[tor-relays] tor-relays Digest, Vol 67, Issue 12
Flipchan
flipchan at riseup.net
Fri Aug 5 15:23:52 UTC 2016
I would recommend port knocking if u run ssh
tor-relays-request at lists.torproject.org skrev: (4 augusti 2016 19:30:11 CEST)
>Send tor-relays mailing list submissions to
> tor-relays at lists.torproject.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>or, via email, send a message with subject or body 'help' to
> tor-relays-request at lists.torproject.org
>
>You can reach the person managing the list at
> tor-relays-owner at lists.torproject.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of tor-relays digest..."
>
>
>Today's Topics:
>
> 1. Re: tor-relays Digest, Vol 67, Issue 11 (Flipchan)
> 2. Re: Exit relay funding (I)
> 3. Re: Exit relay funding (Petrusko)
> 4. Re: Any security tips on running a TOR relay? (Green Dream)
> 5. Re: Any security tips on running a TOR relay? (Tristan)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Thu, 04 Aug 2016 14:51:35 +0200
>From: Flipchan <flipchan at riseup.net>
>To: tor-relays at lists.torproject.org
>Subject: Re: [tor-relays] tor-relays Digest, Vol 67, Issue 11
>Message-ID: <A571C798-B2DE-4A1C-B2CA-EB58353A0D72 at riseup.net>
>Content-Type: text/plain; charset="utf-8"
>
>Auto update with cron, audit it like a normal server
>
>tor-relays-request at lists.torproject.org skrev: (4 augusti 2016 14:00:07
>CEST)
>>Send tor-relays mailing list submissions to
>> tor-relays at lists.torproject.org
>>
>>To subscribe or unsubscribe via the World Wide Web, visit
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>or, via email, send a message with subject or body 'help' to
>> tor-relays-request at lists.torproject.org
>>
>>You can reach the person managing the list at
>> tor-relays-owner at lists.torproject.org
>>
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of tor-relays digest..."
>>
>>
>>Today's Topics:
>>
>> 1. Re: experiences with debian tor 0.2.8.6 package from
>> deb.torproject.org (tor relay)
>> 2. Any security tips on running a TOR relay? (Andrew)
>> 3. Re: Exit relay funding (Petrusko)
>> 4. Re: experiences with debian tor 0.2.8.6 package from
>> deb.torproject.org (Peter Palfrader)
>>
>>
>>----------------------------------------------------------------------
>>
>>Message: 1
>>Date: Thu, 4 Aug 2016 08:01:32 +0200 (CEST)
>>From: tor relay <torrelay3 at mailbox.org>
>>To: tor-relays at lists.torproject.org
>>Subject: Re: [tor-relays] experiences with debian tor 0.2.8.6 package
>> from deb.torproject.org
>>Message-ID: <249633305.6901.1470290492290 at office.mailbox.org>
>>Content-Type: text/plain; charset="utf-8"
>>
>>https://trac.torproject.org/projects/tor/ticket/19825
>>-------------- next part --------------
>>An HTML attachment was scrubbed...
>>URL:
>><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/19f23f2d/attachment-0001.html>
>>
>>------------------------------
>>
>>Message: 2
>>Date: Thu, 4 Aug 2016 16:00:30 +1000
>>From: "Andrew" <tor at ab49k.net>
>>To: <tor-relays at lists.torproject.org>
>>Subject: [tor-relays] Any security tips on running a TOR relay?
>>Message-ID: <021f01d1ee15$831ee920$895cbb60$@ab49k.net>
>>Content-Type: text/plain; charset="utf-8"
>>
>>Hi,
>>
>>I've got a spare server for two (freebsd) and I'd like to start
>running
>>TOR
>>relays on them.
>>
>>Is there any security concerns I need to deal with, or is the ports
>>compile
>>+ updates good enough to keep my systems decently secure.
>>
>>I actively monitor the machines, but as you know, the game is
>>prevention,
>>not reaction to security incedents :)
>>
>>
>>
>>Thanks,
>>
>>AB49K
>>
>>
>>
>>
>>
>>-------------- next part --------------
>>An HTML attachment was scrubbed...
