Checking my Tor bridge and adventage of dynamic ip addresses
Hi list members, Iam kinda new to Tor and decided to run a relay and found heavy traffic on my router. No prob, but after reading the documentation and some discussion boards I decided to make internet access possible for people living in censorship and run a bridge on Linux without Vidalia and other x related apps. I use "Arm" to check the Tor daemon activities. The bridge runs a few days and I see: flags: no, and there is nearly zero traffic, avg 1.4 Kbs, mostly 0. Arm displays connections and I see some IP addresses, 2 circuits. And often just - nothing. Obviously Tor is running, but Iam afraid that my config isn't useful... How can I check my bridge is really working? Another question comes up. I use a cable connection to my ISP and they don't change my IP address, until plugging off my modem and wait an hour... I think if my bridge IP address is some day on some black lists, it could be an adventage if my IP address changes, right? If so, what changing time is fine, every day? Regards
Hi, On 19.07.2013 11:05, nobleeightfoldpath@lavabit.com wrote:
The bridge runs a few days and I see: flags: no, and there is nearly zero traffic [...]
Bridges are handed out one by one to users from the pool of all bridges. After a few days, only few users (if any) have been given your bridge address. Then, every user is different: Some just try it out once, some use it from time to time, and others are heavy users.
How can I check my bridge is really working?
Unfortunately, there is no easy way to do so yet, apart from watching Tor's logfile for error messages. You can look up your bridge in the database, but it is not straightforward: For security reasons, the database does not contain your bridge fingerprint, but a hash of your fingerprint. Example in python: from binascii import a2b_hex from hashlib import sha1 sha1(a2b_hex("<BRIDGEFP>")).hexdigest() Take that result: https://onionoo.torproject.org/details?search=<FP_HASH>
Another question comes up. I use a cable connection to my ISP and they don't change my IP address, until plugging off my modem and wait an hour... I think if my bridge IP address is some day on some black lists, it could be an adventage if my IP address changes, right? If so, what changing time is fine, every day?
This is a fine question. It depends on who uses your bridge when, and in what countries. I would not change address daily, but maybe every 2 weeks or every month. -- Moritz Bartl https://www.torservers.net/
On Fri, 19 Jul 2013 09:05:15 +0000, nobleeightfoldpath@lavabit.com wrote: ...
How can I check my bridge is really working?
Take a tor browser bundle and set it up to use only your bridge, and run it on another internet connection. (That does not check whether it is in the bridge database.)
Another question comes up. I use a cable connection to my ISP and they don't change my IP address, until plugging off my modem and wait an hour... I think if my bridge IP address is some day on some black lists, it could be an adventage if my IP address changes, right? If so, what changing time is fine, every day?
No, that's a bad idea. People that use your bridge can do so only as long it has the same address; they wouldn't know when (and how) the address changes and just see that the bridge thew are using has disappeared. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800
19.07.2013 11:05, nobleeightfoldpath@lavabit.com:
I use "Arm" to check the Tor daemon activities.
The bridge runs a few days and I see: flags: no,
Arm relies on the consensus to tell an operator what flags his relay got, but since bridges are not published in the consensus arm does not show any flag. The reason for bridges not being published in the consensus is to avoid adversaries from simply looking into the consensus and block bridges as well.
and there is nearly zero traffic, avg 1.4 Kbs, mostly 0. Arm displays connections and I see some IP addresses, 2 circuits. And often just - nothing. Obviously Tor is running,
Usage of bridges is low for some bridges, higher for others. Bridges that are stable for some time get more traffic, because user may come back the next day and they tell their friends that they got a working bridge. Still it is difficult to guess who gets access to your bridge.
but Iam afraid that my config isn't useful... How can I check my bridge is really working?
Atlas has no support for bridges, yet. Onionoo provides information (also to Atlas), but not in a way to be handled by humans. There is another project that makes use of the data Onionoo provides. It implemented searching for bridges. http://makepanic.github.io/emberjs-tor-onionoo/#/ Best, bastik
Hi list members, I tried to grab some data in the database. In the upper part of my results it shows obviously old data, because of the flags "Fast","HSDir","Named","Running","V2Dir","Valid" - for three days I switched to bridge mode. The IP addresses at or + dir aren't my address today. They should have my IP address, right? Below it looks a little newer, "running":true, "flags":["Running"], that's an hint ;) "last_seen":"2013-07-19 09:37:04", that's nice, too! But "or address" isn't mine... it's possible due to a router reset I got a new IP address two days ago. Iam a little confused now! Thanks to Sebastian, the link http://makepanic.github.io/emberjs-tor-onionoo/#/ is more eye friendly ;) but there is another IP address, too. What about mirroring directory: The Tor manual shows for bridge config in the vidalia config window to mirror the relay directory. I remember to read about it on another site too. I configured it in torrc, but in "Arm" an error appears, bridge and directory mirror won't run together. Why that? Thanks to Andreas for the hint. I'll try it later this evening!
