- tor-relays - lists.torproject.org

Tor Meetup Hamburg, August 31st
by Alexander Dietrich 01 Sep '18

01 Sep '18

Hi everyone, we would like to invite people interested in the Tor project and relay operators in the Hamburg area to meet at the CCC Hamburg. There will be an introduction to Tor, a Q&A session and a brief announcement about a future Hamburg-based Tor association. We would love for relay operators to meet and discuss ways of strengthening the network. When: Friday, August 31st, 6:00 PM Where: CCC Hamburg, Zeiseweg 9 ( https://hamburg.ccc.de/#wegbeschreibung ) WWW: https://hamburg.ccc.de/2018/08/20/tor-meet-up-beim-ccchh-index/ Be seeing you, Alexander -- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB

3 3

Abuse Complaints
by Paul Templeton 31 Aug '18

31 Aug '18

Question: are exit operators seeing many abuse complaints now days? I have only had one in the last two months from 5 exits. I used to see a lot now nothing really. I just find it weird. Paul 137CF322859E400455E457DB920F65FFDD222CDF

9 14

log "Is your outbound address the same as your relay address?"
by Tim Kuijsten 30 Aug '18

30 Aug '18

Hi, I just setup a new relay[0]. One of the messages I got is the following: "Your relay has a very large number of connections to other relays. Is your outbound address the same as your relay address? Found 12 connections to 8 relays. Found 12 current canonical connections, in 0 of which we were a non-canonical peer. 4 relays had more than 1 connection, 0 had more than 2, and 0 had more than 4 connections." When I had setup another relay last week[1] I got the same message, and it didn't reappear so I assume this is about starting up a new relay and is nothing to worry about. I just thought I'd let you know. The hostnames of both machines matches the public dns and reverse dns names. Furthermore each machine has only one public ipv4 address, which is also set in it's local /etc/hosts file. At one machine I had set "Address" in the torrc as well, but this didn't avoid getting this message once. Kind regards, Tim [0] tosk B183A69592D2E8C8C487C054D0849E3C9561DC11 [1] kali 2C76951164C5184A3B8B7CC1914B34E4622B225F

2 1

Test bed in MyFamily?
by Totor be 30 Aug '18

30 Aug '18

Hi list, Just a quick question about families: I'm in the process of setting up a 4th relay as test bed VM in order to validate the Linux and Tor updates before updating my 3 live relays (none of these are exits) This 4th relay will be fully operational, but will only be started from time to time, when updates are available After the updates are installed, I plan to leave it running for half a day or so until it appears in Tor Metrics Question: should I include this test bed relay in MyFamily or leave it completely stand alone? What would you recommend? Thanks! Patrick

4 4

Limiting open port RST response from N to M packets/sec (FreeBSD)
by nusenu 30 Aug '18

30 Aug '18

Hi, I'm curious as to how frequent FreeBSD relay operators that do not make use of any packet filter get something like the following line in their logs: kernel: Limiting **open** port RST response from ... to 200 packets/sec -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

2 1

Cloudflare Onions Beta and Network Stability
by Nathaniel Suchy 30 Aug '18

30 Aug '18

As some of you may have heard, Cloudflare is beta testing opportunistic onions. This of course is going to create more Tor traffic. Cloudflare has several concerns about running their own relays and says they won’t at this time. That said if every Cloudflare website becomes an Onion Service overnight how would that affect network stability and what can we as relay operators do to prepare for it?

