[tor-relays] Cheapest HW to get 20Mbit?
Joel Cretan
jcretan at gmail.com
Mon Aug 29 23:40:17 UTC 2016
Having run a relay on an older RPi with standard Raspbian, I would caution
you to look carefully at the packages you're using, if you choose that
hardware. Of course the Tor package itself is woefully out of date, so you
have to build from source. But it's worse than that.
I noticed that running regular apt-get update && apt-get upgrade was not
enough to keep openssl up to date. Over a year after Heartbleed had been
fixed, I noticed that my "up-to-date" version was still vulnerable, not to
mention all the other bugs discovered there in the last few years. I
thought maybe I could replace openssl with one of the forks, but was unable
to find any pre-built packages or even signed source distributions with
signing keys distributed over TLS. It was a pretty bad state of affairs, so
I shut that relay down entirely. Maybe it has improved since then, but be
careful.
On Aug 28, 2016 4:37 PM, "Matt Traudt" <sirmatt at ksu.edu> wrote:
On 08/28/2016 04:26 PM, Petrusko wrote:
>
>> Up to two per IP.
> Hu? it's sad for people having several CPU... :s
>
It does help a little to prevent attackers from spinning up a lot of
relays. With this limit, they must have n/2 IPs at their disposal.
For example, this paper[1] shows an attack for harvesting onion
services. It would have been much easier without the 2-per-IP limit.
Matt
[1]: http://ieee-security.org/TC/SP2013/papers/4977a080.pdf
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160829/46e05db5/attachment-0001.html>
More information about the tor-relays
mailing list