>>URL:
>><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/3aa25618/attachment-0001.html>
>>
>>------------------------------
>>
>>Message: 3
>>Date: Thu, 4 Aug 2016 09:10:08 +0200
>>From: Petrusko <petrusko at riseup.net>
>>To: tor-relays at lists.torproject.org
>>Subject: Re: [tor-relays] Exit relay funding
>>Message-ID: <62c913f4-3df8-8622-42a0-1881c48496f1 at riseup.net>
>>Content-Type: text/plain; charset="windows-1252"
>>
>>And I think a lot of users doesn't know what is there "behind". As
>>always in computer's world...
>>
>>Now I'm able to explain quickly (what I've understood) this network to
>>some friends/family, who were using Tor a long time ago before I've
>>started to have fun with contributing a little to the network.
>>
>>How many people around us know how 'it's working", how many are
>>thinking
>>about that, are interested to know ?
>>They are connecting the smartphone to Mc Do's wifi, and are happy to
>>read Facebook... receive emails... etc. But how it's possible to make
>>it
>>work ? They don't care about that, /"it's working and it's cool !"/
>>They don't know what is a NAS at their work, what is an IP, what is
>>domain with AD, why those IT guys are sooo boring with those passwords
>>(they don't love our pet's name as password... rah!!).
>>Now my friends/family have quickly understood how "normal people" can
>>contribute to Tor, but I'm sure some months after /"it's working and
>>it's cool !"/. Nothing more.
>>And I think a lot of "little" operators like me are doing this by
>>loving
>>computer's world (linux, network, dev,...), having fun to investigate
>>why it's not working nice, or try to make it better, and of course
>>understand the need to have an "underground" network for all the
>>reasons
>>we know.
>>It's cool to contribute, and if it can help censored people, and if
>>it's
>>better for privacy to the others, it's beautiful !
>>
>>The day I'll not be able to have some time/money to make nodes
>working,
>>I'll sadly "poweroff" them, and thank all people (devs, operators,
>>mailing lists...) for their work, to have this package working easily
>>with this support !
>>apt-get install tor - nano torrc (bridge/relay/exit to contribute)-
>>service tor restart - it's working. Nice? If it's not working, the
>>community is here. Nice!
>>Thanks.
>>
>>--
>>Petrusko
>>PubKey EBE23AE5
>>C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>>
>>
>>-------------- next part --------------
>>A non-text attachment was scrubbed...
>>Name: signature.asc
>>Type: application/pgp-signature
>>Size: 819 bytes
>>Desc: OpenPGP digital signature
>>URL:
>><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/5e897405/attachment-0001.sig>
>>
>>------------------------------
>>
>>Message: 4
>>Date: Thu, 4 Aug 2016 08:23:18 +0000
>>From: Peter Palfrader <weasel at torproject.org>
>>To: tor-relays at lists.torproject.org
>>Subject: Re: [tor-relays] experiences with debian tor 0.2.8.6 package
>> from deb.torproject.org
>>Message-ID: <20160804082318.GI15499 at sarek.noreply.org>
>>Content-Type: text/plain; charset=us-ascii
>>
>>On Thu, 04 Aug 2016, tor relay wrote:
>>
>>>
>>> > On August 3, 2016 at 11:51 PM Green Dream
><greendream848 at gmail.com>
>>wrote:
>>> >
>>> > Sorry, I didn't understand that your daemon didn't restart
>>after the upgrade. I ran through the upgrade on 2 relays, and apt
>>started the service post-upgrade on both.
>>> >
>>> >
>>> >
>>>
>>> Since it is reproducible in my case as well I assume you do _not_
>>have the following constellation:
>>>
>>> tor.service is disabled and stopped (I don't use the default
>>instance)
>>
>>You should not disable tor.service.
>>
>>tor.service is what controls all tor instances. The default service
>is
>>tor at default.service. If you don't want it to start, one option is to
>>move away /etc/tor/torrc.
