Re: [tor-relays] AWS abuse handling

2016-07-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/27/2016 08:24 PM, Snehan Kekre wrote:
> (/capped/ at 15GB/month of traffic each way).
seems to be just 5 KB/sec, or ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAleY/sUACgkQxOrN3gB26U62LwD+O9WPeZfBt3Ef4EGexfTGlODD
JCC+Qm+73q3YNNqlLY8BAI2ZRTETEAH6iSjM5yNQjNT1mIWh2OgIFBxqmRCUhxX5
=gFUb
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AWS abuse handling

2016-07-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/27/2016 08:42 PM, Snehan Kekre wrote:
> I've set RelayBandwidthRate to 300 KB and RelayBandwidthBurst to
> 400 KB. It hibernates after it's exhausted the cap.
300 KB == 5,000 sec till exhaustion, == 1,5 hour

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAleZBXwACgkQxOrN3gB26U6SxgD/Q+k0ff802Tuvu6Wx4GquXPkg
ckngzieSRHnH9L+mg8QBAI7VcB/hBulaS91Ft9giHI1V6Vad6VIc7ch1mC11ute9
=Enau
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Don't use Google's DNS server

2016-07-28 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/28/2016 07:50 PM, nusenu wrote:
> If you run an exit and find your relay fingerprint next to a Google AS
If only a subset from the whole list is meant it would be helpful to provide an 
appropriate subset of that file for the purpose of this email (topic) IMO.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAleaSA4ACgkQxOrN3gB26U594wD+PP/E9d5yh35mbcP6b72jFFgx
THk4+5tznWPW8JQmYw4BAIY7B8q6435LSlm8Z0KpdQiz6v2eVnG5R5nFqZnQsduV
=jefL
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Got a visit from the police this morning..

2016-07-31 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Well, maybe OT but nevertheless:

The tor exit notice can be improved. I derived a good example from the WIKI and 
adapted it just a little bit for Germany: http://5.9.158.75/

And a second thing: If you close port 465, then you should close 587 as well 
IMO.
FWIW I do fine with just closing port 25 and :
ExitPolicy reject 217.69.139.160:465# smtp.mail.ru
ExitPolicy reject 94.100.180.160:465# "
ExitPolicy reject [2a00:1148:db00::8]:465   # "
b/c the admins there requested it.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAleeIBMACgkQxOrN3gB26U5IAAD/RjYityxoPPMs+znp3PV6FWqJ
GO1af/1J2htCr25e0hUA/28XaLgxtvFfUHi3SuLQnQIQHlvqAKwXO3PaSHZT4VdE
=N82I
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] is explicit DirPort needed anymore under Tor 0.2.8.6?

2016-08-02 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/03/2016 02:13 AM, Green Dream wrote:
> With this new behavior, is there any reason to keep an open DirPort on
> our relays?
Yes, it is a convenient way to tell others to fetch a HTML document from the 
Tor exit ip address (eg in http://5.9.158.75/

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlehkvIACgkQxOrN3gB26U4+ogD/XWHq5lHhhOUEigVOzhPQ0mRq
40Dq/BfPFT4aG6rB5mkA/2XI8bw1E0SHPZtD8RoHb3LWkH7nz1S2SHf5FBI5/+55
=DvaQ
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] How to exclude a CDN ?

2016-08-09 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Got few times an informal report containing something like:


It is most likely the attack traffic is directed at one of the 
following endpoints:

account.sonyentertainmentnetwork.com
auth.np.ac.playstation.net
auth.api.sonyentertainmentnetwork.com
auth.api.np.ac.playstation.net


I was just wondering how would somebody handle a request to exclude those IP 
addresses, b/c 2 attempts to get the affected netwrok gives:

# host account.sonyentertainmentnetwork.com
account.sonyentertainmentnetwork.com is an alias for 
account.sonyentertainmentnetwork.com.edgekey.net.
account.sonyentertainmentnetwork.com.edgekey.net is an alias for 
e380.b.akamaiedge.net.
e380.b.akamaiedge.net has address 104.109.72.158

#  whois 104.109.72.158 | grep CIDR
CIDR:   104.64.0.0/10
CIDR:   104.109.64.0/20


and at another system :


~/devel/wireshark $ host account.sonyentertainmentnetwork.com
account.sonyentertainmentnetwork.com is an alias for 
account.sonyentertainmentnetwork.com.edgekey.net.
account.sonyentertainmentnetwork.com.edgekey.net is an alias for 
e380.b.akamaiedge.net.
e380.b.akamaiedge.net has address 184.24.193.168

$ whois 184.24.193.168 | grep CIDR
CIDR:   184.24.0.0/13
CIDR:   184.24.192.0/20



- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAleqBwUACgkQxOrN3gB26U7YXQD+PHgO8nVRo01abzdu1P7zC6TZ
gDMkb+L51zt/k7hBJOsA/0czdSd8p8AnINKx+FP2Gi5ZSjVzzBuUM9o+htw5BdIX
=Tz+I
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How to exclude a CDN ?

2016-08-13 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/13/2016 09:10 AM, yl wrote:
> Let them block your exit, if they are consequent and block all tor
> they get what they want. I guess.
Yes, give that answer 2 times to the origin of the abuse letter ...

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAleu10wACgkQxOrN3gB26U5kewD8CzN519I2XFOOnLPJnpPnwoEA
HanUyxuYFXyWf/ip1EwA/j3IqDBNQBUQkOiSuF3n2VRDi5fKaBqKDoqE+rDtiJAi
=N0Fe
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] issues with a fresh new tor server

2016-08-21 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I made the following steps to have /var/lib/tor encrypted under an ext4fs under 
a stable Gentoo Linux:

at a local system:
head -c 16 /dev/random | xxd -p > ~/tmp-salt.txt; echo 0x`cat 
~/tmp-salt.txt` > ~/.cryptoSalt; rm ~/tmp-salt.txt
picked up a password from: pwgen -s 16
open the remote directory: scp ~/.crypto{Pass,Salt} user@host:home; ssh 
user@host 'cat ~/.cryptoPass | sudo e4crypt add_key -S $(cat ~/.cryptoSalt) 
/var/lib/tor; rm ~/.crypto{Pass,Salt}'


debug.log tells me:

...
Aug 21 15:09:23.817 [notice] Opening Directory listener on 
[2a01:4f8:190:514a::2]:80
Aug 21 15:09:23.000 [warn] Your log may contain sensitive information - you're 
logging more than "notice". Don't log unless it serves an important reason. 
Overwrite the log afterwards.
Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Attemping to disable 
debugger attachment to Tor for unprivileged users.
Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Debugger attachment 
disabled for unprivileged users.
Aug 21 15:09:23.000 [info] tor_lockfile_lock(): Locking "/var/lib/tor/data/lock"
Aug 21 15:09:23.000 [warn] Couldn't open "/var/lib/tor/data/lock" for locking: 
Operation not permitted
Aug 21 15:09:23.000 [err] set_options(): Bug: Acting on config options left us 
in a broken state. Dying. (on Tor 0.2.8.6 )

and indeed :


# ls -alR /var/lib/tor/
/var/lib/tor/:
total 12
drwxr-xr-x  3 tor  tor  4096 Aug 21 15:09 .
drwxr-xr-x 14 root root 4096 Aug 21 03:10 ..
drwx--  2 tor  tor  4096 Aug 21 15:09 data
- -rw-r--r--  1 root root0 Aug 19 14:47 .keep_net-misc_tor-0

/var/lib/tor/data:
total 8
drwx-- 2 tor tor 4096 Aug 21 15:09 .
drwxr-xr-x 3 tor tor 4096 Aug 21 15:09 ..



Any hints ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAle5qVMACgkQxOrN3gB26U6DKwD+KqNyqPlp3QvnSbC375p0sqe8
u9EeBJHUVX2xQxSIg9QA/icPTjMdK5iKh0uAgreqKi5T0g+JmxyGYg/Tp9ePJANl
=w8Jd
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] issues with a fresh new tor server

2016-08-21 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/21/2016 03:23 PM, Tom van der Woerdt wrote:
> what it fails on with strace? Is tor actually running as the 'tor' user?
> Do you have any special security configuration like sandboxing set up?
> 
> Tom
Well, whilst disabling the SandBox at least gave me the lock file - Tor died 
immediately after that.

Currently I do blame my Gentoo hardened settigns I do use (although I had have 
the same features (tmp) at my old server have w/o any problems - but ok, local 
problem so far ASICT.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAle5tRMACgkQxOrN3gB26U7zmgD+OWR/oUcamCZe7QFr+QJpxM1h
6Auf9EH4PgBAFUI784IA/AzJ+wFfDhT5ct38mAjXlAZMiUmIvU5hyVXTnjuIXUai
=V4Fb
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] issues with a fresh new tor server

2016-08-21 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/21/2016 03:23 PM, Tom van der Woerdt wrote:
> Did this work prior to adding encryption, or could that be a red
> herring?

It was the attempt to encrypt the Tor directory using the ext4 method
- - GRSecurity is fine (works since 2 years like a charm).
But I mistakenly encrypted it as user "root" - whereas user "tor" was
the right one.

I described my steps in [1] under "setup".
I'm pretty convinced that this is an easy method to ensure an attacker
even with physical access to a server (eg. while changing a defect
hard disk) can't achieve the secret key.


[1] https://www.zwiebeltoralf.de/torserver.html
- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAle5zEEACgkQxOrN3gB26U6S6QD9FKxGzwe0TLW0asl94wPZcxt2
1nItLSqLRIvPkZq0Gh4A/iUH8iJxb9X3G39osFkkY/UdRCh+TvRwWj21gB5oKf/O
=7Ueo
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] issues with a fresh new tor server

2016-08-21 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/21/2016 06:35 PM, Tom van der Woerdt wrote:
> Side-note wrt your setup :
> 
> You're storing the keys on the disk, and while they're removed
> immediately after, that potentially leaves them on the physical storage.
> Since you're already passing them through ssh, consider just having ssh
> do the stdin bit :
> 
> cat ~/.cryptoPass | ssh user@host "sudo -u tor e4crypt add_key -S $(cat
> ~/.cryptoSalt) /var/lib/tor"
> 
> The salt will end up in the sudo log (/var/log/secure, usually) but the
> password will never hit the disk. No scp needed, and no files to rm
> afterwards.
> 
> Tom

Thx for your hints - I'll test your advice soon.

FWIW I do have 
Defaults !syslog,!pam_session
in /etc/sudoers, therefore sudo commands shouldn't be logged I hope. And I do 
have /tmp as a tmpfs. And finally "tor" is just a technical user w/o login or 
so.


- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAle53CAACgkQxOrN3gB26U7zXQD9HXerMKNjq3o8z7ByeS2yaI3s
1mbru/OrXLBEoKycwZwA/1AwQR+zEguL05d76hBAMN0ejfeFNl6VTbC2hpAuDn8M
=kBrc
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] relay on a vps not exclusively used for tor?

2016-08-21 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/21/2016 09:33 PM, Petrusko wrote:
> CPU is not used 100% all the time, so there is Boinc running behind to
> help worldcommunitygrid.org against cancer, ebola, zika...

There was an unclear situation related to BOINC at my former exit relay [1], so 
I banned BOINC from an Tor relay.


[1] https://www.zwiebeltoralf.de/torserver/cep2/index.html
- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAle6BGUACgkQxOrN3gB26U4sQAEAjgDu6nRFVOFClg5cdaZzTooj
Y2EkWUrDx/9QjFE8vFsA/0k6dO7kBGZM9wlAgGKQY1I8g1P1Ebg/5txojQqBPgex
=MC9A
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] relay on a vps not exclusively used for tor?

2016-08-22 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/21/2016 10:28 PM, Petrusko wrote:
> Thx for sharing this kernel option, and this experience.
Under Gentoo Linux it is very easy to have GRSecurity. I do use it both on my 
desktop and my server w/o bigger problems.

> But if I understand well, a user from the IP address 5.79.67.47 has
> tried to execute system commands after beeing connected successfully to
> your boinc instance ?
That was my understanding - right. OTOH I'm unsure if this is the only 
explanation - maybe there's a harmless one too.


- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAle7IGwACgkQxOrN3gB26U6iZQD9Hqhwf8EGd4IrWW7I8x1bWles
BLtsvIK73o45UTVS+VUA/3LDdLYpoUMdTpVY9thtRPqR0WRxxFLsMhG9gUxYymr5
=TxJE
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] interesting network sockets pattern

2016-08-26 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/25/2016 07:02 PM, Toralf Förster wrote:
> This is a fresh new Tor exit, setup 4 days ago, 
> https://atlas.torproject.org/#details/BE2FA9FCB6242567B93ED99FEC5543FC517C9276
>  , where I do wonder how to interpret the attached screen shot.

The full SVG graphic can be derived from 
http://www.zwiebeltoralf.de/torserver/graph-20160825.svg (scroll down to the 
end)

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF0EAREIAAYFAlfAOBwACgkQxOrN3gB26U7NEAD/U8eOOYq+sArqaGdrJ5+RzTUY
G8duzPfhX6bbiI2u55cA93IBBN/7Hog4WhftxhM681ntxKk44KkYOryqyIaBZp4=
=WWe1
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] interesting network sockets pattern

2016-08-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/27/2016 10:36 AM, dawuud wrote:
> what is the pattern you are referring to?
The up and down of about 2,500 socks within a short time period

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlfBZ8YACgkQxOrN3gB26U6GEQD/VXEmJpJbN2e0/0pU7tRC4PUL
B1MgZzFms2ZEs421AqEA/22gb7A2bIJvhGJANrs94skq3DAo9JrxKrkvuQvtFr7T
=QAmM
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] interesting network sockets pattern

2016-08-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/27/2016 12:47 PM, dawuud wrote:
> i wonder if you've got lots of sockets in time-wait,
The blue line in the graph are already tcp-tw.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlfBn+QACgkQxOrN3gB26U5WfQD+OYWNjSUJXwyuny4xlDk95lWT
tnCBbPGbzQyt1D5Msh4A/3pEAD+K9iydND1esWCPJMgtT7Phs3kvKGgBIcNWI0K7
=8W5f
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] interesting network sockets pattern

2016-08-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/27/2016 12:47 PM, dawuud wrote:
> does this same graphy display differently for different periods of time or on 
> a larger time scale?
> did this recently started happening?
This is a new system re-using the same IP of the old exit relay where I didn't 
observed that behaviour.
It started soon after the Tor exit relay was setup up.

http://www.zwiebeltoralf.de/torserver/graph-20160821.svg 


- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlfBoegACgkQxOrN3gB26U52lQD9GPbNTinPSEjQAeyc4US3X/D+
DZSuSrOxuuyZHltQRbMA+QH27Qp1GKizhrquQ4QH0OsivGrJ9L0CSKlNfDhN1644
=nYeB
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] interesting network sockets pattern

2016-08-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/27/2016 08:59 PM, Jivan Amara wrote:
> I suspect this is due to a circuit built with a node that has lower
> max bandwidth settings than yours.  The regular bandwidth cap holds
> traffic back for a time, then the burst bandwidth cap lets some
> through at a higher speed for a short period.

We do speak about sockets, not about bandwidth here.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlfB5HUACgkQxOrN3gB26U5ocAD/b+ix8dN3Acrj0Bq/C7KMXpsl
/80Sb+/HBELPUZtCLYsA/2iTkjUdqupyRtxl9/1L7bcWAckn7d0D3X8iOQw8Wfnl
=DHax
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Closing a relay, to move/upgrade, identity question ?

2016-08-29 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/29/2016 01:48 PM, Petrusko wrote:
> If I'm paranoiac, and if this current relay has been corrupted, I think
> it's better to start a clean identity without the old keys ?
That was the reason for me to start with new keys (and an encrypted FS) when I 
changed the hardware.


- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlfEMqAACgkQxOrN3gB26U7irAD9HdNrefY8jTszI7LXorAQKKjg
Y34ADGVDzzhtoqSyCsAA/06PcjbfFbI8wlzPp4I/wC7AM7eUjsvwcIMitqWOtfPG
=noyd
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] block input hammering from the same ip source address

2016-08-29 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

These are iptables rules (ipv4) for my exit relay:

  IPT="/sbin/iptables"

  # Tor
  #
  $IPT -A INPUT -p tcp --destination-port  80 --match conntrack --ctstate NEW 
--match connlimit --connlimit-above 2 --connlimit-mask 32 -j DROP
  $IPT -A INPUT -p tcp --destination-port 443 --match conntrack --ctstate NEW 
--match connlimit --connlimit-above 2 --connlimit-mask 32 -j DROP
  #
  $IPT -A INPUT -p tcp --destination-port  80 -j ACCEPT
  $IPT -A INPUT -p tcp --destination-port 443 -j ACCEPT

For the first 2 I do wonder if there's something I should consider too ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlfEh1wACgkQxOrN3gB26U4C2QD/Uvptq50hLXDbgLBwfKOWX60D
0ezIAtlBiXdjI86IeZkA/0ZW847biWDw3e51xLZpxGskA1aoD2mhz+xIbXvFMS/h
=ZFV5
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

2016-10-06 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Today I got this for the first since I run exits:

Oct 06 08:23:03.000 [warn] Duplicate rendezvous cookie in 
ESTABLISH_RENDEZVOUS.

Something I should worry about ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlf2Dz0ACgkQxOrN3gB26U5LMAD+POAhOITGeYh5CFdOwFxgfzMf
510EN+mxt+3nTAFXgrIA/1BUXnr1DXh61y5ttIxSoVGJb95r8FTrnKiDTZ23yBkV
=vFhm
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

2016-10-07 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/06/2016 06:29 PM, Logforme wrote:
> Maybe they are new in 0.2.8.8?
nope, from "git blame" the appropriate line is part of git commit 339df5df and 
that commit is already part of tor-0.2.4.11-alpha :

commit 339df5df085e2115c01881cf628abe5ed3fbd456
Author: Nick Mathewson 
Date:   Sun Mar 10 08:32:58 2013 -0400

Fix 8447: use %u to format circid_t.

Now that circid_t is 4 bytes long, the default integer promotions will
leave it alone when sizeof(int) == 4, which will leave us formatting an
unsigned as an int.  That's technically undefined behavior.

Fixes bug 8447 on bfffc1f0fc7616a25c32da2eb759dade4651659e.  Bug not
in any released Tor.



- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlf3wQoACgkQxOrN3gB26U4o3AEAigGioHWzKg9sSbDYkRHMeieR
6k4LYT/cdFN7CueizmgA/iLp8uInP87xiRxdTsLjHXMxVNejRi+isC3r49U0XRZL
=r+19
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

2016-10-07 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/07/2016 05:55 PM, Ivan Markin wrote:
> I'm unable find change to this line in
> 339df5df085e2115c01881cf628abe5ed3fbd456.

Right, it is 

commit 259c65ab08a4a88e310097cd5df155d62ea22447
Author: Roger Dingledine 
Date:   Mon Feb 13 10:33:00 2006 +

the last of the log convention conversion. finally.


svn:r6005

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlf3yxcACgkQxOrN3gB26U595QD/fY03evHs3qGlPhkx16dZOkV9
20WXeBgKoQsNXJzNnjoA/i13FBps1+5GMSjaGKjIJe1zTzN+u7aVcMz7nuk2xwpp
=Jfey
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Reading [1] I do wonder about that.
Why do Tor exit relay operators avoid installing a local resolver - or at least 
simple a cache as shown in [2] ?
Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8 shouldn't 
be a big thing, or ?

[1] https://nymity.ch/tor-dns/tor-dns.pdf 
[2] https://zwiebeltoralf.de/torserver.html

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgDW9QXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7l0AD9GolbdbnFmmDVACsdosxGC+bkD7czticuu0jTSQ5ObhYA/3aq74/N23bp
D0mOLzfUmmDpiI2KXOSLvG/n8vrAgYlV
=y46I
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/17/2016 04:37 AM, Jesse V wrote:
> Consequently, I have to keep an eye on /etc/resolv.conf to ensure
> that it always points to my Unbound instance. I take immediate
> action if this is not the case.
Shouldn't /etc/resolv.conf.{head,tail} automate this ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgEgdwXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7/5wD+NXFjWDMNzKDMd1qkNU6gmKDej/z12+4GZo3OrM7+8fQA/iq/oJG4DALa
dyyJmyuNXHruITe1PV5pPih6M5KbM4rH
=pB/i
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/17/2016 07:00 PM, pa011 wrote:
> What servers do I put in /etc/dnsmasq.conf to get this solved best?
Currently I do just use nameservers from my ISP (Hetzner) :

mr-fox ~ # grep ^server /etc/dnsmasq.conf
server=2a01:4f8:0:a0a1::add:1010
server=2a01:4f8:0:a102::add:
server=2a01:4f8:0:a111::add:9898
server=213.133.98.98
server=213.133.99.99
server=213.133.100.100

before (till yesterday) I had these too :

#server=194.150.168.168
#server=84.200.69.80
#server=84.200.70.40
#server=81.3.27.54
#server=5.153.48.164

but from the mentioned PDF I got the impression to just use the ISP nameservers 
+ a local cache - which I'm trying now.

