- tor-relays - lists.torproject.org

Contact info on exit notice page?
by Isaac Grover, Aileron I.T. 10 Sep '18

10 Sep '18

Good morning fellow exit node operators, I am considering adding a dedicated email address (not this one) to be used for my exit nodes on the exit notice pages, where currently none exist. After reading this list for over two years and the stories of DMCA notices, court orders, etc., would an email address on the page provide some benefit to those parties who need to send complaints and piracy violations, or would it only attract more spam? Make your day great, Isaac Grover, Senior I.T. Consultant Aileron I.T. - "Practical & Proactive I.T. Solutions" Office: 715-377-0440, Fax:715-690-1029, Web: www.aileronit.com

2 1

Difference Between "Number of Routers" And "Number Of Descriptors"
by Keifer Bly 10 Sep '18

10 Sep '18

Hi, So upon checking my relay status at torstatus.blutimage.de, I saw Number of Routers In Cache: Number of Descriptors In Cache: I wanted to double check, what is the difference between “Number of Routers” and “Number of Descriptors”? I know Number of Routers means number of relays currently running. Thank you.

2 1

Reminder: Meeting in #tor-relays
by Colin Childs 10 Sep '18

10 Sep '18

Hi everyone, As promised, this is a reminder email that we will be holding our first IRC relay operator meeting this week! When: September 11th @ 1:00AM UTC Where: irc.oftc.net <http://irc.oftc.net/> @ #tor-relays You can confirm your local date / time by visiting the following page, and selecting your timezone from the dropdown menu: https://www.worldtimeserver.com/convert_time_in_UTC.aspx?y=2018&mo=9&d=11&h… <https://www.worldtimeserver.com/convert_time_in_UTC.aspx?y=2018&mo=9&d=11&h…> See everyone there!

1 0

Suspension of service (ISP Scaleway / tor exit)
by Olaf Grimm 08 Sep '18

08 Sep '18

Dear readers, some days ago I change my relay to an exit relay with a very strict policy. Today came the suspension message into my regular mail account. After login into the Scaleway account I saw that the time between the abuse log message and the deactivation of my exit relay were 6 hours only. At these time I was at work! I was not able to react of the message, neither I knew it. The "abuse message" was a raw firewall log, without spaces hard to read. I'm not a professional, so I could read only "SYNFLOOD src IP xxxx dest IP xxxx". That's all. After I learnt what this is, I responded to the provider that good providers realize own DDOS protection in the network and protect customers too. Why log the provider bad outgoing traffic and ignore bad incoming traffic? They don't know the source of the bad traffic, but have the customer to beat someone! The answer field for the reply were some lines only. Without comment from the ISP the ticket was closed and the VPS locked yet. I try to delete the old instance and build a new one. If the same occur I leave Scaleway (and give info about that again). Now I recommend to set the ISP Scaleway (in France) of the list of bad providers. Scaleway message: Hello, We have tried to contact you about an abuse report concerning one of your server. Unfortunately at this time you did not reply to this report. As stated in our terms of service, we have suspended your account. Sincerly, Scaleway End message To avoid a big shitstorm: I know what I do and it is not my first and only exit. Scaleway was the first trouble and in such a way, that I must leave a comment. To the tor website editors: It is possible to include a basic abuse protection chapter in the tor documentation (config guide)? I've found some iptable rules, but I use the user-friedly "ufw", the overlay to iptables. It would be fine if some good guys could help with an easy configuration guide in the config chapter for tor relays. Have a good time. I feel me better. Olaf

5 6

Lets increase Routing Security for Tor related BGP Prefixes
by nusenu 06 Sep '18

06 Sep '18

Hi, I measured the adoption of RPKI ROAs that help with routing security and some other properties for the >3k BGP prefixes that make up the Tor network. https://medium.com/@nusenu/how-vulnerable-is-the-tor-network-to-bgp-hijacki… You might want to jup directly to section "Recommendations for Tor Relay Operators". (I could paste it here but then all the URLs would be lost) Since OVH SAS and DO do not deploy ROAs at all yet: If you are an OVH SAS or Digital Ocean customer (directly or indirectly just on the same AS) it would be great if you could ask your customer support when they are planing to deploy RPKI ROAs (like other big hosters already did). thanks, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

3 8

4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada
by zimmer linux 06 Sep '18

06 Sep '18

Hi, Just to let you know that following on with the one month trial with tor exit relays that Conrad kindly offered, at least four of his exit relays are now in the top 10 listing for Canada, out of 68 Canadian exit relays. https://metrics.torproject.org/rs.html#search/country:ca%20flag:exit Well done to Conrad - I say. The more, the merrier. If you want any help with setting up your own FreeBSD tor exit relay, feel free to contact me off list. Zim

13 31

Possible problem with NYX
by arisbe 05 Sep '18

05 Sep '18

Hello ops, Today I noticed something on NYX that I find disturbing. Page 2 (list of inbound/outbound connections) showed me the IP address of an inbound connection on one of my bridges! Not the authority. This is crazy as these are indicated as <scrubbed>:port for the users protection! I have never seen this before and haven't seen it since. Of course, on low usage bridges, the connection IP address can possibly be disseminated from netstat but that's not the point. It's my sense that this should never happen. I get chills imagining this happening on a guard relay operated by an antagonist ! ! I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, Tor 0.3.3.9. Arisbe -- One person's moral compass is another person's face in the dirt.

4 5

new exit relay 4AEBDC4710D2C34FE02AB2A660B62B2A9EE97C5C
by deep.thought＠riseup.net 05 Sep '18

05 Sep '18

Dear fellow relay operators, we are a loose collective of students inside AS553 (Universität Stuttgart) running one node there. At the moment, we are not allowed to run any nodes since two abuse complaints attracted too much attention to the NOC. The complaints were probably triggered by the well-known DDOS problems a few months ago. After all, the cloud operator was not amused at all but we are in the process of getting back our right to run middle relays in AS553 to support AS diversity. However, we are happy to announce a new exit node: 4AEBDC4710D2C34FE02AB2A660B62B2A9EE97C5C (howdoyouturnthison) in AS24940 (Hetzner) running on FreeBSD with a local DNS cache. We are aware of the fact that this is not supporting AS diversity but still better than no relay :) So far and thanks for all the fish, Random Person

4 4

FW: Re: [AusNOG] Dutton decryption bill
by I 05 Sep '18

05 Sep '18

1 0

Re: [tor-relays] Congrats to Nullvoid
by Paul 05 Sep '18

05 Sep '18

For me running several FreeBSD relays this is a great hint! Maybe it will find its way to https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/FreeBSD > Not a problem with FreeBSD. > > Switch over to https and latest... > > /etc/pkg/FreeBSD.conf: > > url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest", > > and run 'pkg upgrade' . > Could you please explain a bit more on this - what exactly to do ? > If it's a shared box, you probably also want > devcpu-data, and optionally cpupdate.

3 5