- tor-relays - lists.torproject.org

Test bed in MyFamily?
by Totor be 30 Aug '18

30 Aug '18

Hi list, Just a quick question about families: I'm in the process of setting up a 4th relay as test bed VM in order to validate the Linux and Tor updates before updating my 3 live relays (none of these are exits) This 4th relay will be fully operational, but will only be started from time to time, when updates are available After the updates are installed, I plan to leave it running for half a day or so until it appears in Tor Metrics Question: should I include this test bed relay in MyFamily or leave it completely stand alone? What would you recommend? Thanks! Patrick

4 4

Limiting open port RST response from N to M packets/sec (FreeBSD)
by nusenu 30 Aug '18

30 Aug '18

Hi, I'm curious as to how frequent FreeBSD relay operators that do not make use of any packet filter get something like the following line in their logs: kernel: Limiting **open** port RST response from ... to 200 packets/sec -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

2 1

Cloudflare Onions Beta and Network Stability
by Nathaniel Suchy 30 Aug '18

30 Aug '18

As some of you may have heard, Cloudflare is beta testing opportunistic onions. This of course is going to create more Tor traffic. Cloudflare has several concerns about running their own relays and says they won’t at this time. That said if every Cloudflare website becomes an Onion Service overnight how would that affect network stability and what can we as relay operators do to prepare for it?

11 17

The truth about Greypony
by Tor Professional 29 Aug '18

29 Aug '18

The truth must come out eventually about the menace known as Greypony. Now that people are beginning to realize what a menace to our network Greypony really is maybe this information will finally get us to banish him once and for all. Greypony has no real customers. You will not find a legitimate customer because they do not exist. They are all one Conrad Rockenhaus. Just so you know. Do you know any of the people that are bragging about using Greypony? Are they true professionals that use Tor? I do not think so. Find one person that you can legitimately trust that has used Greypony or that has dealt with Rockenhaus legitimately and you will not find one because such a person does not exist. Greypony lies about their bandwidth numbers. Those numbers are impossible. How are they eclipsing some of the fastest tor exits on the Internet? How are they operating the fastest exits in Canada? By lying about their numbers and cheating. What are Rockenhaus' motives for doing this? He says he wants to help Tor but we all know that he is full of it. Why would someone like him want to help us? We do not need someone like him. We can do better. We are better. Let us apply a little chemotherapy to the cancer and kill off Greypony.

3 4

Re: [tor-relays] Individual Operator Exit Probability Threshold
by Paul Templeton 29 Aug '18

29 Aug '18

> About finding sponsors for high speed exits, it could be nice > to gather ideas. Can I ask what is a high speed/capacity exit? For me it would be >10MiB/s am I correct? Paul

4 6

[release] ExoneraTor 3.0.1
by Karsten Loesing 29 Aug '18

29 Aug '18

Hi relay operators, today we released ExoneraTor 3.0.1 which fixes links to IP addresses in the same /24 or /48 IP network (#27266). This is also the first release after making several code improvements, which ideally should not affect operation. But just in case something breaks that was previously working, this could be the reason. Please direct any comments or questions to the (public) metrics-team mailing list: https://lists.torproject.org/cgi-bin/mailman/listinfo/metrics-team All the best, Karsten

1 0

Protecting Tor Circuit path selection from correlation attacks by an autonomous system
by Nathaniel Suchy 28 Aug '18

28 Aug '18

This thread continues the broader discussion of Tor Circuit path selection discussed at https://lists.torproject.org/pipermail/tor-relays/2018-August/015994.html regarding possible correlation attacks by an autonomous system. *Current measures include:* * Preventing two relays from the same /16 in IPv4 and /32 in IPv6 networks, from being in the same Tor circuit. CIDR is helpful, but is it enough? * The MyFamily directive, this does rely on relay operators being honest and we shouldn't rely on this as the sole indicator. * Others things that I am not aware of? *Some measures worth considering include:* * Preventing two relays in the same ASN from being in a circuit. * Maybe prevent two relays in the same ASN from being Guard and Exit, excluding the middle relay from this calculation. * Bridges could be a challenge when implementing this, although it's not impossible. * Looking at relays with same/similar names, heuristics maybe? It's really guesswork but hey it might work. * Looking at relays with same/similar contact info * Looking at relays in the same geographic regions and avoiding them * Relays with the same non-standard ports - excluding 9001, 9030, 80, 443 (anything else that's super common?) * On device models looking at the above data to make decisions of which relays are most likely run by the same entity, use machine learning to make an informed decision based on all factors maybe? *Papers worth reviewing:* * AS-awareness in Tor Path Selection https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf * Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries https://www.ohmygodel.com/publications/usersrouted-ccs13.pdf * Moving Tor Circuits Towards Multiple-Path: Anonymity and Performance Considerations https://pdfs.semanticscholar.org/aa94/7dd4762bd0f6531bacfeac9d29ef1e1d4cd6.… * Avoiding The Man on the Wire: Improving Tor’s Security with Trust-Aware Path Selection https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/p… *Outside the scope:* * In AS-es where Virtual Machines are sold, and Physical Machines are not. It's quite possible that the provider may steal relay keys. Little research exists where you could successfully protect against such an adversary who isn't playing nice. Legislation (For example, GDPR) in the EU exists where such activity may violate local laws. This may or may not be enough. Certainly not against a government actor, but against an AS doing it per their only devices maybe. * An AS hosting a Tor relay who logs or watches network traffic will always be able to learn something about the circuit, but perhaps we can prevent them from learning everything about the circuit most of the time. Everyone on the list has a had very insightful and helpful thoughts on this discussion so far and I'm looking forward to getting more discussion of the broader issue. Cordially, Nathaniel Suchy

2 1

Avoiding Off-Topic Posts
by teor 28 Aug '18

28 Aug '18

Hi, A healthy, robust, and growing tor network needs a lot of different ways to run tor relays. Focusing on one or two models creates single points of failure. So we encourage individual volunteers, organisations, donations, paid services, and researchers: as long as they operate ethically and prioritise user safety. That said, this list is for "support and questions about running Tor relays". In future, please: * keep on topic, we are here to help each other run Tor relays * make sure each post contains new, useful information. You can search the archives before posting: https://lists.torproject.org/pipermail/tor-relays/ * avoid promoting or criticising the same providers more than once a month * deal with commercial / payment issues off-list But you should feel free to ask questions about operating relays at any time. T -- teor Please reply @torproject.org New subkeys 1 July 2018 PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ----------------------------------------------------------------------

1 0

Issues regarding 185.125.33.114 relay
by Nathaniel Suchy 28 Aug '18

28 Aug '18

Can the operator of the relay 185.125.33.114 please reach out to me? There is not any contact information available on Tor Metrics for the relay. Cordially, Nathaniel Suchy

3 2

Congrats to Nullvoid
by Conrad Rockenhaus 27 Aug '18

27 Aug '18

I just wanted to say congratulations to Nullvoid, who is currently running the second fastest exit in France in my colo in Europe. https://metrics.torproject.org/rs.html#details/51420DFB2047A33803A9A6E456D6… Also, go FreeBSD! Thanks, Conrad

4 5