BTW The advantage of dnsmasq is to use more than 3 nameservers.

And this is the command I do use to check dnsmasq:

pkill -USR1 dnsmasq; sleep 1; tail -n 20 /var/log/syslog | grep -A 100 
'dnsmasq.*: time'

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgFDRsXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U5CmAD9H7ZD8oNsHw5YDpJ+6aDFwm01liWSe6i2Wva7f5CYQ5sBAIV7r8w2wzl1
LgQ8OcIxw5Ar0ZSouPag6rL/oftONKlM
=DCc1
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-18 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/17/2016 07:40 PM, Toralf Förster wrote:
> but from the mentioned PDF I got the impression to just use the ISP
> nameservers + a local cache - which I'm trying now.

Which was not the best idea:

$ dig www.heise.de +trace

; <<>> DiG 9.10.4-P3 <<>> www.heise.de +trace
;; global options: +cmd
;; connection timed out; no servers could be reached


Adding external DNS name server solved that.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgGPtcXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U4PTgD7B/4JkwIqnwmcLNe6k/psZdZDfxpSe7dIooer+ySH6FoBAITyxUdiDmTk
lHO7gm7XWyISde0B73NXHLfJlihKquPE
=T+TF
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Research project - comparing abuse complaints on Tor exits to those of regular ISPs

2016-10-24 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/24/2016 05:08 PM, Robin Kjeld wrote:
> So, I changed SSH to be Rejected. And it's been working fine since then. So, 
> it's basically the ReducedExitPolicy but without SSH. 
> /Robin
I kicked off telnet and whois (and ftp a long time ago) too for similar reasons.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgOJjsXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7BmwD+Kfwj8HA554yXKp356B9xHwo7ULgFoSjb8Twi4flHUkcA/12pmj3gA5HC
ch+x3e9V/HuJMjQzeb1MV1jhu4Xgm/Fy
=C8MC
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] cryptsetup some folders

2016-10-24 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/24/2016 09:53 AM, Petrusko wrote:
> Any suggestions and master's thoughts are welcome :)
I played few weeks ago with folder based encryption at an EXT4FS, but gave up - 
it won't work reliable here (hardened stable Gentoo Linux).
But maybe with kernel 4.8.x that would work ?


- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgOUM0XHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U5vbQD+N14LTbuqoW49X/9hgYd423jMjtRr3AjNM/YxreULME0A/3qJLUd7vzTr
ir+oHvvqPL3opk9pQXPAlOhYgGOUnkT7
=fWmD
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] cryptsetup some folders

2016-10-25 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/25/2016 12:03 PM, Duncan Guthrie wrote:
> 
> Having it encrypted also makes remote management an absolute pain.
Depends on - an encrypted ext4fs needs just to be decrypted after boot as I 
tried in [1].

And the use case is to avoid that the private key of the tor exit relay can be 
accessed by somebody having physical access to the hard disk.


[1] https://github.com/toralf/torutils/blob/master/unlock_tor.sh

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgPMQsXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U46ZwD+O8iItKweJ9xC90enAgEA28Q0jqBw4wN5LMtMKz0o+XEBAIdP9oe7KKBh
AX5Qf4PQ2wUKB49Ut0Il2nBKOyA0C3bs
=4jom
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] proper way to insert PGP key in torrc?

2016-11-03 Thread Toralf Förster 
On 11/03/2016 11:27 AM, Marco Predicatori wrote:
> Marco - -- 
> https://atlas.torproject.org/#details/A1D5528320F51B910C996CE9988FAFAF4780044F
> 
Advertised Bandwidth
76.8 KB/s

Not too much fun with such a lame relay I fear

-- 
Toralf Förster
PGP: C4EACDDE 0076E94E



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DoS from my tor guard VPS

2016-11-15 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 11/15/2016 09:41 PM, Arisbe wrote:
> Several weeks ago I was notified that my VPS was a source of UDP
> DoS traffic.

?
Tor is only TCP, not UDP.

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgrfh8XHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7JIwD/be8zBp+Yjmnhb+26LydnKuVC9vDSc3WZIJnuiKZORkIA/1Xc7QERc9P9
KrcYfmk6lVrHsn3KrfoQzplr0lZUS+gf
=Y3IM
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] new (?) : Average packaged cell fullness: 96.772%. TLS write overhead: 96%

2016-11-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do wonder about a log message which seems not to appear before :

==> /tmp/notice.log <==
Nov 26 20:10:45.000 [notice] Performing bandwidth self-test...done.
Nov 26 20:19:44.000 [notice] New control connection opened from 127.0.0.1.
Nov 26 20:31:13.000 [notice] Received reload signal (hup). Reloading config and 
resetting internal state.
Nov 26 20:31:13.000 [notice] Read configuration file "/etc/tor/torrc".
Nov 26 20:31:13.000 [notice] Tor 0.2.9.5-alpha opening log file.
Nov 26 20:36:23.000 [notice] New control connection opened from 127.0.0.1.
Nov 27 02:10:32.000 [notice] Heartbeat: Tor's uptime is 5:59 hours, with 41 
circuits open. I've sent 406.63 MB and received 127.30 MB.
Nov 27 02:10:32.000 [notice] Average packaged cell fullness: 96.772%. TLS write 
overhead: 96%
Nov 27 02:10:32.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 
3640/3640 NTor.
Nov 27 02:10:32.000 [notice] Since startup, we have initiated 0 v1 connections, 
0 v2 connections, 0 v3 connections, and 16 v4 connections; and received 0 v1 
connections, 1 v2 connections, 15 v3 connections, and 136434 v4 connections.


- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlg6otwXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U617AEAh8aGU0wEv3x3OlAOCLBr1HlvVWMVi3ZThqVAvdUmDEAA/2Ruu29iGmO+
zoLs+JRpCno2YSDBfnDmW/vv5qjsmA14
=M7JX
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new (?) : Average packaged cell fullness: 96.772%. TLS write overhead: 96%

2016-11-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 11/27/2016 10:16 AM, teor wrote:
> Perhaps your relay sent a lot of very small packets?
> (Interactive protocols like chat and SSH could be responsible.)

Hhm,

it is a very fresh exit (setup yesterday evening) - so that might be the reason.

(My server crashed yesterday w/o any known reason and was down for an hour. I 
decided to kick off the old data directory and use the chance to use an ext4 fs 
encrypted data directory)

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlg6p10XHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U4XGQD8DSimluYQv+fL/IvOt+zcKRVuF2XPMDahGgImwsz9yaEA/0sHLZh8mf/H
+FuEDaPYmbDP5y2KvEphQbvkP0Nqoev+
=2GZb
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] how many tor relay could run on a single machine/IP?

2016-12-02 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/02/2016 10:07 AM, Fabio Pietrosanti (naif) - lists wrote:
> I'm trying to stress some very small dedicated server with ViaNano
> and Atoms and would like to try out multiple Tor relay with AES hw 
> acceleration to see the limits
AFAIC there's a limit of 2 Tor instances per ip address.



- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhBOxgXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U6FtQD/TaQKc2okRi6QDKbrlbpJiL2U1ybYvwyoGXYTJsPwnuwA/2Az1Le6ajbL
bA8t2+1bbXTcOPWDwLZP/8sDm6nMTQa+
=NxDP
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Does the "Advertised bandwidth" correlates with the "Consensus Weight"

2016-12-12 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do wonder if the measurement of the former is somehow affected by the later ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhO0D0XHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U497gD/erm0jlydeZEl918z0Hgd15N7iLAXvvzBpIc+V76H+qgA/1jhNdamzz25
EV1UWC1ynuVhL9rSBPak0z630q1CqWu1
=wa2A
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Does the "Advertised bandwidth" correlates with the "Consensus Weight"

2016-12-13 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/12/2016 10:05 PM, teor wrote:
> h, which is one of the factors that feeds into the measured
> bandwidth.
> 
> Part of the calculation process for the consensus weight makes
> sure that this feedback converges, rather than diverging.
Ah thx,

smells like a feedback formula + weighting to ramp on new relays.


- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhP7sMXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U4TSgD/Tw7TcOZDVbBKfMGjcf/51z2wm6fXO9XsNvBtgB9vlgEA+QFD0ExdfW6L
xQQsA6+WBFqTBhZXpbrUBh9WS3FM8MR9
=MDeJ
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Graceful" Restart of Tor-Relay ?

2016-12-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/30/2016 07:45 PM, Rana wrote:
> Can you provide explicit sequence of events/commands
Try this :
pkill -1 tor

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhmrFQXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U5j1QD9FraWQSS3ryUNJswd7Nrxxqi4XmIZovWwklYuNQwLj/kBAIUwfiuNCEIL
JCp8Qhg7Y6qV7mHyFfRhutIvuEFBWPoP
=gGuN
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How can we trust the guards?

2017-01-02 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/02/2017 04:32 PM, Aeris wrote:
> Tor node selection for circuits will address this trouble and avoid you to 
> use 
> more than 1 of their nodes in the same circuit, preventing any anonymity 
> problem.
*any* sounds a little bit too optimistic IMO, but it reduces the risk of being 
deanonymized (always under the assumption of the threat model).

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhqdvMXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7jvQD/YXmvbeuG4bmj7xHSJsJsoUNcVxYhwU2s6O4oiVhyG1MA/RWDx4ail6j7
tw8X93LQvIsNiUJsQO1Rxt/0HGmOj4U0
=jfUR
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Speed up of reconnections after IP Address change

2017-01-03 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/03/2017 05:45 PM, balbea16 wrote:
> stops and then restarts the Tor service again
wouldn't be a SIGHUP enough ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhr2D4XHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U5VzAD+LhaG1aapPdSIWx+3V8wk9nt6RyatD9wBsNL4lk/goWIA/jnEiWduJnW4
E5YQRhJ6+oZveV/9VjeinpFncH2/yag4
=S1mi
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Running a relay with low transfer limits

2017-01-04 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/04/2017 07:54 PM, ike wrote:
> say less than 100GB each way per month?

$> echo "scale=2.0; 100 * 1024^3 / 31 / 24 / 60 / 60 / 1024" | bc
39.14

So you're asking, if 40 KB/sec would be the better choice ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhtU0oXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7BHAD9Expva3Yg4NCd3tfONN+vD/uAMLZz1arzbNBES9Z1ec8A/jIGI920S7+k
UhHpWBW2TXfb9nm5qEqOb+20CtYOy2lz
=7wx5
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Faravahar acting up again / "Bad Gateway" while uploading descriptor

2017-01-05 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/05/2017 10:40 PM, Sebastian Hahn wrote:
> They send notifications within 10
> minutes of the beginning of the hour.
So, if the issue happens at the 11th minute - it would appear 1 hour before 
someone noticed it ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhux/YXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U746wD+MxjXMgKl+6yNsl4M2KO6QG/VCvga6BW6Nvnxq5Eyd9oA/jXq+OJYJK/N
E86Pm89g/70ITMCn9zXVpr0mV9egn0Xt
=10Kj
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] TOR Relay performance issue

2017-01-07 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/07/2017 08:00 PM, Efthimis Iosifdis wrote:
> 
> You may also have a look at this article if it helps and in case this is
> a new Tor Relay node:
> 
> https://blog.torproject.org/blog/lifecycle-of-a-new-relay

/me wonders if this link should be added to the IRC channel topic list too.

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlhxQcMXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U6tZwD7BjyflP5pswzFy+DBH0i3/ISClQ5/1plrrNNPI7C7CxkA+gIvRwh5cQRS
nhqBBU/8wyKX+bJRN15xjeAZl6RAcNgG
=meFV
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] no ipv6 traffic from/to relays ?

2017-02-04 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Switching from 0.2.9.9 to 0.3.0.3-alpha now let 1/3 of my outgoing network 
traffic to exit ports (of my Tor exit relay) being ipv6.
OTOH there's more or less no ipv6 traffic from/to other relays.

Is this (another ipv6) bug/issue in Tor or just expected ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAliWTYAXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7R/QD+Nr4q1CHmhVKgrUrqSp/fEXCEnLnpSfO+njxRdnICbOIA+wSwB02bIOgB
mWS13po62pXdO8r3QJiiz5Q7G8ryvtkt
=1Mzz
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] no ipv6 traffic from/to relays ?

2017-02-05 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/05/2017 11:43 AM, nusenu wrote:
> IPv6 is not used for relay-to-relay traffic (not implemented yet).
Ah - thx.

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAliXipgXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U5wLwD/ZFvlecxBR+wMc4WdO3iJreQkLXfA+N0W2NZTs9CQubgA/0APyzssErzK
Dy8uNTbkJ16YF1v9Fo9GqRQX3G9aCjjb
=itRA
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] no ipv6 traffic from/to relays ?

2017-02-06 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/06/2017 09:25 AM, nusenu wrote:
> The first release with the fix for [1] was in 0.3.0.3-alpha [2].
> 
> So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially 
> increases the tor network's IPv6 exit capacity.

yes, I do now have:

incoming traffic: 20 GB/hour at ipv4 and 10 GB/hour at ipv6
outgoing traffic: 30 GB/hour at ipv4 and <1 GB/hour at ipv6

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAliY9ukXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U5HswD+JixL3EE67sBfpdwtu6TDgX2M5mVKCkPMgUKJuK4+ZmoBAI9IbHxy1GVo
O/cRIRUye3euffvBS5it7TjdXTZGiAez
=XYHi
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] What does this log message mean ? : Starting with guard context "default"

2017-02-08 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do wonder about it b/c IMO this message is new - at least for me, or ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlia5vAXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U76agD+Ottd3e1K43gdCmz9e9euSICdBFCHe4NCf+gBUA4Qn+gA/j2G7dShXQJ9
JRlIp/GoQ01bOuEuHIu9BjCD68cyosHF
=o5+D
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What does this log message mean ? : Starting with guard context "default"

2017-02-08 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/08/2017 12:19 PM, Pascal Terjan wrote:
> 
> The code seems to have been added 2 months ago, so this is probably
> expected to appear after recent updates:
> 
>  
> https://github.com/torproject/tor/commit/404e9e5611eff39866c2e45133a60b40d7492f7e
ah - and I switched to 0.3.0.3 from 0.2.9.9 few days ago, therefore I didn't 
hit this message before.

- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlibPoAXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U4NhgD+JZTSo7AlAI+kCvkDIMpSK57Kz/Msg8re25rlSLYEY1AA/jZJMMB94r5n
0KCp4C+cYFiK0TK7MQmHkx+f4/gcDzmg
=xLmd
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new Atlas feature: Not Recommended Tor Version

2017-03-04 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/02/2017 06:36 PM, nusenu wrote:
> I'd like to highlight a new Atlas feature [1]:
> 
> Atlas now displays a red "!" if the relay runs a tor version that is not
> recommended by the tor directory authorities.

I think I should repeat my IRC question here too :

[10:55]  Why does Atlas shows the "not recommended software" icon under 
"Flags" ? B/c this python snippet sjhows, that it is not a flag in the (old) 
meaning: flags = controller.get_network_status(relay=srv.nickname).flags


- -- 
Toralf
PGP: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWLsgTBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmTiAP0ZAw10DIY/+igUDzlU5CFUGYTB
G3RnmYoqYymT58efkwD/TB5cX2TEQ9z6N18NhzEMESTKa9HAq90If27bu96mbfg=
=NuqX
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] OrNetStats

2017-05-13 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 05/10/2017 08:11 PM, nusenu wrote:
> Hi,
> 
> if you want to compare your relay(s) with other operators:
> 
> https://nusenu.github.io/OrNetStats/

Cool site - thx !

IMO the column "Exit %" should be aligned wrt to the comma position and maybe 
the space between "#Relays" and "First Seen" should  be increased  - just my 
personal opinion.


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWRbM8BccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTuQLAP9qjrY0C2OnXwwg3DjFI+L9Mh2u
JLa7YrvmTB/uX6bYywD/dfvjvH8W/ZejP/9OzJUcair8jd8THq0avEI1KFkI0wM=
=p47O
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] OrNetStats

2017-05-13 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 05/13/2017 11:08 AM, Toralf Förster wrote:
> IMO the column "Exit %" should be aligned wrt to the comma position
> and maybe the space between "#Relays" and "First Seen" should  be
> increased  - just my personal opinion.

I meant it here :  https://nusenu.github.io/OrNetStats/allexitfamilies

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWRbNeBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTr9mAP9qSNTLRGg905UiGmZd4dA0hr/d
ARp5WAI66RfItdc6bAD9H4JTrdQVQ970DHSOHHrWJPN4XmVTALobEjvSKVe3qn4=
=l1w8
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] torservers.net: some exits became guards? (deanonymization risk)

2017-06-10 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 06/08/2017 02:00 PM, Paul Syverson wrote:
> It shouldn't be possible to use the relay in both positions
> simultaneously.
As long as "MyFamily" is correctly set, yes IMO.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWTvEYBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTr/kAPwNM8bukdZ6aRAfWgA9/uUbLeTj
75K6b/azt/k11t4dkwD/TrPBrlBNO9l2fY2YA1Bmugoja6IgakC4OiPT+EbyHUQ=
=pK3A
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] channelpadding_ and [warn] assign_

2017-07-03 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/03/2017 09:58 PM, Felix wrote:
> Switching to 3.1.4a might fix it ?
Doubt,
got it today too (just once till now) at 0.3.1.4-alpha


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWVqiwxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTqavAP9TMX3RPRH2thkxfHu6JE8HAreo
ih3AIHefHcLhwfNP4AD9HromYZMykGvusiqfH7forOGap2cVyK342FDshgZ42JQ=
=ZdBT
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] *.old files in ./keys are too new

2017-07-19 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do wonder, why the *.old files are newer than their counterparts:

- -rw--- 1 tor tor 887 Jul 15 21:51 secret_onion_key
- -rw--- 1 tor tor  96 Jul 15 21:51 secret_onion_key_ntor
- -rw--- 1 tor tor  96 Jun 17 21:30 secret_onion_key_ntor.old
- -rw--- 1 tor tor 887 Jun 17 21:30 secret_onion_key.old

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWW+pNRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTsBLAP91Hst68PmoK3y6e5v3xBrKqNjD
CW0a9Qn6vDj7O0EsFQD8DmPvK2xgIO6N4G2vsR+Beb5Py+CZoX93PtPBz/xVxNM=
=nECn
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor fuzzying with AFL - issues with virt mem

2017-07-23 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do fuzz test the Tor sources with AFL using the script in [1]. Today I was 
faced with the afl message : 

- - The current memory limit (47.7 TB) is too restrictive, causing the
...

Therefore I re-run this:

torproject@mr-fox ~ $ cd ~; for i  in ./tor/src/test/fuzz/fuzz-*; do echo 
$(./recidivm-0.1.1/recidivm -v $i 2>&1 | tail -n 1) $i ;  done | sort -n
140647294041983 ./tor/src/test/fuzz/fuzz-hsdescv2
210556434775808 ./tor/src/test/fuzz/fuzz-descriptor
21107188638 ./tor/src/test/fuzz/fuzz-microdesc
230618232257983 ./tor/src/test/fuzz/fuzz-consensus
272676600806400 ./tor/src/test/fuzz/fuzz-http
275960232411072 ./tor/src/test/fuzz/fuzz-diff-apply
280371168541696 ./tor/src/test/fuzz/fuzz-vrs
281200098803455 ./tor/src/test/fuzz/fuzz-iptsv2
281298748667644 ./tor/src/test/fuzz/fuzz-extrainfo
281456722575360 ./tor/src/test/fuzz/fuzz-diff

and was wondering about the bug numbers - a previous run few weeks ago gave me 
the numbers as seen in [1]:

# 40880663 ./tor/src/test/fuzz/fuzz-iptsv2
# 40880757 ./tor/src/test/fuzz/fuzz-consensus
# 40880890 ./tor/src/test/fuzz/fuzz-extrainfo
# 40885159 ./tor/src/test/fuzz/fuzz-hsdescv2
# 40885224 ./tor/src/test/fuzz/fuzz-http
# 40888156 ./tor/src/test/fuzz/fuzz-descriptor
# 40897371 ./tor/src/test/fuzz/fuzz-microdesc
# 40955570 ./tor/src/test/fuzz/fuzz-vrs

Now I do wonder, if the new linux kernel, a new AFL (changed from 2.39b to 
2.46b recently) or what else is causing this issue ?


