- tor-relays - lists.torproject.org

Re: [tor-relays] Tools for managing multiple relays
by starlight.2015q3＠binnacle.cx 15 Oct '15

15 Oct '15

>* given costant resource (i.e. euro/month) I can >afford to run relays is it in general better to >run one bigger relay or, say, two smaller ones. Based on a past thread, guessing you run __fs_ BV2 IT 344 71 6.10 L 5.249.159.209 9001 None ... .aruba.it __fs_ BV3 IT 344 73 6.10 L 5.249.159.198 9001 None ... .aruba.it __fs_ BV4 IT 312 73 6.10 L 5.249.149.153 9001 None ... .aruba.it __fs_ BV5 IT 224 71 6.10 L 89.46.70.98 9001 None ... .aruba.it which are too slow to be assigned the guard flag. If that's the case, probably the cost the VPSs could cover a small dedicated/bare-metal server which would be assigned a more than 10x higher weight than any one of the above and service many more users. Much more effective and efficient.

2 1

IP and SWIP for a Tor exit node
by Cristian Consonni 14 Oct '15

14 Oct '15

Hi, tl;dr: it is not clear to me what I should ask to my provider about SWIP, if this is something I can set up on my own and/or how I should ask for this to my provider. I have been running a couple of relays for some months (since the last EFF Tor challenge) and now I would like to operate an exit node. I also want to be careful and set up things properly for Minimal Harrasment (h/t to Mike Perry)[1]. I am planning to set up everything in Italy - I am Italian and I would like to do everything here - but looking in this list (at least since I am subscribed to it, it seems to me that there is not much information about running exit nodes from Italy. All the more reason to try it and document things properly. I have bought some credit on Aruba, which is a quite well known provider in Italy on the low-end/entry level (they used to make spots on television at prime time) and I also think one of the biggest in terms of sales and infrastructure. They are not listed on the list of good and bad ISPs[2] so, again, let's see and document (in all honesty, there is not much choice on the list as far as Italy is concerned). After all this premise, I have some questions: (1) In the guide it is advised to "Get a separate IP for the node. Do not route your own traffic via this IP". As I understand it, this is just saying that if one has a machine with some other content hosted on it (e.g. a website) it would be better to separate the exit node IP from the IP that serves the other uses of the machine. Is this interpretation correct? I am planning to use a small instance for now (1 GB RAM, single core, 2TB traffic/month) and use it exclusively for running the node. Does this advice still applies. What are additional IPs good for? My ISP sells additional (public) IPs for 3,60 euro/month, would it be worth or necessary purchasing such an additional service? (2) SWIP/RWHOIS + ARIN/RIPE This is quite unclear to me. all I know as of now, about SWIP/RWHOIS/ARIN/RIPE is what can be read from the relevant Wikipedia pages. How can I ask my provider about this? I have seen there is a template here[3], but it seems to me that this is not really applicable. That case is about a fairly large organisation, buying a fairly large service. I would like, if possible, some indications on what to request from your average Joe. I am not exactly comfortable on asking something based on a templatee I am not sure I fully understand about something I know very limitedly. Thanks in advance for your help. Cristian [1] https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment [2] https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs [3] https://www.torservers.net/wiki/hoster/inquiry

2 2

LeaseWeb automated abuse notifications
by Dhalgren Tor 14 Oct '15

14 Oct '15

Any exit operators with relays at LeaseWeb who are not enjoying the new automated abuse-notice system requiring all complaints be acted upon, send a message directly to the above address. Have a solution.

1 0

new relay - not working right
by Bruce Ganton 14 Oct '15

14 Oct '15

Hi all, I have recently installed a new tor relay (non-exit) in a new vsp. For several days now its bandwidth, according to ARM, is in the bits/second and there seems to be some problem reading its own torrc file. Also, while it had four connections for a while, there are none now. Part of ARM quote: [ARM NOTICE] Read last day of bandwidth history from state file (-7502 seconds is missing) [ARM WARN] The torrc differs frm what tor's using. You an issue a sighup to reload the torrc values by pressing x. ..... and for good measure [ARM NOTICE] Tor is preventing system utiliites like netstat and lsof from working. This means arm can't provide you with connection information....... Sometimes I also get that the data directory is not configured but I have left this commented out in the torrc file, being satisfied to use the default. I do get a "normal running" flag on tor stats and a bandwidth of zero. While I am very familiar with Linux in general this install is on debian which is new for me. Any ideas on where I might start to sort this out would be appreciated. Bruce Ganton

2 5

SYN flooding on port 80. - how often does this ppear at exits usually ?
by Toralf Förster 12 Oct '15

12 Oct '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Recently I realized these log messages tor-relay ~ # zgrep SYN /var/log/kern* /var/log/kern.log:Oct 11 13:43:47 tor-relay kernel: [132045.057945] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20150927.gz:Sep 22 08:05:43 tor-relay kernel: [47670.548282] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151005.gz:Sep 28 11:06:32 tor-relay kernel: [576607.272239] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151005.gz:Oct 2 08:04:21 tor-relay kernel: [911078.601891] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151011.gz:Oct 8 11:35:23 tor-relay kernel: [1441827.102566] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. and do just wonder how often this is expected to appear in the mean a tor server and if there's something special to do in this case ? - -- Toralf, pgp key: 872AE508 0076E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlYbvOYACgkQxOrN3gB26U5VOwD/RNq50pluX2afABKTGmNwPQhH qxMGSdL+F1aB1Lf82WEA/j6W9U5QHybtseNlNDKcDmdAG4RlAwDMs6x2Fh4cjErE =dHy8 -----END PGP SIGNATURE-----

