tor-relays

tor-relays@lists.torproject.org

36 participants
4815 discussions

Re: [tor-relays] tor-relays Digest, Vol 80, Issue 26
by flipchan 21 Sep '17

21 Sep '17

https://okservers.net/ doesn't provide vps :/ something like a good ISP that tolerate exit nodes would be good like something in holland maybe? On September 18, 2017 1:50:45 AM GMT+02:00, tor-relays-request(a)lists.torproject.org wrote: >Send tor-relays mailing list submissions to > tor-relays(a)lists.torproject.org > >To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >or, via email, send a message with subject or body 'help' to > tor-relays-request(a)lists.torproject.org > >You can reach the person managing the list at > tor-relays-owner(a)lists.torproject.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of tor-relays digest..." > > >Today's Topics: > > 1. Re: Tolerant hosting for exit node. (King Queen) > 2. Re: Tolerant hosting for exit node. (Alec Larsen) > 3. Re: Tolerant hosting for exit node. (nusenu) > 4. Re: Tolerant hosting for exit node. (nusenu) > 5. Re: Tolerant hosting for exit node. (George) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Sun, 17 Sep 2017 19:59:12 +0100 >From: King Queen <kingqueenits(a)gmail.com> >To: armenian_priest <tor-relays(a)lists.torproject.org> >Subject: Re: [tor-relays] Tolerant hosting for exit node. >Message-ID: <1674967117.20170917195912(a)gmail.com> >Content-Type: text/plain; charset=us-ascii > >https://box.cock.li FTW > >yeah it's servers with cocks, but it is in Romania / IP location the >Seychelles, and I have had no issues with my exit node on them. > > > >Sunday, September 17, 2017, 11:32:33 AM, you wrote: > >> Hello list, > >> I was hoping to get a good suggestion from here for a hosting >provider >> that is tolerant with Tor exit nodes. > >> I went through the mailing list archive a few months back and there >> weren't any good suggestions on hosting providers. > >> Also, I checked the 'GoodBadISPs' page in the Tor wiki but it is >pretty >> outdated and I already got burned with one provider from there: >ITLDC, >> it was added on 2016-04-23 but they bluntly stated that they DO NOT >> tolerate exit nodes after 2 abuse complaints, my exit node was >running >> for 1 month there. > >> One of the abuses was handled but with the second one they basically >> wanted me to block HTTP/S traffic on the VPS. > >> I am not sure who edits and keeps track of the mentioned page but it >> would be a good idea to remove the mentioned provider from there so >> other people wont waste their money. > >> Hope to get some recommendations since I want to support the network >> with an exit node. > >> Thanks in advance! > >> With regards, > >> jack > > >> _______________________________________________ >> tor-relays mailing list >> tor-relays(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > >-- >Best regards, > King mailto:kingqueenits@gmail.com > > > >------------------------------ > >Message: 2 >Date: Sun, 17 Sep 2017 22:41:53 +0000 >From: Alec Larsen <aleclarsen42(a)gmail.com> >To: armenian_priest <tor-relays(a)lists.torproject.org> >Subject: Re: [tor-relays] Tolerant hosting for exit node. >Message-ID: > <CANw7z-gfKu72VkdQFL0FfZqCeMqmkqW1C3AaAjLeDcm1tsxHng(a)mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >https://okservers.net/ is newer, but they are Tor friendly, very price >competitive, and allow payment in Bitcoin. > >On Sun, Sep 17, 2017 at 1:59 PM King Queen <kingqueenits(a)gmail.com> >wrote: > >> https://box.cock.li FTW >> >> yeah it's servers with cocks, but it is in Romania / IP location the >> Seychelles, and I have had no issues with my exit node on them. >> >> >> >> Sunday, September 17, 2017, 11:32:33 AM, you wrote: >> >> > Hello list, >> >> > I was hoping to get a good suggestion from here for a hosting >provider >> > that is tolerant with Tor exit nodes. >> >> > I went through the mailing list archive a few months back and there >> > weren't any good suggestions on hosting providers. >> >> > Also, I checked the 'GoodBadISPs' page in the Tor wiki but it is >pretty >> > outdated and I already got burned with one provider from there: >ITLDC, >> > it was added on 2016-04-23 but they bluntly stated that they DO NOT >> > tolerate exit nodes after 2 abuse complaints, my exit node was >running >> > for 1 month there. >> >> > One of the abuses was handled but with the second one they >basically >> > wanted me to block HTTP/S traffic on the VPS. >> >> > I am not sure who edits and keeps track of the mentioned page but >it >> > would be a good idea to remove the mentioned provider from there so >> > other people wont waste their money. >> >> > Hope to get some recommendations since I want to support the >network >> > with an exit node. >> >> > Thanks in advance! >> >> > With regards, >> >> > jack >> >> >> > _______________________________________________ >> > tor-relays mailing list >> > tor-relays(a)lists.torproject.org >> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> >> >> -- >> Best regards, >> King mailto:kingqueenits@gmail.com >> >> _______________________________________________ >> tor-relays mailing list >> tor-relays(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >

4 5

Some Dir Authorities blocked
by Graeme Neilson 20 Sep '17

20 Sep '17

Hi, I am running a relay but 4 out of 8 directory authorities appear to being blocked by my ISP. There is no route to the blocked authorities and the last responding tcp traceroute hop is an ISP machine. There are routes via IPv6 though. Is there anything I can do to get my relay in the consensus? Thanks, G

10 16

A Common Thread: Guard Status
by Kurt Besig 20 Sep '17

20 Sep '17

Just curious and I know it's probably been answered 100x times... I recently updated Tor to an, 'approved version', after 340+ days of up time. Upon restarting the relay, 25 days ago, Ive not been given the 'guard flag' again. Why? Thanks

4 4

Advisory: Stack disclosure in hidden services logs when SafeLogging disabled
by Nick Mathewson 18 Sep '17

18 Sep '17

[TROVE-2017-008. CVE-2017-0380. Severity: medium] Hello! We have found a possible problem with the code that reports an error during the construction of an introduction point circuit. Because of this bug, it is possible that some hidden services will sometimes write sensitive information into their logs. This bug can only happen when the SafeLogging option is disabled, and SafeLogging is enabled by default. If you have not disabled SafeLogging, then you should be fine. We are tracking this bug as TROVE-2017-008 and as ticket #23490. It is also CVE-2017-0380. MITIGATION: 1. If you are not running a hidden service, then you don't need to do anything. This bug does not affect you. 2. If you are running 0.2.5.x, this bug does not affect you: it first appeared in 0.2.7.2-alpha. Other bugs do affect you, though: 0.2.5.x is pretty old! (If you are running 0.2.4, or 0.2.6, or 0.2.7, you should just upgrade. We aren't supporting those releases.) 3. Make sure that you did not change the value of the SafeLogging option in your configuration -- or if you did, that you set it to "1". SafeLogging needs to be turned to "0" or "relay" for this bug to occur. 4. If you did disable SafeLogging, re-enable it: Set it to 1, and use a HUP signal to tell Tor to reload its configuration. 5. If you did disable SafeLogging, you should delete any old logs that were generated with SafeLogging disabled. (You should be regularly removing old logs anyway, as a best security practice.) ACKNOWLEDGMENTS: We found this when we re-added scan-build's dead assignment checker into the checkers that we run on Tor. Obviously, it's time to make sure that scan-build gets run more frequently. FIX: There are patches for this issue linked from ticket #23490 on our bugtracker. I will be putting out updated releases today. This bug will be fixed in 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7, and 0.3.2.1-alpha.

2 2

Tolerant hosting for exit node.
by armenian_priest 17 Sep '17

17 Sep '17

Hello list, I was hoping to get a good suggestion from here for a hosting provider that is tolerant with Tor exit nodes. I went through the mailing list archive a few months back and there weren't any good suggestions on hosting providers. Also, I checked the 'GoodBadISPs' page in the Tor wiki but it is pretty outdated and I already got burned with one provider from there: ITLDC, it was added on 2016-04-23 but they bluntly stated that they DO NOT tolerate exit nodes after 2 abuse complaints, my exit node was running for 1 month there. One of the abuses was handled but with the second one they basically wanted me to block HTTP/S traffic on the VPS. I am not sure who edits and keeps track of the mentioned page but it would be a good idea to remove the mentioned provider from there so other people wont waste their money. Hope to get some recommendations since I want to support the network with an exit node. Thanks in advance! With regards, jack

