? Message-ID: <be59b0ce-c3c1-7db3-1855-b33320d01897(a)riseup.net> Content-Type: text/plain; charset="utf-8" please add any further information directly to the relevant trac issue at https://trac.torproject.org/projects/tor/ticket/27813 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180924/c8e77…> ------------------------------ Message: 2 Date: Mon, 24 Sep 2018 15:49:56 +0200 From: Ralph Seichter <m16+tor(a)monksofcool.net> To: tor-relays(a)lists.torproject.org Subject: Re: [tor-relays] Jerk spammers on tor-relays Message-ID: <d9400f26-314e-7d38-dc58-1137e9106238(a)monksofcool.net> Content-Type: text/plain; charset=utf-8 On 24.09.18 02:12, Dave Warren wrote: > I don't see anything obvious that addresses my approach (only the > approach of sending a message from a consistent address out slowly, > which has several obvious flaws). Messages are already uniquely identifiable, and your approach is just a variation of the method Andreas described. While it bundles spamtraps, it is still just as easily avoided using trigger address sets in the manner I mentioned before. -Ralph ------------------------------ Message: 3 Date: Mon, 24 Sep 2018 15:18:23 -0500 From: Colin Childs <colin(a)torproject.org> To: tor-relays(a)lists.torproject.org Subject: [tor-relays] Reminder: Meeting in #tor-relays Message-ID: <BB20ADEB-B77A-48D7-AE03-79891F17CAA0(a)torproject.org> Content-Type: text/plain; charset=us-ascii Hi everyone, This is a reminder email that we will be holding a relay operator meeting on IRC this Tuesday, September 25th @ 19:00 UTC. You can confirm your local date / time by visiting the following page, and selecting your timezone from the dropdown menu: https://www.worldtimeserver.com/convert_time_in_UTC.aspx?y=2018&mo=9&d=25&h… When: September 25th @ 19:00 UTC Where: irc.oftc.net @ #tor-relays ------------------------------ Message: 4 Date: Mon, 24 Sep 2018 21:48:19 +0000 From: "Isaac Grover, Aileron I.T." <igrover(a)aileronit.com> To: "'tor-relays(a)lists.torproject.org'" <tor-relays(a)lists.torproject.org> Subject: [tor-relays] Running an exit node behind NAT? Message-ID: <CY4PR04MB1078F3D3A619B70A5D3B83E9A8170(a)CY4PR04MB1078.namprd04.prod.outlook.com> Content-Type: text/plain; charset="utf-8" Good afternoon fellow exit node operators, I'm trying to run an exit node for specific ports on a reserved IP address from a VM behind NAT. Based on old how-to's and resolving errors in syslog, this is where I've settled for the torrc after installing the instances via ansible and relayor (thanks nusenu!); however, I'm not seeing the traffic counters update much at all and the exit node isn't showing up in consensus. What needs to be changed? OutboundBindAddress (internal IP) ORPort (internal IP):9000 DirPort (internal IP):80 DirPort (external IP) NoListen DirPort (internal IP) NoAdvertise Make your day great, Isaac Grover, Senior I.T. Consultant Aileron I.T. - "Practical & Proactive I.T. Solutions" O: 715-377-0440<tel:715-425-0440>, F:715-690-1029<tel:715-690-1029>, W: www.aileronit.com<http://www.aileronit.com/> LinkedIn: https://www.linkedin.com/in/IsaacGrover/ YouTube: https://www.youtube.com/channel/UCqrwZNFKdR-guKtuQzFPObQ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180924/f6ab0…> ------------------------------ Message: 5 Date: Mon, 24 Sep 2018 22:01:00 +0000 From: nusenu <nusenu-lists(a)riseup.net> To: tor-relays(a)lists.torproject.org Subject: Re: [tor-relays] Running an exit node behind NAT? Message-ID: <7787779b-fc94-96cf-2160-727e847945e8(a)riseup.net> Content-Type: text/plain; charset="windows-1252" Isaac Grover, Aileron I.T.: > Good afternoon fellow exit node operators, > > I'm trying to run an exit node for specific ports on a reserved IP > address from a VM behind NAT. Based on old how-to's and resolving > errors in syslog, this is where I've settled for the torrc after > installing the instances via ansible and relayor (thanks nusenu!); > however, I'm not seeing the traffic counters update much at all and > the exit node isn't showing up in consensus. What needs to be > changed? > > OutboundBindAddress (internal IP) ORPort (internal IP):9000 DirPort > (internal IP):80 DirPort (external IP) NoListen DirPort (internal IP) > NoAdvertise if you are fine with that, please send me the config file, 'ip addr' output and logfile when tor starts up. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180924/9f615…> ------------------------------ Subject: Digest Footer _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ------------------------------ End of tor-relays Digest, Vol 92, Issue 62 ******************************************

1 0

Running an exit node behind NAT?
by Isaac Grover, Aileron I.T. 25 Sep '18

25 Sep '18

Good afternoon fellow exit node operators, I'm trying to run an exit node for specific ports on a reserved IP address from a VM behind NAT. Based on old how-to's and resolving errors in syslog, this is where I've settled for the torrc after installing the instances via ansible and relayor (thanks nusenu!); however, I'm not seeing the traffic counters update much at all and the exit node isn't showing up in consensus. What needs to be changed? OutboundBindAddress (internal IP) ORPort (internal IP):9000 DirPort (internal IP):80 DirPort (external IP) NoListen DirPort (internal IP) NoAdvertise Make your day great, Isaac Grover, Senior I.T. Consultant Aileron I.T. - "Practical & Proactive I.T. Solutions" O: 715-377-0440<tel:715-425-0440>, F:715-690-1029<tel:715-690-1029>, W: www.aileronit.com<http://www.aileronit.com/> LinkedIn: https://www.linkedin.com/in/IsaacGrover/ YouTube: https://www.youtube.com/channel/UCqrwZNFKdR-guKtuQzFPObQ

3 2

Reminder: Meeting in #tor-relays
by Colin Childs 24 Sep '18

24 Sep '18

Hi everyone, This is a reminder email that we will be holding a relay operator meeting on IRC this Tuesday, September 25th @ 19:00 UTC. You can confirm your local date / time by visiting the following page, and selecting your timezone from the dropdown menu: https://www.worldtimeserver.com/convert_time_in_UTC.aspx?y=2018&mo=9&d=25&h… When: September 25th @ 19:00 UTC Where: irc.oftc.net @ #tor-relays

1 0

Willing to be FallbackDir
by Quake 23 Sep '18

23 Sep '18

Hello, I'm interested on being a FallbackDir. Relay details: Nick: Quake Fingerprint: 490FB3FAAF8837407D94CA7E1DEF025DEF0F3516 Dir address: 178.175.139.122:80 A few restarts here and there but downtimes so far have been just few minutes max. I tend to run the latest Tor unstable versions and update as fast as possible when a new version comes out. If you feel like the relay's eligible to be added as a FallbackDir then by all means, feel free to add it to the source code.

1 0

Re: [tor-relays] Help! TOR Relat dead after upgrading Ubuntu to 18.04
by Ben Riley 23 Sep '18

23 Sep '18

I'm back in business!!!! THANK YOU!! So I changed a couple of ports and also opened those on my router. Previously I only had 9030 & 9001. I've added DirPort on 9051, Socks on 9050. I've actually got 4 ports open on the router for TOR - 9001, 9030, 9050 & 9051. I set 9030 as my control port in torrc - does that port need to be open on the router? Or can I remove that port forward? I have one of the authentication methods unhashed, so I believe that protects that somewhat. netstat -tlpn returns the following: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9051 0.0.0.0:* LISTEN 9531/tor tcp 0 0 127.0.0.1:9030 0.0.0.0:* LISTEN 9531/tor tcp 0 0 0.0.0.0:9001 0.0.0.0:* LISTEN 9531/tor tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN 1342/teamviewerd tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 747/systemd-resolve tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6055/cupsd tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 9531/tor tcp6 0 0 ::1:631 :::* LISTEN 6055/cupsd nyx appears to be running fine now. I can see the graph and log messages like previously. It pulled my previous Nickname, but I currently have no flags, so I'm guessing that will update later. I've got the exit policy set to reject *:* however, as I don't want to blow my ISP off. Is that about it? Can anyone think of anything else I need to check? Thank you to everyone who offered solutions! On Thu, Sep 20, 2018 at 4:19 AM Chad MILLER <chad(a)cornsilk.net> wrote: > I maintain the tor-middle-relay Snap package. It listens on system-chosen, > arbitrary ports. May be useful to you, itself, or to steal ideas from. > > $ sudo snap install tor-middle-relay > > > > > On Wed, Sep 19, 2018, 04:56 Ben Riley <blades1000(a)gmail.com> wrote: > >> First off, will outline that I am very much a newbie, but was able to get >> a relay up and running on a Ubuntu machine. It was running fine for maybe >> 12 months (MelbTorBox), with a few resets and software updates along the >> way. >> >> Just doing my bit to help the network. >> >> Anyway, after the Ubuntu upgrade, I had to re-install TOR and I believed >> I did it basically the same way. >> >> Unfortunately, that appears not to be the case. >> I've posted the error messages on the Ubuntu forum hoping to get >> assistance, but no joy: >> >> https://askubuntu.com/questions/1070469/18-04-tor-relay-error-could-not-bin… >> >> I'm now coming to the experts to see if I can resurrect relay before I >> pull the pin on the idea. >> >> I have BASIC Unix knowledge (I can type commands and that's about it). I >> think I might have a couple of copies installed in different places and I >> know I have the TOR browser installed (it works fine). >> >> When I type 'nyx' it replies with: >> Unable to connect to tor. Maybe it's running without a ControlPort? >> >> So I type 'tor' and get >> Sep 19 21:34:24.819 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running >> on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.11, Liblzma >> 5.2.2, and Libzstd 1.3.3. >> Sep 19 21:34:24.819 [notice] Tor can't help you if you use it wrong! >> Learn how to be safe at >> https://www.torproject.org/download/download#warning >> Sep 19 21:34:24.819 [notice] Read configuration file "/etc/tor/torrc". >> Sep 19 21:34:24.823 [notice] Based on detected system memory, >> MaxMemInQueues is set to 2862 MB. You can override this by setting >> MaxMemInQueues by hand. >> Sep 19 21:34:24.824 [notice] Scheduler type KIST has been enabled. >> Sep 19 21:34:24.824 [notice] Opening Socks listener on 127.0.0.1:9050 >> Sep 19 21:34:24.824 [notice] Opening Control listener on 127.0.0.1:9051 >> Sep 19 21:34:24.824 [notice] Opening OR listener on 0.0.0.0:9001 >> Sep 19 21:34:24.824 [notice] Opening Directory listener on 0.0.0.0:9050 >> Sep 19 21:34:24.824 [warn] Could not bind to 0.0.0.0:9050: Address >> already in use. Is Tor already running? >> Sep 19 21:34:24.824 [notice] Closing partially-constructed Socks listener >> on 127.0.0.1:9050 >> Sep 19 21:34:24.824 [notice] Closing partially-constructed Control >> listener on 127.0.0.1:9051 >> Sep 19 21:34:24.824 [notice] Closing partially-constructed OR listener on >> 0.0.0.0:9001 >> Sep 19 21:34:24.824 [warn] Failed to parse/validate config: Failed to >> bind one of the listener ports. >> Sep 19 21:34:24.824 [err] Reading config failed--see warnings above. >> >> I 'think' my original torrc file may have somehow survived the Ubuntu >> upgrade, but I don't know how as I did a wipe and re-install of Ubuntu. >> But when I edited it, there were my contact details sitting there. >> >> Very appreciative of any help! >> >> Thanks >> Ben. >> > _______________________________________________ >> tor-relays mailing list >> tor-relays(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >

2 2

Relay out of consensus after node migration
by T0r-n0d3 21 Sep '18

21 Sep '18

Hi, I recently migrated my tor node to new hardware: t0rnod3 5582BBEC12380E34D7DFB8C237939A0B317B205E Copying the /var/lib/tor/keys/ folder on the process. Now my node do not handles circuits, nor it's shown in atlas and I see the following on the logs: [notice] Heartbeat: It seems like we are not in the cached consensus. Kind regards Sent with [ProtonMail](https://protonmail.com) Secure Email.

3 4

Mexico City operator meetup (October 2nd)
by Colin Childs 21 Sep '18

21 Sep '18

Hello tor-relays, At 6:30PM on October 2nd, the Tor Project will be hosting a relay operator meetup in Mexico City, at the Sheraton Maria Isabel[1][2]. Come along and meet other relay operators and hear the latest news from Tor — we’ll also have T-shirts and stickers to kit out your devices. If you don’t run a relay but would like to know more, there will be lots of people at the meetup happy to help you. I also encourage you to read the complete blog post on the Tor Meeting Open Days linked below[1]. There are multiple other events happening around the meeting that relay operators may be interested in. We would love to see you there, thank you all for being part of the relay operator community! [1]: https://blog.torproject.org/hack-us-mexico-city-hackea-con-tor-en-mexico [2]: Paseo de la Reforma 325, Cuauhtémoc, 06500 Ciudad de México, CDMX, Mexico

1 0