- tor-relays - lists.torproject.org

Flipping from guard and back again
by 29230912＠tutanota.com 24 Sep '15

24 Sep '15

https://atlas.torproject.org/#details/113FCC01A29B4600A8BAA1CB72E6AB1FD899A… Any pointers about why my relay is flipping between guard and not guard? Thank you

4 3

Legal status of operating Tor exit in UK?
by Jonathan Baker-Bates 23 Sep '15

23 Sep '15

I run an exit node with an ISP who initially indicated they would not have a problem with Tor as long as I was transparent about what I was doing, and ran a sufficiently reduced exit policy. They have now sent me evidence of malicious traffic coming from the exit. I don't think they've had any 3rd party complaints about this traffic, but they have expressed various misgivings about Tor in general. They now also want me to consider running Snort IDS on the outgoing traffic. I don't intend to monitor my traffic. But it occurs to me I don't know whether my ISP needs to be worried about it or not. The last one wasn't, so why them? I've asked the EFF about the legal situation in the UK, who passed me to the Open Rights Group. They've not replied to my enquiry as of three weeks ago. So does anyone know of any reliable source of information on running Tor exits in the UK? What would happen if my ISP pressed me to monitor my traffic, and I refused on legal grounds? I'm not suggesting I actually do that, or that there are even any legal grounds to refuse. In fact right now I'm resigned to closing down the node if my ISP turns up the heat. They probably have me by the balls. But I'm at least curious, and can't immediately find any information about things like public carrier status, or traffic monitoring conducted by people like me when it's done in the context of onion routing. Thanks in advance for any help.

9 10

Re: [tor-relays] Deciding where to put new Tor relays
by Virgil Griffith 22 Sep '15

22 Sep '15

After talking with APNIC/RIPE, it looks like that if we ask nicely we can get high-quality BGP-peering graphs for the entire Internet (not 100% complete, but it's the same data they use internally). Spend some time thinking about exactly what kinds of attacks we wish to harden against. Once we understand the attacks, I'll figure out the appropriate graph-theory for hardening against it. -V On Mon, Sep 21, 2015 at 6:48 PM Moritz Bartl <moritz(a)torservers.net> wrote: > Interesting, thanks for the update. Maybe we can find some time at the > dev meeting to chat. :) > > Moritz > > On 09/10/2015 07:12 AM, Virgil Griffith wrote: > > I'm at an APNIC conference in Jakarta, and they demoed a new tool which > > shows the interconnections (peering + transits) between AS numbers > > within a given country (will eventually work for regions). > > > > URL: http://labs.apnic.net/vizas/ > > Left-panel is IPv4 and right-panel is IPv6. > > > > Here is the fellow who built it: > > https://www.linkedin.com/pub/geoff-huston/42/828/891 > > > > > > For Tor, this tool helps us prioritize the ASs for new relays. To > > maximize censorship resistance, we would want relays on AS numbers in > > the middle (lots of interconnections) that do not currently have Tor > relays. > > > > We can imagine giving out Roster bonus points depending on the > > AS-number. The points would go something like: > > > > AS_i_bonus_points = ASweight(i) / #_Tor_relays_on_AS > > > > ASweight(i) = k * \sum_{j=1}^n num_ips_routed_by_edge_i_j > > where k is an arbitrary constant (k=1 is reasonable). > > > > This could be very useful for deciding where to put new relays. I'll > > see if I can access to the raw data that generates these graphs so we > > have more than just pretty pictures. > > > > Much love, > > -V > > -- > Moritz Bartl > https://www.torservers.net/ >

2 2

Tor is starting without the -f /etc/tor/torrc option
by Tor Stuff 22 Sep '15

22 Sep '15

I am running tor on a new Ubuntu 14.04.3 LTS system. I have restarted tor a couple of times with service tor restart I noticed when I start arm that it is telling me that The torrc differs from what tor's using. You can issue sighup to reload ... It seems that tor is running with default values and is not reading /etc/tor/torrc as there is no ... -f /etc/tor/torrc option being used by the running tor when it is displayed with 'ps'. The 'ps' output for the tor instance is /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --hush I had asumed that because I have set DirPort to 80 and ORPort to 443 in /etc/tor/torrc and can see in the tor log files that those two ports are reachable from outside, that the running tor was reading /etc/tot/torrc. Something is amiss with my tor configuration but I don't know what. Any hints as to where to look would be welcome while I try to RTFM again! Cheers Q

4 3

Non-standard Bridge
by Geoff Down 21 Sep '15

21 Sep '15

Hello all, I'm trying to set up a Bridge/Client Tor instance with the following torrc: ControlPort 9051 ExitPolicy reject *:* HashedControlPassword <pwd> Nickname <nickname> ORListenAddress 0.0.0.0:9001 ORPort 80 BridgeRelay 1 ContactInfo <contactinfo> Should this work as a bridge? Client functionality is fine (port 80 is forwarded to 9001) but there is no reachability test in the log. I have a "bridge's hashed identity key fingerprint" in there; where is it I can check online to be sure the BridgeDB has received it? I wanted to check it worked with fixed ports before I tried 'ORPort auto'. GD -- http://www.fastmail.com - Faster than the air-speed velocity of an unladen european swallow

3 5

Fwd: WG: Tor is starting without the -f /etc/tor/torrc option
by Christian 21 Sep '15

21 Sep '15

-------- Weitergeleitete Nachricht -------- Betreff: WG: [tor-relays] Tor is starting without the -f /etc/tor/torrc option Datum: Mon, 21 Sep 2015 18:38:36 +0200 (MEST) Von: brightsidedarkside(a)t-online.de An: tor-relays(a)lists.torproject.org Sorry, to dumb to handle Android Mail. And prone to mistrust regarding my private address. Gesendet mit meinem HTC ----- Forwarded message ----- Von: An: "Billy Humphreys" <PokeAcer549(a)outlook.com> Betreff: [tor-relays] Tor is starting without the -f /etc/tor/torrc option Datum: Mo., Sep. 21, 2015 18:36 Hi all, I might miss the point, but as I also run Tor on Ubuntu, I can confirm it reads both config files, the default one and my torrc. The default one makes sure e.g. privilege dropping to user debian-tor and a few other things in case you miss to set them properly. My ORPort and other config is done via my torrc. And I would bet a cup of tasty coffee that Tor on Ubuntu looks for /etc/torrc and not for /etc/tor/torrc, but I always lose when I'm willing to bet, so I guess it's just a little stubborn. Greetings to you all. Christian Gesendet mit meinem HTC ----- Reply message ----- Von: "Billy Humphreys" <PokeAcer549(a)outlook.com> An: <tor-relays(a)lists.torproject.org> Betreff: [tor-relays] Tor is starting without the -f /etc/tor/torrc option Datum: Mo., Sep. 21, 2015 18:15 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 It normally uses /usr/bin/<service name> On 21/09/2015 15:50, Sean Greenslade wrote: > On Sun, Sep 20, 2015 at 09:05:21PM +0100, Tor Stuff wrote: >> I am running tor on a new Ubuntu 14.04.3 LTS system. I have >> restarted tor a couple of times with >> >> service tor restart >> >> I noticed when I start arm that it is telling me that >> >> The torrc differs from what tor's using. You can issue sighup to >> reload ... >> >> It seems that tor is running with default values and is not >> reading /etc/tor/torrc as there is no ... -f /etc/tor/torrc >> option being used by the running tor when it is displayed with >> 'ps'. >> >> The 'ps' output for the tor instance is >> >> /usr/bin/tor --defaults-torrc >> /usr/share/tor/tor-service-defaults-torrc --hush >> >> I had asumed that because I have set DirPort to 80 and ORPort to >> 443 in /etc/tor/torrc and can see in the tor log files that those >> two ports are reachable from outside, that the running tor was >> reading /etc/tot/torrc. >> >> Something is amiss with my tor configuration but I don't know >> what. >> >> Any hints as to where to look would be welcome while I try to >> RTFM again! >> >> Cheers >> >> Q > > This isn't really a Tor issue, it's an Ubuntu one. But you need to > figure out how "service" is launching Tor and change it to point to > your /etc torrc. > > --Sean _______________________________________________ tor-relays > mailing list tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > - -- _______________________________________________ My GPG keyID is 0x6DEF6C26 - the key is avaliable on most keyservers. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWAC06AAoJEHukJMVt72wm7g8P/2QB01RxefD5hGFFwlt2k651 RwPeD1FaeAlRUDTsb4nUpxv0Cy5tYvzMmlqOx5YbWNgH7iBqYynoUXuWSgD/skfp Zfycin75lSOSLv5nj3gFDfh6z7xivxcwl8sfrtS/wRNmWtPaiVPx+uz+7K8Vr/qn 1A5QADFoCRBaQtl44cXJWdWtg5CKtPoCHEA95vYQDMunoL0diJJJyQH3wq7ERRgJ kamoZn6EtIVx+EJYkZmQ21GXTa9c5hjkW+reI6XUKZkgnq61Vbkw6HkRW7UUo8/y rp8q5sYmDCL61fZnSD7DeBFBBj7ajnccsGzjV5bBG9ztD7iTVvh0SWu05FaghcRu gpZ+/M7Z/8OUkCgr6F4YFAuE6mwJIcF8azSFXvuCsiVVfxo6DA8BGjzvLouZvdkx Q8SfCQYKUCAURtIamws5jRZHk+dSkktPvWqu4KMfmxbvtrA9xt8h2B/6+ix0c2X2 OXd13fl+D0E/Hu7Ka653SUBxiOJ2AbRGQDh998SjfAWA0qqkXLDTn6q6APlCB3g2 yjl03EVPdqx8zjGcQfeHhtmoEpWo92nPWzpXVeHODOu3UrTVF+wN5zlFf/NkVb16 v0kuyzCtnd5EZ8AbyI/c2ZGANMffuv47kHq8u2VQ+hZJJrN22Lc4Zs/PD31sBZGD 5WhIC9mkp/WD6rt9/+K9 =37jU -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

3 2

Why are Globe/Atlas not showing my upgraded (& advertised) bandwidth
by Tor Stuff 20 Sep '15

20 Sep '15

It is now more 7 hours since I restarted my Middle Relay after the upgrade to my broadband to FTTC which by various tests is consistently showing more than 75/20 Mbits/s speeds now. I edited my torrc file and set RelayBandwidthRate and RelayBandwidthBurst to 2.5 MBytes to reflect my new fast connection. The Tor log shows that both the DirPort and ORPort are reachable from the outside since the restart. Arm is correctly showing my bandwidth (limit & burst) as 20 Mb/s. However both Globe and Atlas are showing an Advertised Bandwidth which is less than my previous RelayBandwidthRate and RelayBandwidthBurst settings of 100 KBytes and 110 KBytes respectively! I have been running this node (nickname 'Geheimschreiber') with fingerprint C69D24F9353E16D85E82B4A9E4571DFAF6DCF531 for many months so expected Atlas/Globe to pickup my changed capabilities fairly quickly. Am I being too impatient or have I omitted something in my Tor configuration? Thanks Q

2 2

Blutmagie is Good Looking and VERY SLOW -- this script is VERY FAST
by starlight.2015q3＠binnacle.cx 20 Sep '15

20 Sep '15

improved: 1) flags on left side for easy left-anchor grep'ping 2) authority flag shares exit flag column 3) "a" alpha and "r" rc appended to version 4) OS flag in separate aligned column NOTES no "directory" flag since dir-port is "none" when not present no "valid" or "running" flags since such routers are excluded from the ranking Blutmagie has a "x" flag for "bad exit", no HDdir flag Rueckgr has a "h" HDdir flag, but no "bad exit" flag

1 0

Blutmagie is Good Looking and VERY SLOW -- this script is VERY FAST
by starlight.2015q3＠binnacle.cx 18 Sep '15

18 Sep '15

For those who like Blutemagie's excellent Tor node report and ranking, but find the painfully slow page rendering --well painful. This script pulls the same data via the CSV download and generates concise readable text report. 100x faster literally. Also a script for the newer Rueckgr.at TorStatus page. This one shows self-measure bandwidth instead of 24-hour average actual bandwidth.

1 0

How to determine demand/need for bridges/PT?
by Steve Snyder 18 Sep '15

18 Sep '15

Looking at the Tor Metrics page, I can see the number of bridges and the number of users connecting via bridges, but that's not enough information to determine satisfaction of demand. Are there now enough bridges to comfortably satisfy demand? Enough bridges with a particular PT type? If not, what kind of resources are lacking? How does one determine where the need for more bridges, or PT type, is greatest? (Assuming that there is any unmet need at all.)

3 2