5 6

Two-step abuse management?
by Moritz Bartl 14 Sep '17

14 Sep '17

Hi! tl;dr: We're thinking about introducing an auto responder to abuse mail which then requires clicking a link or replying to the mail again before the complaint actually reaches a human. What do you think? Can you help us set this up? So far, we do not have any auto responder for abuse mails. I always thought it was important to be friendly and get back to everyone individually, even if at the core we're reusing mail templates. There is a difference if a human gets back to you within a few hours, or you immediately get clearly a auto-sent something that basically tells you there's not much that can be done. But actually, most of what we're seeing is automated notification mail, and lately we also see more and more spam that survives the spamassassin. An ideal system would track used addresses, and only send an auto-response from our end once per sender every few months. We have very limited resources for abuse management, and it would be great to filter out the noise better than we currently do. Did anyone set up an infrastructure like that before? How would you do it? Also, if you just want to help with our abuse management, let me know! We can always use one or two more hands, it's fun, and it teaches you a lot about Tor exit operation. -- Moritz Bartl https://www.torservers.net/

3 4

Launching a Tor relay with Docker in seconds (x86-64, armhf, arm64)
by Rodrigo Martínez 14 Sep '17

14 Sep '17

Hi all, This is my humble contribution. There are prebuilt images for launching Tor relays for x86-64, armhf and arm64 architectures in seconds. The repo contains scripts for building those images and for launching a relay (bridge, middle or exit). Default configuration is provided for each type. Contributions are welcome. GitHub repo: https://github.com/brunneis/tor-relay-docker Docker Hub repo: https://hub.docker.com/r/brunneis/tor-relay/tags/ Regards, Rodrigo

2 1

Would you also like to have family-level atlas pages?
by nusenu 14 Sep '17

14 Sep '17

Hi, Iain - the atlas maintainer - asked on twitter if relay operators at the relay operators meetup in Montreal have feature requests for atlas [1]. I suggested family-level pages where an operator of more than one relay can see all the relays of his family including aggregated (stacked) graphs for the graphs that are already available on a per-relay level. Before filing this as a trac ticket - as Iain - suggested, I wanted to ask around if others would find that useful as well because it probably makes only sense to implement it if there are more people actually finding it useful. So let us know if you do. thanks, nusenu [1] https://twitter.com/iainlearmonth/status/907003817434271746 -- https://mastodon.social/@nusenu https://twitter.com/nusenu_

8 9

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
by jpmvtd261＠laposte.net 13 Sep '17

13 Sep '17

My idea is designed to protect the exit node against a DNS attack from the owner of the DNS server. Not from the ISP or an attacker monitoring the traffic going in and out of the ISP data center. On 12/09/2017 19:38, Ralph Seichter wrote: > On 12.09.17 21:17, jpmvtd261(a)laposte.net wrote: > >> My idea is to make more DNS queries than necessary, in order to hide >> the useful DNS queries among useless DNS queries. > > I'm not sure what you are trying to accomplish. Usually, a DNS query is > followed by an outbound connection to the returned IP address. Your ISP > can always monitor these connections from your exit node, no matter what > additional "query noise" you might introduce. > > This is not fiction. One of my ISPs sends me automated tickets every > once in a while, about network scans that abuse my exit nodes. Not only > are connections recorded, they are analysed for patterns. > > -Ralph

6 11

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
by jpmvtd261＠laposte.net 12 Sep '17

12 Sep '17

On 12/09/2017 20:25, Ralph Seichter wrote: > I'm not certain what you consider a "DNS attack". > > Many exit node operators run a caching DNS resolver on their exits, > which is easily done. Lacking that, you can use the resolvers run by > your ISP, who can monitor all outbound traffic anyway, as I mentioned. > An attacker can try to find what websites a Tor user has visited, by comparing : - the timing of Tor user home connection traffic and - the timing of DNS queries happening on DNS servers controlled by the attacker On this webpage, the author talks about "correlation" attack : https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays