- tor-relays - lists.torproject.org

Tor 0.3.2.9 Linux - first period fine, since today lots of: Your computer is too slow to handle this many circuit creation requests!
by Stijn Jonker 18 Jan '18

18 Jan '18

Hi All, Is this a "known" issue, my non-exit relay has been running for over a year, and although with the recent issues (attack / network issue or the likes) with some ipfilter kunfu it managed to get through the storm pretty well. Now all of a sudden since early today my logs are flooded with: Jan 18 11:34:44 tornode Tor[65839]: Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [204844 similar message(s) suppressed in last 60 seconds] First message is at Jan 18 07:17:13, last just Jan 18 11:37:44, when adding the # of circuits up, total in ~4 hours: 18033820 being 18 Million, which feels a bit much, but don't have any figures to compare. On the current hardware this never seemed to be an issue, not even by far it was normally (according to ESXi) at ~400-500mhz, now it's using 2 vCPU's at ~4000Mhz. Now of course I can lower the bandwidth, but if these are low bandwidth circuits then lowering the bandwidth from 10Mbyte/sec (peak 12,5Mbyte/sec) to a lower value might actually not resolve it. Anybody seeing this as well and/or ideas / advice etc? Stijn

4 3

The Onion Box v4.1
by Ralph Wetzel 18 Jan '18

18 Jan '18

5 8

tor 0.3.2.9 reached deb.torproject.org and FreeBSD repos
by nusenu 17 Jan '18

17 Jan '18

Since this has been a common question in the last few days.. -- https://mastodon.social/@nusenu twitter: @nusenu_

2 1

Re: [tor-relays] Assigning BadExit to Exits failing to resolve hostnames starting on 2018-01-15
by nusenu 17 Jan '18

17 Jan '18

> Hello, > > Arthur and I have been emailing affected exit operators for a while > now and many operators fixed their exits but some minor number or exits > remain broken (even some that are running good tor versions). > > I believe it is reasonable to assign the BadExit flag to exits failing 100% > of DNS resolution attempts and have a CW > 200 (or any other value you like, > I just would not bother about exits with a CW of 20) starting with 2018-01-15, > if we did send them an email about the problem (if they have a contactInfo set). > > https://arthuredelstein.net/exits/ These are 4 exits failing 100% of DNS resolution attempts based on Arthur's scan data from 2018-01-16 05:10:00 UTC +------------------------------------------+-------------+-------+----------------------------------------------------+ | fingerprint | tor_version | CW | contact | +------------------------------------------+-------------+-------+----------------------------------------------------+ | 6F6586F1631CAC1115B9561656E7664D386B7F4B | 0.3.1.9 | 404 | Ins0mnia Shells <orwell1984.info AT gmail dot com> | | 34D3AF8DC4CF68BDEA354D21C24EFB2EAFD7191F | 0.3.1.7 | 2040 | tor(a)krosnov.org | | 92E3764D5485DC4AC01178271FB5A8A2D90DA9FF | 0.3.1.9 | 16700 | Random Person <tor-admin(a)portaltodark.world> | | 60A7451D512B647C0D05A2063CA7F329311347B5 | 0.2.5.16 | 21200 | NULL | +------------------------------------------+-------------+-------+----------------------------------------------------+ -- https://mastodon.social/@nusenu twitter: @nusenu_

1 0

Has the storm passed?
by Ana Lucia Cortez 16 Jan '18

16 Jan '18

About 36 hours ago I tentatively disabled all my firewall rules who where limiting connections to my relay. Everything looks pretty normal, I see no spikes, no errors, no failures. > Jan 15 10:18:36 Tor-relay: > Heartbeat: > Tor's uptime is 4 days 18:00 hours, > with 36,596 circuits open. > I've sent 4,962.80 GB > and received 4,935.38 GB. > Circuit handshake stats since last time: > 244,441 / 244,441 TAP, > 10,558,601 / 10,558,601 NTor. > Since startup, > we have initiated > 0 v1 connections, > 0 v2 connections, > 2 v3 connections, and > 71,189 v4 connections; > and received > 1 v1 connections, > 31,976 v2 connections, > 53,960 v3 connections, and > 755,679 v4 connections. While I still see a lot of Hetzners & Co. in my top 30 connections, they seem to behave better. > Conn Subnet AS Org > 18 46.188.***.0/17 AS8334 2COM Co ltd. > 17 192.243.***.0/20 AS39572 Internet Service Solution Corp. (ISSC-11) > 14 24.60.***.0/14 AS7922 Comcast Cable Communications, LLC (CCCS) > 13 192.99.***.0/16 AS16276 OVH Hosting, Inc. (HO-2) > 12 212.109.***.0/23 AS29182 CJSC Server WebDC colocation > 11 213.239.***.0/18 AS24940 Hetzner Online AG > 10 95.65.***.0/17 AS31252 SC STARNET SRL > 10 213.239.***.0/18 AS24940 Hetzner Online AG > 9 139.59.***.0/16 DigitalOcean, LLC (AP) > 9 163.172.***.0/16 AS12876 Online SAS -- Relay:32E7AAF1F602814D699BEF6761AD03E387758D49