>>
>>--
>> | .''`. ** Debian **
>> Peter Palfrader | : :' : The universal
>> https://www.palfrader.org/ | `. `' Operating System
>> | `- https://www.debian.org/
>>
>>
>>------------------------------
>>
>>Subject: Digest Footer
>>
>>_______________________________________________
>>tor-relays mailing list
>>tor-relays at lists.torproject.org
>>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>------------------------------
>>
>>End of tor-relays Digest, Vol 67, Issue 11
>>******************************************
>
>--
>Sincerly Flipchan
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/edd02f2d/attachment-0001.html>
>
>------------------------------
>
>Message: 2
>Date: Thu, 4 Aug 2016 07:26:46 -0800
>From: I <beatthebastards at inbox.com>
>To: tor-relays at lists.torproject.org
>Subject: Re: [tor-relays] Exit relay funding
>Message-ID: <C38B12E68E7.00000772beatthebastards at inbox.com>
>Content-Type: text/plain; charset=US-ASCII
>
>Hear Hear, Roger and Petrusko,
>
>Nonetheless, I would like the promised t-shirts before next year.
>
>Robert
>
>
>
>
>------------------------------
>
>Message: 3
>Date: Thu, 4 Aug 2016 19:00:22 +0200
>From: Petrusko <petrusko at riseup.net>
>To: tor-relays at lists.torproject.org
>Subject: Re: [tor-relays] Exit relay funding
>Message-ID: <9c51e67a-50cf-2443-ecec-e72f0a0f5d48 at riseup.net>
>Content-Type: text/plain; charset="utf-8"
>
>Haha yes! T-shirts are a good way to start conversations with people
>who
>don't really know what is this "onion" !?
>And be proud to wear it ! :p
>
>Registration is open ?!! ;p
>
>
>Le 04/08/2016 à 17:26, I a écrit :
>> Hear Hear, Roger and Petrusko,
>>
>> Nonetheless, I would like the promised t-shirts before next year.
>>
>> Robert
>
>--
>Petrusko
>PubKey EBE23AE5
>C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: signature.asc
>Type: application/pgp-signature
>Size: 819 bytes
>Desc: OpenPGP digital signature
>URL:
><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/ce10fe18/attachment-0001.sig>
>
>------------------------------
>
>Message: 4
>Date: Thu, 4 Aug 2016 10:27:09 -0700
>From: Green Dream <greendream848 at gmail.com>
>To: tor-relays at lists.torproject.org
>Subject: Re: [tor-relays] Any security tips on running a TOR relay?
>Message-ID:
> <CAAd2PDL88Yujm-wuw04nbN+WgTydWLXLMr_rUR--h_TikhyoPA at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>I'd say the normal server hardening precautions apply. Off the top of
>my
>head:
>
>- keep software/packages up to date
>- only use public-key authentication for ssh / disable password-based
>auth
>- optionally change the ssh port (it just avoids the worst of the port
>scanning / brute force attempts)
>- limit the number of services running on your relays (ideally only run
>Tor
>and supporting services (i.e., maybe dns)
>- firewall off (deny) everything except DirPort/ORPort/ssh
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/fd02334e/attachment-0001.html>
>
>------------------------------
>
>Message: 5
>Date: Thu, 4 Aug 2016 12:30:05 -0500
>From: Tristan <supersluether at gmail.com>
>To: tor-relays at lists.torproject.org
>Subject: Re: [tor-relays] Any security tips on running a TOR relay?
>Message-ID:
> <CAKkV4FHeSxNABpeR_baHFcpWtEFn0TkoVbm-xjPqb+vPnWT+qg at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>I'm assuming this doesn't apply to exit relays? Or is there a way to
>block
>incoming while allowing outgoing?
>
>On Aug 4, 2016 12:27 PM, "Green Dream" <greendream848 at gmail.com> wrote:
>> - firewall off (deny) everything except DirPort/ORPort/ssh
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/a3752bdb/attachment.html>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>------------------------------
>
>End of tor-relays Digest, Vol 67, Issue 12
>******************************************
--
Sincerly Flipchan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160805/80a277d3/attachment.html>
More information about the tor-relays
mailing list