Hi list members, I tried to grab some data in the database. In the upper part of my results it shows obviously old data, because of the flags "Fast","HSDir","Named","Running","V2Dir","Valid" - for three days I switched to bridge mode. The IP addresses at or + dir aren't my address today. They should have my IP address, right? Below it looks a little newer, "running":true, "flags":["Running"], that's an hint ;) "last_seen":"2013-07-19 09:37:04", that's nice, too! But "or address" isn't mine... it's possible due to a router reset I got a new IP address two days ago. Iam a little confused now! Thanks to Sebastian, the link http://makepanic.github.io/emberjs-tor-onionoo/#/ is more eye friendly ;) but there is another IP address, too. What about mirroring directory: The Tor manual shows for bridge config in the vidalia config window to mirror the relay directory. I remember to read about it on another site too. I configured it in torrc, but in "Arm" an error appears, bridge and directory mirror won't run together. Why that? Thanks to Andreas for the hint. I tried it (with my real address, not the address advertised in the db) and it works well!
On 19.07.2013 13:55, nobleeightfoldpath@lavabit.com wrote:
What about mirroring directory: The Tor manual shows for bridge config in the vidalia config window to mirror the relay directory. I remember to read about it on another site too. I configured it in torrc, but in "Arm" an error appears, bridge and directory mirror won't run together. Why that?
Only relays in the public directory (consensus) can be directory mirrors. -- Moritz Bartl https://www.torservers.net/
Hi list members, following probs remaining: 1. the ip address of my bridge is after around two days still the old address in the db (ie. http://makepanic.github.io/emberjs-tor-onionoo). That's probably why no one uses the bridge!? Testing with configuring the client to use my bridge (with my actual address) works well! So it is an unintended private bridge :) any ideas to trigger the db to change the address? 2. where can I check if my ip address is black listed by censoring countries? A friend told me to test it ie. with a chinese proxy. Is there a "best practice" to check? In worst case I could change the ip address. Iam happy if I could run a useful bridge. Regards :) nobleeightfoldpath@lavabit.com:
Hi list members,
I tried to grab some data in the database. In the upper part of my results it shows obviously old data, because of the flags "Fast","HSDir","Named","Running","V2Dir","Valid" - for three days I switched to bridge mode. The IP addresses at or + dir aren't my address today. They should have my IP address, right?
Below it looks a little newer,
"running":true, "flags":["Running"],
that's an hint ;)
"last_seen":"2013-07-19 09:37:04",
that's nice, too! But "or address" isn't mine... it's possible due to a router reset I got a new IP address two days ago. Iam a little confused now!
Thanks to Sebastian, the link http://makepanic.github.io/emberjs-tor-onionoo/#/ is more eye friendly ;) but there is another IP address, too.
What about mirroring directory: The Tor manual shows for bridge config in the vidalia config window to mirror the relay directory. I remember to read about it on another site too. I configured it in torrc, but in "Arm" an error appears, bridge and directory mirror won't run together. Why that?
Thanks to Andreas for the hint. I tried it (with my real address, not the address advertised in the db) and it works well!
On 7/19/13 10:36 PM, nobleeightfoldpath@lavabit.com wrote:
1. the ip address of my bridge is after around two days still the old address in the db (ie. http://makepanic.github.io/emberjs-tor-onionoo). That's probably why no one uses the bridge!? Testing with configuring the client to use my bridge (with my actual address) works well! So it is an unintended private bridge :) any ideas to trigger the db to change the address?
Not sure which IP address you're referring to and whether or not it should change. Can you paste your hashed fingerprint here and say which piece of information should be updated and why? Note that 10.x.y.z isn't really your bridge's IP address. I wonder if it should be taken out from the bridge details page or at least better documented. Here's the documentation from the Onionoo protocol page: "or_addresses": Array of sanitized IPv4 or IPv6 addresses and TCP ports or port lists where the bridge accepts onion-routing connections. The first address is the primary onion-routing address that the bridge used to register in the network, subsequent addresses are in arbitrary order. IPv6 hex characters are all lower-case. Sanitized IP addresses are always in 10/8 or [fd9f:2e19:3bcf/48] IP networks and are only useful to learn which IP version the bridge uses and to detect whether the bridge changed its address. Sanitized IP addresses always change on the 1st of every month at 00:00:00 UTC, regardless of the bridge actually changing its IP address. TCP ports are not sanitized. Required field. (Source: https://onionoo.torproject.org/) Best, Karsten
2. where can I check if my ip address is black listed by censoring countries? A friend told me to test it ie. with a chinese proxy. Is there a "best practice" to check? In worst case I could change the ip address.
Iam happy if I could run a useful bridge.
Regards :)
nobleeightfoldpath@lavabit.com:
Hi list members,
I tried to grab some data in the database. In the upper part of my results it shows obviously old data, because of the flags "Fast","HSDir","Named","Running","V2Dir","Valid" - for three days I switched to bridge mode. The IP addresses at or + dir aren't my address today. They should have my IP address, right?
Below it looks a little newer,
"running":true, "flags":["Running"],
that's an hint ;)
"last_seen":"2013-07-19 09:37:04",
that's nice, too! But "or address" isn't mine... it's possible due to a router reset I got a new IP address two days ago. Iam a little confused now!
Thanks to Sebastian, the link http://makepanic.github.io/emberjs-tor-onionoo/#/ is more eye friendly ;) but there is another IP address, too.
What about mirroring directory: The Tor manual shows for bridge config in the vidalia config window to mirror the relay directory. I remember to read about it on another site too. I configured it in torrc, but in "Arm" an error appears, bridge and directory mirror won't run together. Why that?
Thanks to Andreas for the hint. I tried it (with my real address, not the address advertised in the db) and it works well!
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (5)
-
Andreas Krey -
Karsten Loesing -
Moritz Bartl -
nobleeightfoldpath@lavabit.com -
Sebastian G. <bastik.tor>