2 2

Re: [tor-relays] why are some exit IPs missing from Exit IP DB?
by starlight.2015q3＠binnacle.cx 11 Oct '15

11 Oct '15

At 22:57 10/11/2015 +1100, Tim Wilson-Brown - teor wrote: >>Such "non declared" exit IP addresses (OR IP != exit IP) are found by >>exiting through every single exit relay to detect its exit IP. >> >>Since exits can change their exit IP address at any time the exit list >>can never be 100% accurate by design. >> >><https://collector.torproject.org/formats.html#exit-lists>https://collector.torproject.org/formats.html#exit-lists > >Isn't this a bug in TorCheck? >It assumes that every relay has its ORPort IP as its Exit IP (OutboundBindAddress), and most likely also assumes that each exit only has one IP. I opened one a few days ago: #17297: TorCheck fails on new exit egress IP not in exit DB, confusing to user https://trac.torproject.org/projects/tor/ticket/17297

3 2

why are some exit IPs missing from Exit IP DB?
by starlight.2015q3＠binnacle.cx 11 Oct '15

11 Oct '15

Occasionally I run into a relay such as Bywadu 5A0DE94C95E2276B4BAC974A7D8FC6463C4FE8A4 OR ip 178.33.157.6 exit ip 31.7.58.37 Where the egress/exit IP source address is not found in the Exit DB, shows up negative on ExoneraTor. TorCheck in glaring unhappy RED spits >Something Went Wrong! >Tor is not working in this browser. >For assistance, please contact help(a)rt.torproject.org. Does anyone know why this happens? Many exit nodes have ips that differ from the OR ip and work fine. Don't see any bug reports on it. Does the operator have to submit these manually? I had the impression that TorCheck actually build the DB for ExoneraTor.

4 7

Differene between OR connections and Circuits
by Josef Stautner 11 Oct '15

11 Oct '15

Hi @all, I've the following output of a USR1 signal against the tor daemon in my log: Oct 11 19:16:36.000 [notice] --------------- Dumping memory information: Oct 11 19:16:36.000 [notice] In buffers for *2021 connections*: 6103606 used/6770688 allocated Oct 11 19:16:36.000 [notice] For 2 OR listener connections: 0 used/0 allocated Oct 11 19:16:36.000 [notice] For *1269 OR connections*: 478155 used/573440 allocated Oct 11 19:16:36.000 [notice] For 742 Exit connections: 5625383 used/6189056 allocated Oct 11 19:16:36.000 [notice] For 1 Socks listener connections: 0 used/0 allocated Oct 11 19:16:36.000 [notice] For 1 Directory listener connections: 0 used/0 allocated Oct 11 19:16:36.000 [notice] For 1 Directory connections: 68 used/8192 allocated Oct 11 19:16:36.000 [notice] For 4 CPU worker connections: 0 used/0 allocated Oct 11 19:16:36.000 [notice] For 1 Control listener connections: 0 used/0 allocated Oct 11 19:16:36.000 [notice] In rephist: 567424 used by 3928 Tors. Oct 11 19:16:36.000 [notice] In 7136 live descriptors: 9860168 bytes. In 14728 old descriptors: 20229585 bytes. Oct 11 19:16:36.000 [notice] 3317 cells allocated on *1203 circuits*. 0 cells leaked. Oct 11 19:16:36.000 [notice] Our DNS cache has 455 entries. Oct 11 19:16:36.000 [notice] Our DNS cache size is approximately 184816 bytes. Oct 11 19:16:36.000 [notice] mallinfo() said: arena=119304192, ordblks=6628, smblks=100, hblks=1, hblkhd=1052672, usmblks=0, fsmblks=6192, uordblks=89103552, fordblks=30200640, keepcost=4846928 For my monitoring of the relay I thought having a look at the built circuits would be the right approach and indicates a "healthy" relay. But then I stumbled over the "Connections" vs. "OR connections" vs "circuits" (I bolded the values). Now I'm a little bit confused. What is the right approach to monitor the health of a (n exit) relay? Thanks in advance, ~Josef

1 0

Just wanted to publish a Tor Bridge,
by Yet Another Tor User 11 Oct '15

11 Oct '15

I have setup a Tor Bridge for everyone and I am unsure how it gets published so I will post the info here so it can get put into the consensus. The bridge is 173.246.106.35:443 I hope this bridge will help more users access the network. -- yetanothertoruser(a)riseup.net Bridges I run; * 173.246.106.35:443

2 1

Re: [tor-relays] Exit Node with Onion Pi
by starlight.2015q3＠binnacle.cx 09 Oct '15

09 Oct '15

At 12:21 10/9/2015 -0700, Green Dream wrote: ><http://www.newegg.com/Product/Product.aspx?Item=N82E16856501007>http://www.newegg.com/Product/Product.aspx?Item=N82E16856501007 . . . >If you want a box with AES-NI and a gigabit ethernet interface, cost starts jumping up to several hundred US dollars or more, so I find the lack of AES-NI to be an acceptable compromise for the value.Â The latest Atom SOCs have AES-NI. Might be possible to get the best of both. Everything released March 2014 and later: https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors

1 0