[1] https://github.com/toralf/torutils/blob/master/fuzz.sh

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWXT0GhccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTiIAAP9ELskbZFoCyr7Ph/unDdPscZtg
YTPdO3S3Z/mLWFemUgD/a+zVQd2BV3ZTY+x92/WAQ741VN8h4DO9ee95X+hu3+w=
=pFI9
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor fuzzying with AFL - issues with virt mem

2017-07-24 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/23/2017 09:08 PM, Toralf Förster wrote:
> I do fuzz test the Tor sources with AFL using the script in [1].

Hhm, the root cause is the configure option "--enable-expensive-hardening".

Without that I can continue fuzz testing.
I do wonder, since when this configure option doesn't play well together with 
AFL ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWXZZPxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTv/EAP9vbWF0NWmtt1oE4FkvnLa2dnul
EkLkPwyT9IVQtx1KmwD9GAc7U1lhgAp1qiF02sr4h65YxlkeSgaDCxWSInolZbc=
=3J/C
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unable to get Tor exit relay to run - Ubuntu 16.04

2017-07-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Maybe you miss the option :

DataDirectory /var/lib/tor/data

?

On 07/27/2017 09:53 PM, King Queen wrote:
> SOCKSPort 0 RunAsDaemon 1 ORPort 443 Nickname kingqueencock 
> ContactInfo ROT13  DirPort 80 #
> what port to advertise for directory connections DirPortFrontPage
> /etc/tor/tor-exit-notice.html MyFamily
> ECC3599DDCFE44C3F28AE0C9DC5DE92847D3602B
- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWXpIdhccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpThQtAP4iN8KbvyiMdpKqeiUDeS2n54lP
QJrttbjz9OMsiJNNhAD+MX0vIVIl6R+a90j0LJEf6uacZ8VsqmlQ1pcTSp/YGrA=
=bzcc
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unable to get Tor exit relay to run - Ubuntu 16.04

2017-07-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/27/2017 09:53 PM, King Queen wrote:
> root@localhost:/var/log/tor# ls -al

And something like this helps too :

Log info file /tmp/info.log


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWXpI0BccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTv9nAP9w7W/YL4LNRr55RtSH5S5XUeaw
hJ++vn1IJI1cf3i15gD7BnWNe1iwn0LfDbUhEhehEN7HU91RXEJAjctVq67adfU=
=VPK3
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] network traffic gap of >=20% between inbount and outbound traffic vanished after 20th of July

2017-07-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


I do wonder, what's causing this.

As seen in the attachment since the last week incoming load matrches outgoing 
load. In the last 2-3 years I had always up to 20-25% more in- than outgoing 
traffic w/o any real clue, why.

- -- 
Toralf
PGP C4EACDDE 0076E94E
 

-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWX4y0BccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTk/LAP9y568uomJ0yF0SEr0a+YUJzRAw
wq7knHtTbxinOvdu/wD/TKrwRZznAwCKT1YIlFd4Ac+Pllz7vmtw7orY7EQ9M4M=
=pM2Y
-END PGP SIGNATURE-


Screenshot_20170730_211824.png.sig
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] network traffic gap of >=20% between inbount and outbound traffic vanished after 20th of July

2017-07-31 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/31/2017 02:30 AM, teor wrote:
> Which relay fingerprint(s)?
1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA

> Did you upgrade your Tor version?
at 30th of June to 0.3.1.4-alpha

> Is your relay a directory mirror or HSDir?
HSdir only for a short time, b/c I do follow stable kernel of Greg 
Kroah-Hartmann (typically released every 1 or 12 weeks)

> Is your relay an exit?
yes

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWX9ljRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpThP/APsG08H+vwmyimax7Iohe3ayQaHQ
FrV9328FZyKJGaZoHAD+PBXObxp4pVIfmiIYpU4QSx9p+jv/KeQpmT/Z29YG7EQ=
=XbzV
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ORSN DNS servers vs OpenNic

2017-08-04 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/04/2017 04:11 PM, Chuck McAndrew wrote:
> What are the best DNS servers to use for Privacy? I have been using

Look into [1]

Therefore I decided to use the DNS of my AS. Because AS does already see my IP, 
there'S no need to involve a third party in getting IP info too.

And I used dnsmasq to use DNSSEC, my configuration notes are in [2]


[1] https://nymity.ch/tor-dns/
[2] https://zwiebeltoralf.de/torserver.html
- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWYStYxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpToLWAP9QFobQH+wc69VlcDuEtDuhXrFn
wgFzqhq5YvU/Hb7wlgD7B/phzmlYpi5ZWLN17RhA1w0ocvQ8anRS7msyAsOExAw=
=xbcc
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] alternating consensus weight

2017-08-09 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I'm just wondering why that value is flipping 50% up and down within last 2 
weeks or so for my relay 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWYsepBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTkLIAP9PKZEbencLjP5TOm5yZmCH5+jV
xaki2sOWzVoCgicn1AD/XreAYCdZ7yZMhvw/+WuYM90BqP0Kj5u2+l/V+rXFxOQ=
=fX6e
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] blocking >1 connections per ip address onto Tor DirPort

2017-08-15 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do have the following iptables rule here :

  # Tor
  #
  dirport=80
  orport=443

  $IPT -A INPUT -p tcp --destination-port $dirport --match conntrack --ctstate 
NEW --match connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP
  $IPT -A INPUT -p tcp --destination-port $orport  --match conntrack --ctstate 
NEW --match connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP


which seems to work fine. An

$> ip6tables -nvL  

gives

14110  746K DROP   tcp  --  *  *   0.0.0.0/00.0.0.0/0   
 tcp dpt:80 ctstate NEW #conn src/32 > 1
 230K   14M DROP   tcp  --  *  *   0.0.0.0/00.0.0.0/0   
 tcp dpt:443 ctstate NEW #conn src/32 > 1

after few days so I do just like to ask here if the rules above are fine or if 
I overllooked something ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZM4sxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTqnGAQCPr7gkpaxRD3spzKp49l53A2H0
YOzXrw8G8vR8BtHZPQD+NE4Zhf7Y0w0JtKqy6E5bSowikeSJsKSDur8zxO+kf8E=
=UPak
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

2017-08-15 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/15/2017 10:57 PM, Nagaev Boris wrote:
> Hey
> 
> I am just curious: why is it needed to block >1 connections per ip
> address onto Tor DirPort?

Tor serves the "DirPortFrontPage /etc/tor/tor-exit-notice_DE.html" at that port 
and I'd like to avoid a slow responsive Tor due to a DDoS at that port.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZNn7xccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTgGuAQCGHFf0hjWZiMz4yWWgP/Xl/5bd
/q0eCkWFwmxhb0ksFAD/cPZUw8DAOHGM1vdlhZqnWpqX/Rb8AgU14nVcb9p0Kb0=
=xGHs
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

2017-08-15 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/15/2017 11:37 PM, tor wrote:
> 
> Tor also provides the directory service on the same port (unless you
> have it disabled). How do you know limiting the connections doesn't
> impact the directory service?
> 

Does a particular Tor server/client will open more than 1 connection at a time 
from to the DirPort ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZNtHxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTg97AP9cdcrZPz+bhuqv38YXAXGBIdFZ
SN7EBXIpSnRuP7j8kAD/bA5hd/Fm3ZFDkfwi+uNI8h1CN++lbGhcBChtFgu+Drk=
=BPpX
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

2017-08-16 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/16/2017 12:22 AM, Roger Dingledine wrote:
> On Tue, Aug 15, 2017 at 11:52:31PM +0200, Toralf Förster wrote:
>> Does a particular Tor server/client will open more than 1
>> connection at a time from to the DirPort ?
> 
> I think we definitely want to support that in the protocol.
> 
> I'm not sure whether it happens right now, but it might.
> 
> But preventing it from happening is likely bad.
> 
> Note that most clients use the ORPort for fetching directory
> stuff, and that's heading towards "all clients" as people upgrade
> and stop using weird configurations. So the DirPort is mainly used
> on authorities (by relays that fetch dir stuff or upload relay
> descriptors), and by auxiliary tools like stem and the various
> metrics project scripts.
> 
> If you're worried about denial of service issues on the DirPort,
> maybe the simple answer is to turn off the DirPort? I think the
> only real impact might have something to do with whether old
> clients believe that you're a usable guard.
> 

understood - removed those iptables rules


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZR6CxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTgNjAP0QUqGlvZdmppzthH85VXkS43xO
iQRyNlODzRe5Jf9TpgD+JX+/bCuuOH/qh+Jdd9GrDBJZ9uvjtQX3OKF9C+u9oKo=
=9bQM
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bwauth in testing

2017-08-16 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/14/2017 11:22 PM, Tom Ritter wrote:
> But I wanted to announce it here, both to give an update, and let the
> community take a look at its output and see if anything looks fishy.

Since few hours the BW is dropped or my exit relay from about 90,000 to 20 
accordingly to [1].
A quick check showed that few more relays are affected too.


[1] 
https://consensus-health.torproject.org/consensus-health-2017-08-16-16-00.html#1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZSeohccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTjVtAP9jnze4wzptyJvHJmEZEoXBFdik
4alXQ+93w7ITJJLmVgD/dtitebS/ASbD2e41065+z9iZALCd19qkqotRldo04J8=
=V6zw
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bwauth in testing

2017-08-16 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/16/2017 10:06 PM, Tom Ritter wrote:
> That is because gabelmoo's bwauth dropped off. Now there are only 3
> bwauths in the system, and your relay was not measured by one of them
> (faravahar). With only 2 measurements, you get kicked down to the
> default I believe.
> 
> The good news is that my bwauth measured you at 75600, which is a bit
> below the other two measurements, but in line with them. So once
> maatuska starts voting on this data you'll be popped back up.
> 
> Please bear with us while we get this sorted out! =)

Ah, thx for the info.
I was a little bit unsettled /c I changed my iptables ruleset around the same 
time where BW dropped down.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZSoXhccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTiJMAP4ub+dfutsNsy2AAh7+VXMV02w1
93Ip29pWoSSVY7W6RgEAjH13/sYtfGdNojN/k5nE5w8DAsB1FKM8DMP6d7BBpgw=
=f5qG
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay uptime versus outdated Tor version

2017-08-17 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 08/17/2017 04:24 PM, Chuck McAndrew wrote:
> Uptime used to be something to brag about. Now it just means you aren't
> regularly updating.
+1

I do usually follow the vanilla stable kernel - meaning my uptime isn't bigger 
than 2 weeks since that.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZXAMxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTkFdAP9F3POPsg83GS4edr5NLOV9kEcX
EUP0rQJuR/I109SGlAD/eRucOWT/1+fuEOWtG/2Q3MBx9AFgbnL24HwKOSXiWg4=
=83Z1
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] outdated key files in ./keys ?

2017-08-18 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do wonder if I do still need all of these files at my exit relay with verion 
0.3.1.5-alpha ?

$> ls keys/ 
 
ed25519_master_id_public_key  ed25519_signing_secret_key  secret_onion_key_ntor 

ed25519_master_id_secret_key  secret_id_key   
secret_onion_key_ntor.old 
ed25519_signing_cert  secret_onion_keysecret_onion_key.old


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZdBBxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTiqVAP0VYBto7mkqOnSirkklCU/EiiV0
CV06fXxqH8KDzW3wAwD+P/O6+gs/LEPLhP7OFo9XbgzyO2zrElusqDhPU/kSzCw=
=nzsU
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Fwd: Your TOR [sic] node

2017-09-09 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/09/2017 03:52 AM, Matt Traudt wrote:
> I just got this guy's spam too. It doesn't look like anything anyone
> said to him last month[0] stuck.
Just because never answer to a spam/troll/et al ? :-D

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWbQZJBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTqXBAP9ULM/Js+Z2HjShFYUE2dXqHy0c
s5HS8jqTDNVhTAoFXQD/T11vq3uw1MzQS+Iu27hTo5GLS61ixN3KuhCfezHNCJY=
=kMmf
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Email suggesting to send DNS requests to a specific open DNS

2017-09-12 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

FWIW
https://nymity.ch/tor-dns/

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWbhJhxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTpv2AP9kJ8gHOBENl1T1H9V8GKHNl56L
qEfOQ2e4D/k+JftAfwD/aa352QPdKmiU6zJWg5C0RKjONanuSKYG1CslOl5aegE=
=EPpP
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled

2017-09-18 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/18/2017 03:41 PM, Nick Mathewson wrote:
>   This bug can only happen when the SafeLogging option is disabled,
>   and SafeLogging is enabled by default.  If you have not disabled
>   SafeLogging, then you should be fine.

Which should not hinder everybody to upgrade, b/c affected relay admins would 
upgrade soon and therefore expose themself to run hidden services, right ?


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWcAAExccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTrElAP4if87KebrqxcIpcrhLH9804WrN
PmAxydgGlFvdr3mxCQD/TKtphCgjPWf+/A3Ybdrg92/pfzyWWzheUW9MnlH5hUk=
=Tnpf
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] bwauths doesn't reach reliable my relay

2017-09-27 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do wonder why both longclaw and Faravahar seems since few days not to reach 
my relays 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA and 
6EABEBF38CE7E3DF672C4DB01383606FE3EB2215 respectively - resulting in a bw value 
of 20.

B/c I switched to version 0.3.1.7 I do wonder if this could be the culprit ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWcwE1BccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTik4AP4ubRPDKm3jz73xGXmNAhupWarC
9pVPhRNqoD19jgpbGwD/QUnYKHIpbV4983kVMBjr9vbt2zwHRwmT0o+YMFJEVws=
=NYwf
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bwauths doesn't reach reliable my relay

2017-09-29 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/29/2017 01:59 AM, teor wrote:
> Do you have errors in your log
no, except 1 or 2 few http errors for faharvar that a consensus upload failed 
or so.

In the mean while I got a reasonable bw back.

But b/c the were 3 "outages" within a week for about 6-8 hours each I'll still 
take a look on this.


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWc5unxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTiD2AP0fXtwnQtcH/2UDI+8bqLU2i++/
EkptSlv7oVbvkS9nEAD6Alkvx2oFPRp1oM4o0B/tirPNnLsmBU+3Uqq4ELlPXMQ=
=wdKA
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bwauths doesn't reach reliable my relay

2017-09-30 Thread Toralf Förster 
-BEGIN PGP MESSAGE-
Charset: utf-8

hQQOA9vCYl42+L0WEA//VFaxE6QcaoO0VzW4rkSlbceYTu7yPgBX1u80HWJwGvVB
4Wv/Wk0YpaKl2FKQvo0tU01021f8Qf9e3cHDHeu7DcxTb6TDkOGE3M6BYZndGFz+
6d7sWe2E2kUXQQpZbjjvsjSqIE1r/OdSb2jyQnj75HkMrOsR1df0FzQ+CtnKMoyN
mKijc41Mc6Bt3lvJkdBNpbOnCiuxZWQnnow5iR+dism0uW9kIqIcc38/2jG3aiIZ
SXKcyP5hBBjygsO+YcUb1xcGVJsw/mpzd6KaBtFktp8e7SLtQj752m5DZ+C//GyT
R9Ie3cc1TrR+1c3CUM0LqWWp5xiMsuac1iHrON3sKBchVOWcdKCk09cZZsgth5rx
U8GqMrvYi7ljNMt/wcGXcLNDCFnoKrduTsZF+UjxPkpWPYhg1lBG+ehCqctEukBX
MheWQOIA7j6n0lVaJhdzC3Aaxr71xKwwY0R8kPL/15KZGDZ/lpr4z2e+BWVWkfDh
dHIUXRqd1yXglaF/VXkUW/jr7+M/kQtbXQz8+Gt3SJuq3tJilZE+dVBqDkazJk1q
7b+gHujt7osTnYEofjvChFYGpg0Chke5lToUfYSIXfmmeYCdvWJuAaago0XBIKB7
QYz8jxv7ZuMwsU7coM1Z7dcn/Bq+Qv8q0hLP2JCIblCZrLDlGaQJxk44Wx8UNbEQ
AJdfQZShS0C4mL5pycL3Wo94EcRBw6QkEUw2hlt6MzlXlWgQzBShZSlH44/EzCyA
Vxd4eZ8t4gK8j0IG1SyUDwporwR6Z176W32IemY7QewuB9wflkppBPSI7kQbkbJz
norf6p1Wv8Jl3MktYndzXnA902X5nnwGMRB5GYOvWjjCqtU0gYlyaxh9d7vySiYh
uNttxuxOfprHt1OKiHPfoj4XvJxE5Zqv+IiCXvWLfg+2itsPWvfHSuvwv+NPIag/
B2sSvK3Dc/BL6ZGBlTk2/I3RPcl17qZX6r2OFzBA3151G/NcJvHeU4BfJzbv/xc9
zhirrhrre2cwThUZDvytUmQsIZy5DolTwZ1oqQNyJj0dQivFsCwKRF4K2ji6bt1C
R+rviPKFkWXubzK3w6F/OVF9RDdn1rXfBKuSqXRueDWXoKXypcqF7OoQlUf5XNoz
I4ZkziG6SG2/eRjPSQyBQmMJgUyVbbU7IHmUmCbaNUpUdpZ+g0djzUx7qYLe2pS/
fA6niLgvLcALUtu6US6mpfkr5GJBNcoN3OfZjQJKrDZ6sjCalygSjg/ad+YmPmH0
jhvG7gBL0WQXj0Q0BYGy8FFcyvnFYT+91dHX4hPgp3UK1DXBj4YEmUr7bARvp+n0
ALXIRcwaiW7Vkq4qhZ3AyxszcjGqGL6Xo6wYbD+fQmI80sE7AZ4zfjWhNFIqjVCT
tZHkqW0JS59m90bCmvdulCumHeQlHZMY2E0SdpumdwScAhsJKLudIYxbdLDFm1wZ
Gpa7zXHQNfkb0bDXb+EpECkZIwiiCgSA1i/STCMM91jXMuf0b/5WYVrE8/j0jaAJ
geICP5DUcqJnKSDQvSbgV9q9HKzj4ga7tsnM8xU7LiyeDVEvXqjyAbGWwoQgmIdA
V6wHFmHB2Lu0x3qHcu6Vs5FmqiU3lvnr+uxqyY5fwtxr5Kwp7NXvZBDq083KUKvI
9GLU4Cr50EeDnb849Iyd8zBPdBg+XK/LGTHe6G2aMCJdDij3nb8LhH2KB+BR3q+5
IKDTuQepvtHjRrNvuwWBrY7NspZg0FhDhh/PrT+aNnFwlrQW28n+c6Hvv2YSO/Va
ow1iOPir32CqBuXNVOZFBPZuwJrck8uKEpqNKbkxRd3OolTE8KHbyFh3T8UeNrBL
2Lm711n2Qfrb9HViEitb0ehTd84u9On6Qst8BuYsqTIKXW9BO/5XeHRSaSZoND1B
A162abki/5KGxUIMW3SMZrwHyy2evZzHhlf9bd+G89NNiPtoaogIKjW3Pgp4/a24
x0byLjMW9ERYDDCedvCMS+xfNKEfVCOTw2ypQkRAQfcIXJWrAzYLdouCem5S/hxZ
I5l3euU5m8ySSRa4EyC9
=nHmX
-END PGP MESSAGE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bwauths doesn't reach reliable my relay

2017-09-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/29/2017 06:02 PM, Toralf Förster wrote:
> In the mean while I got a reasonable bw back.

And again , one relay is at bw=20 (fropm about 60,000) whereas the other (same 
hardware, just different ip and port) has bw=3000.
Both have nearly identical configs (in fact, parts of the config file are the 
same).


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iIwEAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWc/NcxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTrooAPY3bBxXN7ljV7jmoex21TGcJdxT
6e/DRO6pP+H06BkhAP4z9VIU64xzt/bENvgeFKUUH7fk9+xtaxbQK2HROJiS0Q==
=j0P7
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bwauths doesn't reach reliable my relay

2017-09-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/30/2017 06:59 PM, dawuud wrote:
> 
> btw you just wrote sent an encrypted message to a public mailing
> list. i don't see the point in doing this, maybe is was an
> accident?
> 
> On Sat, Sep 30, 2017 at 02:47:35PM +0200, Toralf Förster wrote:
> 
My fault, I just wanted to sign it, sry.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWc/NqBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTjl+AP40N/bMgIGexOm2eY4Hf5+O4kaS
BOdPRkA39FpfH5iGagD+JOWzyU64qlKlUJvT5xGg7+2br7qGjjIHd+7ttQyG9Kc=
=trx3
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking outbound 22 or no?

2017-10-05 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/05/2017 08:55 PM, tor-relay.d...@o.banes.ch wrote:
> In the end we disabled port 22. After all - any sysadmin who wants
> to have peace and ever looked a ssh config will have its listen
> port somewhere else than 22.
+1

disabled exit pot 22 here long time ago.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdan3RccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTkI2AP9XMFbHoMeF9JKXVZsWM/45AiTK
X3FqRZlSmWIlvR+iswD/UMHgiDQAKChAq6bvl3Mo+HqN9V4IvQgOEuiAuQ4ZZrk=
=Impi
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

2017-10-07 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/07/2017 07:39 PM, jpmvtd...@laposte.net wrote:
> 5) Reboot (is it necessary ?).
No, not at all. Just restart/reload dnsmasq if you change its config.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdkrfRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTocnAP0YrkDKaBbkuE3aRwJfRROKiAOx
nQP7KoP6J2YpaLYjhQD+JFyTmVTJLykpfrksuqJLqWLRBMJVOh5hpB3CkphKeGE=
=pNbC
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] spurios warning about using the nickname instead of the key

2017-10-07 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I'm wondering why I suddenly got at both of my 2 Tor exit relays 
(0.3.2.2.-alpha, running at the same machine) the following message:

/tmp/notice2.log:Oct 07 22:41:58.000 [warn] You specified a relay 
"zwiebeltoralf2" by name, but nicknames can be used by any relay, not just the 
one you meant. To make sure you get the same relay in the future, refer to it 
by key, as "$6EABEBF38CE7E3DF672C4DB01383606FE3EB2215".

/tmp/notice.log:Oct 07 22:39:53.000 [warn] You specified a relay 
"zwiebeltoralf" by name, but nicknames can be used by any relay, not just the 
one you meant. To make sure you get the same relay in the future, refer to it 
by key, as "$1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA".

when I queried the Tor status via a home-brewed Python script [1]. I do assume 
that the message is related to line 90 ot that script:

 flags = controller.get_network_status(relay=srv.nickname).flags

Because I'm using the script few times per day I do wonder why this happens 
today for the first time at all (IIRC) and just only once.




[1] https://github.com/toralf/torutils/blob/master/info.py

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdk/PxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTpf8APwO30SS3Sbn1OhzOpFoJocdhj4k
7h/h6s5c0asDdwWkfwD/aaZpaP/ds9l4N9rivQSGW40Rv1Deqhuj/5fPtVizHeE=
=8w5x
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

2017-10-08 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/08/2017 05:41 AM, Igor Mitrofanov wrote:
> Here's what I personally recommend:
> # DNS servers
> 
> no-resolv
> 
> no-poll
> 
> no-hosts
> 
> server=8.8.4.4
> 
> server=8.26.56.26
> 
> server=74.82.42.42
> 
> server=64.6.64.6
> 
> server=8.8.8.8
> 
> server=8.20.247.20
> 
> server=64.6.65.6

IMO there's absolutely no advantage of using external DNS servers.
The AS of the Tor exit Relay will already see the in and outgoing traffic.
So this will just spread out information to therd parties too w/o any 
additional security.

There're a lot of papers around that topic, eg. in [ 1]



[1] https://nymity.ch/tor-dns/


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdnYCxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTid0AP4nEna1cQ22acUjf3NmFAn7vZuk
nIrP8yFjIcFk+sbmjgD/UlS7E0boHEUDotMmplvpiWU5L/YkMofa9Zep93D76Jw=
=2LgX
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

2017-10-08 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/08/2017 09:17 AM, Ralph Seichter wrote:
> Unless you have a particular reason to use "dnsmasq", I strongly suggest
> you use "unbound" (https://www.unbound.net) instead.

May I asked, why you prefer unbound ? AFAIK there's pdns-recursor which seems 
to do a similar job, or ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdnz5BccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTsd+AP9mIQdw/4P7dJd69xtw5GuybBO+
jQemJaz4feSOHrA2/gD/Th7sSDh28edMI+y4SpzXx5ZtegD5Oqpqd/CGdiSrE8s=
=LsZX
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

2017-10-08 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/08/2017 06:34 PM, Igor Mitrofanov wrote:
> With a large-enough cache and sufficient uptime dnsmasq effectively
> becomes a mini-DNS server that stores IP addresses for the vast
> majority of sites that Tor users ever visit. 

NAK, just 10,000 addresses can be cached.

The stats of dnsmasq my exit relay shows after 6 hours :

Oct  8 18:51:17 mr-fox dnsmasq[19806]: cache size 1, 203238/1102103 cache 
insertions re-used unexpired cache entries.
Oct  8 18:51:17 mr-fox dnsmasq[19806]: queries forwarded 444146, queries 
answered locally 42117
Oct  8 18:51:17 mr-fox dnsmasq[19806]: DNSSEC memory in use 120768, max 173280, 
allocated 84

so just 10% of all DNS queries are cached, the vast majority is forwarded to 
the DNS server of my ISP.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdpYUxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTlOlAP0RNGzXHqM7blXf/TmaAagKoWW2
Gb2/YGRwC0yeZ+qOAAD+P7EN2GQ5bdpoVG4eBq17Hq3y6Qoegyh/CRyI5rZWQpc=
=Yd69
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

2017-10-08 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/08/2017 07:03 PM, Igor Mitrofanov wrote:
> Toralf, thanks for the data. Has that 10% stabilized, or is it still
> growing for your node?

No, it is rather decreasing over time.
I'm just too lazy till now to switch to another DNS cache, which has a reliable 
working DNSSEC (dnsmasq does that well AFAICT).


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdpbnxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTlY7AP4hEXFloV1HD9Wp5Gt8rvqhZxCL
dwNZOhTdIxIDwdTv4QD/fvboXG9uW0gdEUgbkhlyFcfxHwBjQZC77BJFAY7eJ6s=
=zbrJ
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] spurios warning about using the nickname instead of the key

2017-10-12 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/11/2017 10:08 AM, Dylan Issa wrote:
> Did you set MyFamily using nicknames of the key? 
> Because if nickname, change it to key is basically what it’s saying.


No,

both Tor processes share this common config file:

grep -i famil /etc/tor/torrc*/*

/etc/tor/torrc.d/00_common:MyFamily 
1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA,6EABEBF38CE7E3DF672C4DB01383606FE3EB2215


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWd+ktBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTh4NAP9uSainGjgdwBHLJMHSeNUvTOoc
uvr0Ed3XmgbB0nALwQD/fdC/CocWnBX5188foRlNLjH1olTl9pXSSQdX344tYWU=
=6rJz
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] spurios warning about using the nickname instead of the key

2017-10-12 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/12/2017 08:43 PM, Scott Bennett wrote:
>  Doessn't each fingerprint need to start with a $ character?  Otherwise
> it's just a really long nickname, right?
That entry worked fine for eons and is realized fine, eg.:

https://atlas.torproject.org/#details/1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWd/GJRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTuO3AP9tUDH5NtsF1Dlf1LhxQxnktvP0
CHBdCiiKKjAWv4IgTgD+LWAoyeoZpJuDqClaLY/CFyc7GU5qVhJczjRS3+xZC28=
=bTkD
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] hi-jacking an onion address

2017-10-14 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I do wonder how Tor handles the case that a malicious Tor relay provides the 
same onion address as another Tor relay ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeG9sRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTq52AP91qQFpcMqxFJk/o4T5M7YZLSs3
D+W/GErC/9dr30ZRJQD+INHijrLzJpRwLNU3/8Pd6ez/wgj4oUv6FA4rgh9kBP8=
=quQI
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] hi-jacking an onion address

2017-10-14 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/14/2017 09:41 AM, Jacki M wrote:
> Look at the Tor Rendezvous Specification rend-spec-v3.txt
> , the
> onion addresses that a user enter are Self authenticating, Because the
> onion address is the public key of the hidden service. 
> Roger explains this in the DEF CON talk
> here https://youtu.be/Di7qAVidy1Y?t=1124
> Thx for the links.

My questions goes rather in the direction that by this a malicious Toir could 
catch all the traffic designed for the other Tor - even without encrypting it - 
and therefore dry-ing out that Tor.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHA+hccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmLVAP45rHAQqOKrEO0c6RkLMAfq4xNC
oxMXRYmdeup757OVegD+MjrxzuC2H07Nw5LkjzLFdVSzFd9cvoIundDDavyLLIw=
=XkCV
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] hi-jacking an onion address

2017-10-14 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/14/2017 09:58 AM, Jacki M wrote:
> tor will guarantee that you’re visiting the correct website/onion
> and not allow any man in the middle attacks to occur,
Thx for clarification.

/me is reading the spec in the mean while

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHE+RccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmnEAP9GXPnmy+xZsDu5x3yJyJOt+UH+
2FQOyipu23+oxLhZiQD/RwKJi1Dq6+uAiwK6on6TPUSaBDT+jEk4lDgSEqTBCQQ=
=2vip
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AccountingMax 48 GBytes is not working

2017-10-16 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/16/2017 09:52 PM, Artur Pędziwilk wrote:
>   ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed
> 
May I asked why you enable obfs4 at an (at atlas & friends) visible relay ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeUR9BccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTq1GAQCHzmfq7Q5YCST0J/uMs4n44lbF
yO5j+sVseJHoWUEBeQD/YY+BRRN6CKY10WPztFjFjDCya5MdUtgTpfwcRwapnyI=
=898C
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] sum of consensus weight of 2 relays running at the same IP

2017-10-29 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I assumed that 2 Tor at the same ip address would get haöf of the consensus of 
the previously runnning only one Tor relay at the same hardware.
But it semes, that both Tor relays get now the same value as the one before.

Is this intended ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWfW5BRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTse3AP9waxb9fe+ECq0QyR2PkS6Tw3j1
Lc+H7UafeeuUalHJngEAg9pg1jHzZnrEir03xCQEeP9HRrtfbKCUBo/AI/40KMo=
=wt5I
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] sum of consensus weight of 2 relays running at the same IP

2017-10-29 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/29/2017 01:24 PM, teor wrote:
> Possibly.
> 
> Are the relays CPU-limited, or bandwidth-limited?

Not at all, neither limited by a config value nor by the hardware (1GBit/s, 200 
MBit/s guaranteed, i7-3930, all non-Tor processes have "nice" in front, ids are 
1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA and 
6EABEBF38CE7E3DF672C4DB01383606FE3EB2215)

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWfXJzRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTlykAPkBLZq5kyFnxdypwAm8CaT748Ii
5dhTaVfhcd/kGYnuWAD+IBFGuFQ8l9pGWz75Xg4J035vVcU1mJHyJNDx+sp7jxg=
=0tQ3
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Testers needed for Nyx beta release

2017-10-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/30/2017 08:35 PM, Damian Johnson wrote:
> Would relay operators mind giving Nyx a whirl? To give it a try
> simply ensure you have a control port available in your torrc...
> 
>   ControlPort 9051
>   CookieAuthentication 1
> 
> ... and run the following...
> 
>   % git clone https://git.torproject.org/stem.git
>   % git clone https://git.torproject.org/nyx.git
>   % cd nyx/
>   % ln -s ../stem/stem stem
>   % ./run_nyx
> 
> Thanks! -Damian

mr-fox ~ # git clone https://git.torproject.org/stem.git
Cloning into 'stem'...
remote: Counting objects: 21863, done.
remote: Compressing objects: 100% (1927/1927), done.
remote: Total 21863 (delta 1969), reused 783 (delta 629)
Receiving objects: 100% (21863/21863), 5.61 MiB | 21.29 MiB/s, done.
Resolving deltas: 100% (17332/17332), done.
mr-fox ~ # git clone https://git.torproject.org/nyx.git
Cloning into 'nyx'...
remote: Counting objects: 12723, done.
remote: Compressing objects: 100% (691/691), done.
remote: Total 12723 (delta 554), reused 265 (delta 152)
Receiving objects: 100% (12723/12723), 8.03 MiB | 32.90 MiB/s, done.
Resolving deltas: 100% (9735/9735), done.
mr-fox ~ # cd nyx/
mr-fox nyx #  ln -s ../stem/stem stem
mr-fox nyx # ./run_nyx
Traceback (most recent call last):
  File "./run_nyx", line 7, in 
import nyx
  File "/root/nyx/nyx/__init__.py", line 49, in 
import sqlite3
ImportError: No module named sqlite3
mr-fox nyx # 



:-/

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWfeGUhccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTnnxAP9OZR1lJoHj/Ksv/CTs9aj1X2xs
8NfJgK2PXHVeyYjWVgEAiFiSRpdm59zyyMFLpAD6UnPJo3qWs1iN610DATN3IMA=
=qCop
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Testers needed for Nyx beta release

2017-10-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/30/2017 09:27 PM, Damian Johnson wrote:
> Thanks Toralf! What python version are you using? Sqlite3 should be
> built in nowadays...

Oh, this is Gentoo Linux, so sqlite3 isn't built per default, only if I 
explicitely wants it by using USE= flag here I do assume - will try it.

FWIW, Python is here in version 2.7.2 and 3.4.5

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWfeMLxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTulNAP42lACLVtw55qgB7yEnpiMwOym5
DgG15zIOgwMwhR5pKAD/cc7jcQJzrh2f2rPVY9Z3S87nXhZi8izzOm8DEumgiNA=
=fW/3
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Testers needed for Nyx beta release

2017-10-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/30/2017 09:35 PM, Damian Johnson wrote:
> Ahhh, gotcha. Please let me know when you find the magic ingredient
> for sqlite3 on Gentoo an I'll add better messaging for it.
Oh, the message should be simply something like "You must emerge 
dev-lang/python with USE=sqlite"

And - it works now - Thx for developing nyx. Damian !

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWfeTMBccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpThaNAPoC9G7rhoNSBK7mQQJ0KNpI72A0
K4A09hx4jJJlhCJ5ywD/T0oRyZMV0bh/fCZimMQVZzYmItot05aWvNKFchw0kOE=
=bG+m
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Testers needed for Nyx beta release

2017-10-30 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/30/2017 08:35 PM, Damian Johnson wrote:
> Our ducks should finally be in a row for release, but this being
> a full rewrite I'd like to start with an open beta to work out
> anything I might have missed.
> 
The # of digits after the comma might be reduced: "Outbound (3414, avg: 
3275.896126452135412364):"

And if I press "m" here under Gentoo, then sometoimes I do get :

mr-fox nyx # ./run_nyx -i 29051
Traceback (most recent call last):
  File "./run_nyx", line 14, in 
nyx.main()
  File "/root/nyx/nyx/__init__.py", line 147, in main
nyx.starter.main()
  File "/root/nyx/stem/util/conf.py", line 289, in wrapped
return func(*args, config = config, **kwargs)
  File "/root/nyx/nyx/starter.py", line 94, in main
nyx.curses.start(nyx.draw_loop, acs_support = config.get('acs_support', 
True), transparent_background = True, cursor = False)
  File "/root/nyx/nyx/curses.py", line 216, in start
curses.wrapper(_wrapper)
  File "/usr/lib64/python3.4/curses/__init__.py", line 94, in wrapper
return func(stdscr, *args, **kwds)
  File "/root/nyx/nyx/curses.py", line 214, in _wrapper
function()
  File "/root/nyx/nyx/__init__.py", line 192, in draw_loop
nyx.menu.show_menu()
  File "/root/nyx/nyx/menu.py", line 203, in show_menu
menu = _make_menu()
  File "/root/nyx/nyx/menu.py", line 243, in _make_menu
submenu = panel.submenu()
  File "/root/nyx/nyx/panel/log.py", line 273, in submenu
[RadioMenuItem(opt, filter_group, opt) for opt in 
self._filter.latest_selections()],
  File "/root/nyx/nyx/log.py", line 432, in latest_selections
return list(reversed(self._past_filters.keys()))
TypeError: argument to reversed() must be a sequence


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWfeb5BccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTgaWAP9hc2D3tNmxNIok0zXLb6pYg16o
h7w4F3y0FTXp/kQvzgD/bJAxvuTR/uP/AmoXbzDOfMc/IExgd32e8BOzrp4gQYM=
=M6A2
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Testers needed for Nyx beta release

2017-11-04 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 11/04/2017 03:16 AM, Damian Johnson wrote:
> If
> I missed anything then please let me know. Otherwise I'll move forward
> with announcing our long belated release this weekend.
> 
> Cheers! -Damian
Hi,

just a minor thing:

"Menu" -> "Exit" works here under Gentoo now, but "q" -> "q" still not, after 
Ctrl-C I do get :

mr-fox nyx # cd ~/stem/; git pull; cd ~/nyx/; git pull; ./run_nyx -i 9051
Already up-to-date.
Already up-to-date.
^CTraceback (most recent call last):
  File "./run_nyx", line 14, in 
nyx.main()
  File "/root/nyx/nyx/__init__.py", line 176, in main
nyx.starter.main()
  File "/root/nyx/stem/util/conf.py", line 289, in wrapped
return func(*args, config = config, **kwargs)
  File "/root/nyx/nyx/starter.py", line 123, in main
_shutdown_daemons(controller)
  File "/root/nyx/nyx/starter.py", line 239, in _shutdown_daemons
controller.close()
  File "/root/nyx/stem/control.py", line 1083, in close
super(Controller, self).close()
  File "/root/nyx/stem/control.py", line 746, in close
t.join()
  File "/usr/lib64/python3.4/threading.py", line 1051, in join
self._wait_for_tstate_lock()
  File "/usr/lib64/python3.4/threading.py", line 1067, in _wait_for_tstate_lock
elif lock.acquire(block, timeout):
KeyboardInterrupt


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWf2YoxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTgvfAP9+E9MJQ2HZRf+rHVpG6Z2uNbvo
+ixu5gppo/nDjOTCdQD9EpO1PjqwCNokgL/lDMKDCWUJGkVGS9/PyHE1bWShPe0=
=by+g
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] handling of MyFamily for an outdated relay

2017-11-04 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Looking at his :


I do wonder how to deal with deleting all /var/lib/tor/data2/* files of a Tor 
relay and running a new one with the same config (but now different 
key/fingerprint). I added the new fingerprint to the config, which now has 3 
entries (the middle is 1 outdated):

MyFamily 
1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA,6EABEBF38CE7E3DF672C4DB01383606FE3EB2215,D11D11877769B9E617537B4B46BFB92B443DE33D

Is this the right way ? I'm asking b/c I do see now "Alleged Family Members" 
here:


https://atlas.torproject.org/#details/D11D11877769B9E617537B4B46BFB92B443DE33D

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWf3YchccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTuLJAQCAmqnYRI5y4NpShgQp7kcdSTC2
MfrsfHkH3aObifTJ1wD9ERBkJN6zAIY7usN6sPy4VfHzAjkGaMTDLoBlYRA2f1w=
=EQTO
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] handling of MyFamily for an outdated relay

2017-11-04 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 11/04/2017 05:53 PM, nusenu wrote:
> MyFamily requires mutual configuration. So if you have 3 relays you have to 
> change 3 torrc files 
nope, I included that part of the config, so just 1 file to edit ;)

> The question is probably: Why are you including 6EAB if you replaced it?
Just because it is still visible at atlas and maybe known in some other data 
sources.
So I'm unsure how to handle that,

- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWf39ZRccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpThG5AP44FxVtmasYlDXHtl+QzuEI6xo8
54I0QpB+oSt9U0zaDAD8DiiNPR/cgwUQ20Hf8BSovWDggqqNWzP7KP2s3Ij9src=
=2ic0
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

  1   2   3   4   5   >