3 2

could Tor devs provide an update on DOS attacks?
by starlight.2017q4＠binnacle.cx 16 Jan '18

16 Jan '18

I realize we're in the middle of the Christmas / New Year dead week, but it would be great one of the developers could says something (anything) about the ongoing denial-of-service attacks. My node crashed a second time a fews days back, and while the second iteration of hardening appears have held, I see many others crack under the stress. If one opens a control channel and issues setevents extended orconn volumes of 650 ORCONN ... LAUNCHED ID=nnnn 650 ORCONN ... FAILED REASON=CONNECTREFUSED NCIRCS=x ID=nnnn messages appear. First I though these were operators with some new mitigation, but finally realized the relays are crashed and have not yet dropped off the consensus.

3 6

When is 0.3.2.9 available to download?
by Gary Smith 15 Jan '18

15 Jan '18

Hi, Firstly, on 9th of this month, tor 0.3.2.9 was released, I was wondering when it is available the official repos via apt-get? I'd rather not compile from source because its on a its on a pi and will takes ages and I will be effectively loosing auto-updates for tor. I have been testing the 0.3.2.8-alpha in a VM for a while and I am looking forward to using the new stable release. Confusingly, https://www.torproject.org/download/download.html reports that the latest stable version number (0.3.2.9) is greater than the alpha (0.3.2.8-rc) am I missing something? Secondly, I think the "Raspbian is not Debian" warning should be removed from https://www.torproject.org/docs/debian.html.en which while technically true gives users a false impression as tor will indeed work fine on a Raspberry Pi 2 / 3 (armhf not armel like Pi 1). Thanks.

2 2

Combined relay and hidden service, good idea or not?
by tortilla＠mantablue.com 15 Jan '18

15 Jan '18

When operating a hidden service and a relay in one tor instance, tor currently warns: [warn] Tor is currently configured as a relay and a hidden service. That's not very secure: you should probably run your hidden service in a separate Tor process, at least -- see https://trac.torproject.org/8742 First, that issue has been fixed and closed. Second, I had read in the past opinions stating: When operating a hidden service, running a relay helps mix traffic so that anyone observing traffic from the machine cannot easily run an analysis targeted at a hidden service that might exist on that machine. The text of the startup warning seems to contradict that belief. Is there more to know, or is the warning only applicable to the now-closed information leak? Can someone kindly clarify the current best practice in this regard and address whether or not that warning should be removed from tor's startup diagnostics?

10 18

Fwd: [tor-announce] Tor 0.3.2.9 is released (new stable series)
by r1610091651 15 Jan '18

15 Jan '18

Hi I was wondering if anyone knows when this release would become available as a Ubuntu package? I'm using the repository below but it's not there yet. deb-src http://deb.torproject.org/torproject.org xenial main (I did try to ask Nick) Thx On Tue, 9 Jan 2018 at 16:31 Nick Mathewson <nickm(a)torproject.org> wrote: > On Tue, Jan 9, 2018 at 9:49 AM, Nick Mathewson <nickm(a)torproject.org> > wrote: > > (If you are about to reply saying "please take me off this list", > > instead please follow these instructions: > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ > > . If you have trouble, it is probably because you subscribed using a > > different address than the one you are trying to unsubscribe with. > > You will have to enter the actual email address you used to > > subscribe.) > > > > After months of work, Tor 0.3.1.7 is now available! This is the first > > stable release in the 0.3.2.x series, and we hope you find it useful. > > By which I mean, of course, that 0.3.2.9 is now available. > > Thanks to the 12 people who have already told me about this in the > last 30 minutes, and my apologies for the extra email. > _______________________________________________ > tor-announce mailing list > tor-announce(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce >

2 2

Re: [tor-relays] Marker branch for current tor release(s)
by Chad MILLER 15 Jan '18

15 Jan '18

I second this. There's a recommended-versions list in the consensus, but you have to already have Tor available and running to get it. Maybe also publish in a DNS TXT record or something? On Jan 5, 2018 00:48, "Andreas Krey" <a.krey(a)gmx.de> wrote: Hi everybody, https://www.torproject.org/download/download.html.en in the source code 'tab' states the current stable and alpha version of tor. Would it be possible to publish the current states as branches 'stable' and 'alpha' (or 'testing', or 'unstable') in the git repo? That would help us tor-from-source builders to just fetch the repo, and if the respective branch changes, to rebuild and redeploy. Looking for a new release tag or screen-scraping said web page is a bit hairy, and feels unnecessary. - Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds(a)*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800 _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

4 5