11 17

The truth about Greypony
by Tor Professional 29 Aug '18

29 Aug '18

The truth must come out eventually about the menace known as Greypony. Now that people are beginning to realize what a menace to our network Greypony really is maybe this information will finally get us to banish him once and for all. Greypony has no real customers. You will not find a legitimate customer because they do not exist. They are all one Conrad Rockenhaus. Just so you know. Do you know any of the people that are bragging about using Greypony? Are they true professionals that use Tor? I do not think so. Find one person that you can legitimately trust that has used Greypony or that has dealt with Rockenhaus legitimately and you will not find one because such a person does not exist. Greypony lies about their bandwidth numbers. Those numbers are impossible. How are they eclipsing some of the fastest tor exits on the Internet? How are they operating the fastest exits in Canada? By lying about their numbers and cheating. What are Rockenhaus' motives for doing this? He says he wants to help Tor but we all know that he is full of it. Why would someone like him want to help us? We do not need someone like him. We can do better. We are better. Let us apply a little chemotherapy to the cancer and kill off Greypony.

3 4

Re: [tor-relays] Individual Operator Exit Probability Threshold
by Paul Templeton 28 Aug '18

28 Aug '18

> About finding sponsors for high speed exits, it could be nice > to gather ideas. Can I ask what is a high speed/capacity exit? For me it would be >10MiB/s am I correct? Paul

4 6

[release] ExoneraTor 3.0.1
by Karsten Loesing 28 Aug '18

28 Aug '18

Hi relay operators, today we released ExoneraTor 3.0.1 which fixes links to IP addresses in the same /24 or /48 IP network (#27266). This is also the first release after making several code improvements, which ideally should not affect operation. But just in case something breaks that was previously working, this could be the reason. Please direct any comments or questions to the (public) metrics-team mailing list: https://lists.torproject.org/cgi-bin/mailman/listinfo/metrics-team All the best, Karsten

1 0

Protecting Tor Circuit path selection from correlation attacks by an autonomous system
by Nathaniel Suchy 28 Aug '18

28 Aug '18

This thread continues the broader discussion of Tor Circuit path selection discussed at https://lists.torproject.org/pipermail/tor-relays/2018-August/015994.html regarding possible correlation attacks by an autonomous system. *Current measures include:* * Preventing two relays from the same /16 in IPv4 and /32 in IPv6 networks, from being in the same Tor circuit. CIDR is helpful, but is it enough? * The MyFamily directive, this does rely on relay operators being honest and we shouldn't rely on this as the sole indicator. * Others things that I am not aware of? *Some measures worth considering include:* * Preventing two relays in the same ASN from being in a circuit. * Maybe prevent two relays in the same ASN from being Guard and Exit, excluding the middle relay from this calculation. * Bridges could be a challenge when implementing this, although it's not impossible. * Looking at relays with same/similar names, heuristics maybe? It's really guesswork but hey it might work. * Looking at relays with same/similar contact info * Looking at relays in the same geographic regions and avoiding them * Relays with the same non-standard ports - excluding 9001, 9030, 80, 443 (anything else that's super common?) * On device models looking at the above data to make decisions of which relays are most likely run by the same entity, use machine learning to make an informed decision based on all factors maybe? *Papers worth reviewing:* * AS-awareness in Tor Path Selection https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf * Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries https://www.ohmygodel.com/publications/usersrouted-ccs13.pdf * Moving Tor Circuits Towards Multiple-Path: Anonymity and Performance Considerations https://pdfs.semanticscholar.org/aa94/7dd4762bd0f6531bacfeac9d29ef1e1d4cd6.… * Avoiding The Man on the Wire: Improving Tor’s Security with Trust-Aware Path Selection https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/p… *Outside the scope:* * In AS-es where Virtual Machines are sold, and Physical Machines are not. It's quite possible that the provider may steal relay keys. Little research exists where you could successfully protect against such an adversary who isn't playing nice. Legislation (For example, GDPR) in the EU exists where such activity may violate local laws. This may or may not be enough. Certainly not against a government actor, but against an AS doing it per their only devices maybe. * An AS hosting a Tor relay who logs or watches network traffic will always be able to learn something about the circuit, but perhaps we can prevent them from learning everything about the circuit most of the time. Everyone on the list has a had very insightful and helpful thoughts on this discussion so far and I'm looking forward to getting more discussion of the broader issue. Cordially, Nathaniel Suchy

2 1