tor-relays

tor-relays@lists.torproject.org

36 participants
4815 discussions

tonull list
by TorGate 16 Feb '18

16 Feb '18

Hi to all, what is the best way to intergrade the tonull list in the torrc ? ExitPolicy https://tornull.org/tornull-bl.txt <https://tornull.org/tornull-bl.txt> is that working ? or via a include ? regards Steffen TorGate torgate(at)linux-hus.dk

2 2

DoS mitigation
by Fabian A. Santiago 16 Feb '18

16 Feb '18

Hello, I've been browsing the list archives looking for mentions of DOS mitigation. last night my exit relay went offline and when i logged into it, CPU was sitting at 100% and atlas reported mine as down and another service i have checking up time also did as well. so i rebooted my server and it was fine. i found this thread: 1) Drops off consensus for 1-2hours and returns w/o hsdir: DOS_CC_CIRCUIT_BURST_DEFAULT 90 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 100 FW: 20 connects per /32 ip, rate limited to 3 per sec. 2) Good (stable): DOS_CC_CIRCUIT_BURST_DEFAULT 50 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 50 FW: 20 connects per /32 ip, rate limited to 3 per sec. 3) Good (stable): DOS_CC_CIRCUIT_BURST_DEFAULT 20 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 20 FW: 20 connects per /32 ip, rate limited to 3 per sec. 4) Too conservative: DOS_CC_CIRCUIT_BURST_DEFAULT 10 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 10 FW: 20 connects per /32 ip, rate limited to 3 per sec. 5) Good (newly): DOS_CC_CIRCUIT_BURST_DEFAULT 50 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 50 FW: 100 connects per /32 ip, rate limited to 15 per sec. are these good mitigations? what else can or should be done? limiting memory use helpful? I'm running on ubuntu 16.04 and am using ufw for my firewall currently. are there any other suggestions given my platform? thanks for your help. -- Thanks, Fabian S. OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC

2 1

torservers internet connection
by TorGate 15 Feb '18

15 Feb '18

Hi again to all, i planing more torserver but what is the best solution for a god connection. there are 2 tor servers with a Bandwidth limit: 14.6 MB/s, burst: 29.3 MB/s is this enogth ? The internet connection has 60MB. Is this a god ide to setup more servers on this 60MB connection ? regards Steffen TorGate torgate(at)linux-hus.dk

3 11

freebsd port 80 and 443
by TorGate 15 Feb '18

15 Feb '18

Hi to all, question: i have testet a config with ORPort 443 and dirport 80, hm but there are a permission issue with freebsd. On my testsystem is no http installed, Can i only install tor on freebsd with orport 9001 and dirport 9030 ? regards Steffen TorGate torgate(at)linux-hus.dk

7 12

torservers.net MyFamily Configuration
by nusenu 14 Feb '18

14 Feb '18

Hi Moritz, please have a look at your MyFamily configuration. https://nusenu.github.io/OrNetStats/endtoend-correlation-groups thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_

2 1

ninja.turtle5 Tor Relays MyFamily Configuration
by nusenu 14 Feb '18

14 Feb '18

thanks for running Tor relays! Please do not forget to set your "MyFamily" configuration parameter on all your relays, so Tor clients are not at risk of using your relays in multiple positions in a single circuit. https://nusenu.github.io/OrNetStats/endtoend-correlation-groups Some more background: https://hackernoon.com/some-tor-relays-you-might-want-to-avoid-5901597ad821 Let us know if you need any help with this. regards, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_

1 0

hviv Tor Relays MyFamily Configuration
by nusenu 14 Feb '18

14 Feb '18

1 0

Checking dos mitigation
by Felix 14 Feb '18

14 Feb '18

Hi everybody I tried several setups for dos mitigation since the dos code is available and came to the following results, where I think 5) is promising and 2) or 3) are fine. 1) Drops off consensus for 1-2hours and returns w/o hsdir: DOS_CC_CIRCUIT_BURST_DEFAULT 90 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 100 FW: 20 connects per /32 ip, rate limited to 3 per sec. 2) Good (stable): DOS_CC_CIRCUIT_BURST_DEFAULT 50 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 50 FW: 20 connects per /32 ip, rate limited to 3 per sec. 3) Good (stable): DOS_CC_CIRCUIT_BURST_DEFAULT 20 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 20 FW: 20 connects per /32 ip, rate limited to 3 per sec. 4) Too conservative: DOS_CC_CIRCUIT_BURST_DEFAULT 10 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 10 FW: 20 connects per /32 ip, rate limited to 3 per sec. 5) Good (newly): DOS_CC_CIRCUIT_BURST_DEFAULT 50 DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 50 FW: 100 connects per /32 ip, rate limited to 15 per sec. Some hack to grab dos ips, their counts and defenses shows the well known ones like a hand full new ones. But no surprises. -- Cheers, Felix

2 2

bridge questions
by Arisbe 14 Feb '18

14 Feb '18

Hello Tor users, I have several quick question: Can bridges use an IPv6 ORPort? Is there any advantage to adding this to my bridges? Has anyone actually seen IPv6 connections on a bridge? Thanks for the feedback...

3 2

[err] tor_assertion_failed_(): Bug: src/or/connection.c:5113
by Toralf Förster 13 Feb '18

13 Feb '18

Got this today: Feb 13 22:02:49.000 [err] tor_assertion_failed_(): Bug: src/or/connection.c:5113: assert_connection_ok: Assertion (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_RESOLVING) || connection_is_writing(conn) || conn->write_blocked_on_bw || (CONN_IS_EDGE(conn) && TO_EDGE_CONN(conn)->edge_blocked_on_circ) failed; aborting. (on Tor 0.3.3.2-alpha efc105716283bbdf) Before I changed the config from ExitRelay 1 IPv6Exit 1 to #ExitRelay 1 #IPv6Exit 1 and a little bit later to ExitRelay 0 IPv6Exit 0 -- Toralf PGP C4EACDDE 0076E94E

2 2

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays