Re: [tor-relays] monitoring the relay : zabbix?

> How do you monitor the tor relay server and the relay itself, on a remote > box? I like https://www.statuscake.com/ for this and their free plan is sufficient. I'm not affiliated with them, I just like the service. It constantly checks for a response from both the Dir and OR ports of my relays,

Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.

>> I set up my own ISP (AS28715) so I could run Tor exits etc without any >> trouble. > > Could you share a bit more about what is involved in doing that? I'd also be very interested in learning more about setting up an ISP for Tor. Is it a non-profit? How many man hours did it take (roughly) to

Re: [tor-relays] Politically correct?

Tor is not perfect and everyone would be wise to learn as much as possible about its limitations (I'd start here: https://www.torproject.org/download/download.html.en#warning). It's still a very useful privacy tool though. Snowden: "I think Tor is the most important privacy-enhancing technology pr

Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

One of my guard relays has a few entries on Oct 06 also: Oct 06 09:04:00.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. Oct 06 09:04:00.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. Oct 06 10:17:30.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZV

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@oconor: > Let me ask you a short question. Have you ever worked with IPS? Yes. Please see my later email in this thread. I have experience with Snort, Bro and proprietary IPS/IDS systems from Cisco and Palo Alto. I also worked at a university's network operations helpdesk, where we received hun

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

>> > for i in subdir/*; do ssh host mkdir -p "$i"; done >> > >> > with an ssh-agent would look pretty exactly the same to the exit node. >> >> OK, so I left out the "Permission denied, please try again." bits :) > > The exit node doesn't see that - that's the point of ssh. It can > at best look a

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

> I'm being to think there is no real solution to the problem. As long as Tor > serves its purpose of providing uncensored access to the Internet, bad guys > will always abuse it, and the operators will almost always be at odds with > their ISP. Anything we try to do to block abuse will destroy the

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@Markus Okay, so you are offended by the phrase "it's that simple". Sorry, if I could remove that sentence I would. I didn't mean to imply that running an exit was trivial or easy. Otherwise, I stand by my argument -- automated filtering or blocking is not the right answer. The co-founder of Tor

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

> You are ignoring completely reality, aren't you? No, I'm describing the status quo, how Tor already operates. "Don't run IPS/Snort on exits" has been a long standing response from the Tor folks. It looks to me like that response is essentially unchanged. _

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@Tristan: > there must be something we can do about this as relay > operators. No, we don't need to do anything. Tor has been running under these principles of uncensored access for a long time. Find an ISP that understands Tor, appreciates the nature of the service and its value, and is willing

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@Mirimir: >> IPS aren't perfect - they let some unwanted traffic through, and >> block other traffic that is totally ok. > That is an issue. But there are many exits, so eventually users should > find one that works well enough for their purposes. Re-read what you said and think about this fr

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

@keb: > It is not our problem if someone uses > the telecom network to read/write data to a vulnerable server - it is > the vulnerable server's problem to fix. Sounds great, but this is not how it works in the real world. > The ISP (and Tor network) are > only responsible for delivering the pa

Re: [tor-relays] Question about relay speed

You could also turn the old relay into a bridge. I've read that low bandwidth machines are often better serving the network as bridges, although I don't know what the cutoff value for "low bandwidth" is in this case. ___ tor-relays mailing list tor-relays

Re: [tor-relays] help #3

Have you double-checked the ulimit was applied correctly? Including making sure it's applied to the user account running Tor? Here's how I do that on Ubuntu/Debian, assuming the user account is "debian-tor": sudo su debian-tor --shell /bin/bash --command "ulimit -Sn" sudo su debian-tor --shell

Re: [tor-relays] log message: [WARN] Failing because we have X connections already.

> I'm limited to 1360 tcp sockets. That's really bad for a Tor node, and I'm not sure you'll be able to work around it effectively. Even my non-exit nodes routinely have 7000 - 8000 established sockets. ___ tor-relays mailing list tor-relays@lists.torpro

Re: [tor-relays] Node families and guard flags

The Advertised Bandwidth is is significantly lower on TorRelay02HORUS too. Let me quote teor from another recent thread, I think the same info is helpful here: -- begin quote -- Your relay reports a bandwidth based on the amount of traffic it has sustained in any 10 second period over the past da

Re: [tor-relays] tomhek - the (new) biggest guard relay operator

Yep, there's no enforcement or extra billing for network traffic... at all. They have said this will change in the future. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor and Diplomatic Immunity

The whole idea doesn't sit right with me. For one, I'm not sure I'd want any more Five Eyes entities running Exit nodes. Most embassies are already a haven for espionage activity. You'd pretty much have to assume they'd be sniffing the exit traffic. Also, with all the other priorities, I kinda do

Re: [tor-relays] Guard vs Exit Bandwidth

Don't forget that some traffic enters through guards but lands on hidden services, skipping Exits. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

Chad, > 1) anyone can create packages for others without review, 2) security is better These two concepts seem fundamentally at odds. Perhaps I have misunderstood you. How would unreviewed code be better for security? ___ tor-relays mailing list tor-rel

Re: [tor-relays] #torstrike

Well said grarpamp. > there are plenty of other already existing, interesting, and > upcoming anonymous overlay networks for transporting IP, messaging, > storage and so on. Mind sharing some names here so I can research further? ___ tor-relays mailing

Re: [tor-relays] Accounting and the 'Stable' flag

> I just want to make sure that... the ISP is not throttling traffic without > notification. Yeah, that's a valid concern. Aside from running through some of the M-LAB tests (https://www.measurementlab.net/tests/), it can be hard to predict or detect this. Another issue that can crop up is poor

Re: [tor-relays] Accounting and the 'Stable' flag

@Ralph https://blog.torproject.org/blog/lifecycle-of-a-new-relay It is normal to experience a dip in traffic. Just keep the relay running and let things play out. It can take weeks for utilization to peak. ___ tor-relays mailing list tor-relays@lists.to

Re: [tor-relays] #torstrike

I'm not switching off my relays. I'd prefer to leave the politics to other people. > Fact: The investigation done by Tor Inc, was run by the primary accusers > of Jacob Applebaum. Citation needed. ___ tor-relays mailing list tor-relays@lists.torproject.

Re: [tor-relays] relay on a vps not exclusively used for tor?

>> > Most AUPs ban the use of programs designed to use 100% CPU >> >> A well-utilized Tor node will max out CPU... > > Mine hasn't. It peaks at about 30%. It can't even hit the 150Mbps limit I > set. Let me rephrase it then: a well-utilized Tor node _can_ max out CPU. I have two guard/middle nod

Re: [tor-relays] relay on a vps not exclusively used for tor?

> Most AUPs ban the use of programs designed to use 100% CPU A well-utilized Tor node will max out CPU... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Guard Flag without stable Flag

Looks like the guard flag already fell off. In any case I wouldn't worry about this. I think clients probably wouldn't choose a guard without the stable flag? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin

Re: [tor-relays] Web server and TOR bridge at same IP:port

I don't think you will be able to bind two daemons to the same TCP port (443). Maybe you could have something else listening on TCP port 443 and passing the requests onto both places? You might be able to put a single reverse proxy in front on that port, and have that proxy send the requests to t

Re: [tor-relays] Pi3 mid relay dropping lil bit of packets

Counter-point... transmission errors are not a certainty: RX packets:323526978271 errors:0 dropped:0 overruns:0 frame:0 TX packets:249565709357 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:285274358053849 (285.2 TB) TX bytes

Re: [tor-relays] High speed Tor relay advice

Hi i3, Thanks for running relays! Agreed you will want to run multiple instances to make the most of your host. The Xeon E5-2620v3 does have AES-NI, which is good. Other items to consider: - On most linux/unix systems the ulimits will be set too low by default. On debian-like linux, higher limi

Re: [tor-relays] How to exclude a CDN ?

You could probably enumerate most (if not all) of the subnets for Akamai or CloudFlare or $InsertCDN, but blocking all of them seems like it would be terrible for Tor users since they host so much of the web at this point. So yeah... I think you're out of luck.

Re: [tor-relays] Any security tips on running a TOR relay?

P.S. Tristan, here's the explanation from that mailing list... just in case people can't access the link or it goes away: "Yes, it has everything to do with those flag bits. For TCP connections, Linux tends to use a "half-duplex" close sequence where either side of the session can initiate connect

Re: [tor-relays] Any security tips on running a TOR relay?

Hey Tristan, > Any ideas what in-addr.arp is Yes, this is the standard format for reverse DNS lookups for IPv4 addresses. I'm not sure what command(s) you were using, but in-addr.arpa is an expected result (or intermediate step) of doing something like "host 8.8.4.4" on Linux. The IP octets ar

Re: [tor-relays] Any security tips on running a TOR relay?

That's my setup as well. My UFW looks like: To Action From -- -- 80/tcp ALLOW Anywhere 443/tcpALLOW Anywhere xxx/tcp ALLOW Anywhere I have my DirPort set

Re: [tor-relays] Any security tips on running a TOR relay?

Tristan: yep, I was assuming a non-exit. Although sure, you can block incoming traffic without affecting outbound traffic with a stateful firewall like iptables. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-

Re: [tor-relays] Any security tips on running a TOR relay?

I'd say the normal server hardening precautions apply. Off the top of my head: - keep software/packages up to date - only use public-key authentication for ssh / disable password-based auth - optionally change the ssh port (it just avoids the worst of the port scanning / brute force attempts) - li

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

Sorry, I didn't understand that your daemon didn't restart after the upgrade. I ran through the upgrade on 2 relays, and apt started the service post-upgrade on both. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

> When upgrading, all running tor instances are stopped (not restarted, as expected) > syslog shows: > Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now. > Clean shutdown finished. Exiting. > (problem is reproducible) I just ha

[tor-relays] is explicit DirPort needed anymore under Tor 0.2.8.6?

The release notes for Tor 0.2.8.6 have this tidbit about the DirPort: "Previously only relays that explicitly opened a directory port (DirPort) accepted directory requests from clients. Now all relays, with and without a DirPort, accept and serve tunneled directory requests that they receive throu

Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets

It's related to /proc/sys/net/ipv4/tcp_max_orphans "Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed." So, I'd start by checking the value of tcp_max_orphans (with "cat

Re: [tor-relays] switching between exit and guard

Seems like a bad idea. Among other issues, I kinda doubt Digital Ocean is gonna be any happier. They'll still get abuse emails half the month, right? Do you think that's gonna make them like... half mad? ;-) Just run a good guard there full time and find a better home for the exit.

Re: [tor-relays] Best bandwidth setup for exit node

How do the bandwidth authorities treat a hibernated relay? Does hibernation effectively lower the consensus weight (CW)? If so, and even if the lower CW is temporary, would it then take longer for the CW to climb back up once the relay is out of hibernation? IMHO it seems simpler to just throttle

Re: [tor-relays] wubthecaptain1 relay is no longer an exit

> IMO it is not necessary to open all 65535 ports, 1 or 2 dozen > are enough to cover a majority of the needs of the users. For a minimal exit, you really only need "at least two of the ports 80, 443, and 6667" to qualify. Ref: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2133 ___

Re: [tor-relays] BoingBoing Says Running Exits Is No Trouble re: LEA

Except the operators at BoingBoing have the privilege of corporate liability (instead of personal liability), and very likely corporate counsel (i.e., a nice legal team) as well. It seems easier to say "don't worry about it, it's not really a problem" from that perspective. For the average Tor vo

Re: [tor-relays] suspicious "Relay127001" relays

> It's up to directory authority operators to deal with > suspicious/rogue/misconfigured relays by marking them as > invalid/rejected/badexit. So... what's going on in this particular case and what are the directory authorities going to do, if anything? As a relay operator near the top of the CW

Re: [tor-relays] which DirPort should be advertised ?

See: https://lists.torproject.org/pipermail/tor-talk/2016-January/040074.html My takeaway is that there's little point to setting an IPv6 DirPort at this point. Clients will rarely connect to it, and relays won't connect to it at all. Furthermore, "In 0.2.8, clients assume that the IPv6 DirPort is

Re: [tor-relays] arm and non-default control port

>> don't run arm as the tor user > Does this apply only to Debian, or Linux in general? Linux in general. It's really just a matter of giving the process the least amount of privilege necessary. ___ tor-relays mailing list tor-relays@lists.torproject.o

Re: [tor-relays] arm and non-default control port

> don't run arm as the tor user, Roger tells you why: > https://lists.torproject.org/pipermail/tor-relays/2016-May/009259.html Interesting. I didn't know this, and I've always used "sudo -u" as well. Thanks for sharing. For the archives, the link above ultimately leads here: https://www.torproj

Re: [tor-relays] Usability Improvements for Atlas (was Re: Globe is now retired)

> What would be handy with dozens of VPSs would be to control them as one > for numerous things. Do you know of anything which does that from Windows? This is "server automation". Ansible, Chef and Puppet are popular solutions. Ansible seems to be popular for Tor relays, with several existing pl

Re: [tor-relays] Usability Improvements for Atlas (was Re: Globe is now retired)

A server monitoring tool. :-) https://www.google.com/search?q=server+monitoring There are many good options. I like StatusCake because they have a free tier which does everything you'd need for monitoring Tor relays. You can have it verify the fingerprint of your relay (via the information expose

Re: [tor-relays] Usability Improvements for Atlas (was Re: Globe is now retired)

> I meant, since I have a number of relays, for Atlas to tell me which ones > are not going without having to look into each in detail first. As far as I can tell, relays that are not running are not included in the search results. You'll only see relays that are active in the consensus. I'm not

Re: [tor-relays] Usability Improvements for Atlas (was Re: Globe is now retired)

> On a relay's page could you show whether it is running or not? That information is already there. Look under "Current Status" on the right; it shows both "Uptime" and "Running" (as true or false). ___ tor-relays mailing list tor-relays@lists.torproject

Re: [tor-relays] Usability Improvements for Atlas (was Re: Globe is now retired)

Minor issue: there's no need to have the Show XXX entries dropdown on the "Top 10 Relays" page (https://irl.github.io/atlas/#/top10) since it's designed to show only 10. In fact changing the selection does nothing. On Wed, Jun 29, 2016 at 1:05 PM, Iain R. Learmonth wrote: > Hi All, > > On 29/06

Re: [tor-relays] DDOS

I have relays on Digital Ocean as well, and occasionally get the same emails. Notice the contradiction in the email: "Once the attack subsides, networking will be automatically reestablished to your droplet. The networking restriction is in place for three hours and then removed." Which one is it

Re: [tor-relays] Tor Weather has been discontinued

As I already said 4 days ago in this thread, all indications are the t-shirt program is no longer active. It turns out one of the other things that takes time and effort is keeping the website up to date! If someone here really cares about the false promise of t-shirts, that person could submit a

Re: [tor-relays] Tor Weather has been discontinued

Do you guys really run relays just for the t-shirt? Aren't there more important reasons to run a relay, like serving the community, being an advocate for privacy, and acting against surveillance and censorship? Is this t-shirt issue *really* a problem that needs to be solved? The Tor Project has m

Re: [tor-relays] Tor Weather has been discontinued

The T-shirt incentive for relay operators is gone, as far as I know. If you donate $100 or more here you can pick a T-shirt as the gift: https://www.torproject.org/donate/donate.html.en There are many alternative ways to monitor the health and uptime of your relay. I like https://www.statuscake.c

Re: [tor-relays] Questions on traffic differences between two Exit relays in two different locations

I've found that utilization and consensus weight of relays is highly variable, and the causes aren't always easy to pin down. There are a lot of factors that can contribute. A few off the top of my head: - CPU performance. AES-NI helps here. It seems unlikely this is your issue if your CPU utiliza

Re: [tor-relays] Question on warnings

Hi. Thanks for running a relay. These notice messages are from the monitoring tool Arm, and should not affect the Tor process. If you don't care about Arm and Tor seems to be working okay otherwise, you could safely ignore these messages. In case you want to look into them further, I'll share some

Re: [tor-relays] TOR router install without access to root

@Paul: sure. Nils pointed out that a lot of relays using the same hosting provider could be an attack vector, because the provider would be a single point where all the relays' secret keys could be collected. My point is that if you look at the AS (Autonomous System) Number, it's normally the same

Re: [tor-relays] TOR router install without access to root

@Nils Tor path selection avoids using relays from the same /16 subnet, and I thought it considered the Autonomous System (AS) as well. However now I'm not finding concrete evidence that path selection looks at AS. I found some older academic papers on the subject [1], but nothing in the current sp

Re: [tor-relays] Monitoring multiple relays

I use a third-party monitoring service to monitor the Dir and OR ports of all my relays. It's especially useful now that Tor Weather isn't maintained. The service constantly checks for a response from both ports, using several monitoring endpoints around the world, and notifies me of any downtime.

Re: [tor-relays] Port scanning via exit node

There's really nothing to do. Based on the limited logs, it looks like someone was just looking for open TCP port 22 (ssh). You can't really block the scans by source since you don't know the source address (because Tor). You could prevent connections to port 22, but that would prevent everyone els

Re: [tor-relays] What's this Abuse

I'm questioning the competency of the ISP for several reasons. 1) They should be clear in communicating about whatever they view as abuse. Just telling you to "stop" without explanation is unprofessional at best. 2) This doesn't even look like abuse worth reporting (i.e., "welcome to the Internet")

Re: [tor-relays] Handling possible abuse requests

P.S. https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Handling possible abuse requests

You should start with the FAQ, if you haven't already seen it: https://www.torproject.org/docs/faq-abuse.html.en The topic has been addressed many times on the list as well, so I'd suggest searching the archives. You can easily do that via Google with a search like: abuse site:lists.torproje

Re: [tor-relays] tor buddy is not checking

Not sure why anybody would need that script, but if you're asking about the error, you'd likely need root access to modify ulimits. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relay

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

> The likes of GRC.COM make you think that any port not blocked... is bad. > I wondered why if nothing there Because there is a difference between a closed port and a filtered port. Deny vs drop. The less of a fingerprint you offer to attackers, the better. It's security by obscu

Re: [tor-relays] Using your own Relay as Entry Node

I'd say it's a tradeoff. You may have more trust of your own entry guard, but you're losing the benefits of guard rotation and possibly making it easier for de-anonymizing attacks to occur. From the man page: "We recommend you do not use these — they are intended for testing and may disappear in fu

Re: [tor-relays] Entry Node Problem

> EntryNodes (Myfingerprintgoeshere) > Is this the correct syntax? Remove the parentheses. Comma separated. Ex: EntryNodes TorGuard01,TorGuard02,TorGuard3 https://www.torproject.org/docs/tor-manual.html.en > "EntryNodes" section ___ tor-relays mailin

Re: [tor-relays] DDoS on middle nodes?

One of my non-exit relays was knocked offline by a DDoS on April 10th. It's happened before to another relay as well. My provider isn't especially helpful when it happens. They basically just disable traffic to the node for 3 hours. ___ tor-relays mailin

Re: [tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

Who said Tor was against the police? The fact is, in the United States, the FBI and other law enforcement agencies have been known to plant malware, modify hardware, etc., in order to maintain persistent access to machines they wish to monitor. Whether or not you think this is valid in some cases

Re: [tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

@ Tristan re: "What happened to "innocent until proven guilty?" Please note I already said "This particular case is perhaps not so clear cut" @ Markus re: "How do you know a exit server is compromised?" You don't always know. With any skill on the attacker's part, you will NOT know. Still, sometim

Re: [tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

> Of course, but what would they make of it? They might have 200 > perfectly legitimate Tor nodes already, making a blacklist > absolutely useless. So we should do nothing? This logic makes little sense. The directory authorities already have blacklist capabilities, and add known malicious relays

Re: [tor-relays] routing script

> I spoke with an VPN provider and > they are okay with routing tor traffic over their VPN as long I have > exit rulez etc. The only thing I need is a routing script for Debian > to route all the Tor traffic over the VPN. Anyone can help me out with If I understand correctly you are hoping to set

[tor-relays] DDoS attack on relay

My hosting provider alerted me of a DDoS attack on one of my relays. It started around 2016-01-26 12:42 UTC. They claim they tried "filtering, routing, and network configuration changes" to mitigate the attack, but as a last resort they temporarily disconnected the host from the network for 3 hours

Re: [tor-relays] Debugging my small relay

Is there really a reason to continue running this relay, even as a bridge? It has a consensus weight of 9. Before the upgrade and subsequent fingerprint reset, it was only at cw 16. The mean middle probability fraction was 0.000103%. The mean on the read/write was less than half a kilobyte per seco

Re: [tor-relays] Very unbalanced inbound/outbound connections

"I see a little bit more than twice as much inbound than outbound connections on my (non-exit, non-guard) relay [0]." "looking at the graphs in atlas (as well in arm) shows no significant (= something like twice as much) difference between the inbound and outbound traffic" I'm not sure if you mea

Re: [tor-relays] Allow user to provide feedback?

Typically users are routed through multiple relays (guard, middle and exit), so the proposed feedback would really be a generic "this circuit is slow" signal, which doesn't help narrow down the problematic relay. ___ tor-relays mailing list tor-relays@lis

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

> Weasel and velope on #tor-project suggested that I remove DNSCrypt > entirely and let Unbound be a recursive resolver against the root DNS > servers, which I have now done. Jesse would you mind sharing how you configured this? ___ tor-relays mailing l

Re: [tor-relays] uptime "algorithm"

I'm not sure why operators care so much about the HSDir flag. It naturally comes and goes. Try not worry about it. :) I've noticed that it can take 30+ minutes after a version upgrade before the directory service on my nodes is fully responsive again [1]. I'm not entirely sure what's happening in

Re: [tor-relays] Custom bandwith for different time ranges

> any of these are very likely to wreck your consensus weight situation >From a Tor user's perspective, if a relay is periodically dropping to 250 Kb/s, a low consensus weight for that relay is probably a good thing. ___ tor-relays mailing list tor-relay

Re: [tor-relays] Actions required after update?

> is there any action required for somebody running the relay > on a pretty bog-standard Ubuntu 12.04 Linux dedi? > other than sudo apt-get update && sudo apt-get dist-upgrade There is a new OfflineMasterKey feature you can read about here: https://lists.torproject.org/pipermail/tor-relays/2015

Re: [tor-relays] Tor Weather not working?

I just received the Tor Weather notifications. They were over 2 days late. The email headers show Tor Weather just sent them, and it only took a few seconds for Gmail's MX to receive and accept. I.e., the delay appears to be somewhere on the Tor Weather server side. ___

Re: [tor-relays] Tor Weather not working?

It seems to be working at least some of the time, as I did receive a notification to the same email address for another node, back in mid-October. If it's not maintained and not expected to work reliably, it should be taken down. I have a hard time believing this is the case though. __

[tor-relays] Tor Weather not working?

I took a relay offline 2 days ago and still haven't received a notification from Tor Weather. The preferences page confirms everything is configured, but yet, it doesn't seem to be working for me. I checked the spam folder. Is there someplace to file tickets for this, or some other contact info for

[tor-relays] unlisted exit relay

While visiting https://torstatus.blutmagie.de/ in Tor Browser, I noticed it wasn't detecting the exit node I was being routed through as a relay. Curious, I tried looking up the same IP in both Atlas and Globe, but neither knows of a relay at this IP. The IP of this exit is 104.156.228.115. What s

Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

> The authorities should be rejecting the relays > dropping their traffic soon, I assume now they're > trying to contact the operator before doing that Is there somewhere we can follow the conversation and decisions of the authorities when there are incidents like this? IRC? Another mailing list?

Re: [tor-relays] HoneyPot?

> I cannot imagine how any TOR operator would block encrypted services > and not be what most reasonable people consider a "Bad exit". It turns out this "HoneyPot" node is NOT blocking encrypted services. They allow ports 443, 993, and other encrypted services. Unfortunately that line of the exit

Re: [tor-relays] HoneyPot?

> BTW the exit policy includes 443. My mistake. I didn't realize the policy view on Atlas is truncated. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] HoneyPot?

(Oops, sorry, an errant keyboard shortcut sent the email too early.) Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 but not 993), but that alone isn't enough to g

Re: [tor-relays] HoneyPot?

Mirimir: aside from the nickname, do you have any reason to believe it was out of the ordinary? The exit policy mostly only seems to allow non-encrypted services (80 but not 443, 143 On Thu, Oct 29, 2015 at 1:22 PM, Mirimir wrote: > Anyone know what HoneyPot was/is? > > > https://atlas.torprojec

Re: [tor-relays] MyFamily format

The correct format for MyFamily is documented here: https://www.torproject.org/docs/faq.html.en#MultipleRelays I'm not sure how important it is to set at this point though? https://trac.torproject.org/projects/tor/ticket/6676 ___ tor-relays mailing list

Re: [tor-relays] too many circuit creation requests

> # lsof -Pn | grep "^tor" | grep ESTABLISHED | wc -l > 3169 > # netstat -nt | wc -l > 1599 These values are normal for a relay; exactly what I'd expect from a Pi. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/

Re: [tor-relays] Faravahar messing with my IP address

Sina, the ticket 16205 regarding incorrect IPs coming from Faravahar is 5 months old [1]. Have you had a chance to look into the possible explanation Nick Suan mentioned earlier in the thread? It's not exactly confidence-inspiring to see multiple unresolved tickets about Faravahar going back seve

Re: [tor-relays] Faravahar messing with my IP address

I see this from time to time as well. Here's another example: Oct 17 23:02:44.000 [notice] Our IP Address has changed from 52.64.142.121 to [CORRECT IP]; rebuilding descriptor (source: 86.59.21.38). 52.64.142.121 appears to be an instance on Amazon's EC2. I don't run any nodes on EC2. 86.59.21.

Re: [tor-relays] ntpd problems explanation

"ntp/time sync peculiarities in relays" Can you please elaborate? I may have missed an earlier discussion, and a quick Google search isn't providing too much help. I found the ticket below, which is interesting reading, but I'm not sure what specific peculiarities you're referring to. https://tra

Re: [tor-relays] TCP: too many orphaned sockets

> On the new VPS I get the following message (from time to > time lots of them): > "kernel: [XX.XX] TCP: too many orphaned sockets" I'd look at "net.ipv4.tcp_max_orphans". Some VPS providers add their own defaults to /etc/sysctl.conf, so you might want to check there and see if it's alre

Re: [tor-relays] Tools for managing multiple relays

Due to the variance of performance of VPS instances, the last time I decided to add another single relay, I turned up 4 instances, waited a few days to see which one performed the best, then shut down the others. This only cost a few extra USD, at most, and greatly improved the value of the remaini

Re: [tor-relays] Tools for managing multiple relays

> An alternative to Puppet or Chef (and I'm a fan of both) would be > Ansible; it's much simpler to pick up, and uses SSH to connect to > machines to manage them -- no master server needed. You just changed my life. I just hadn't looked into Ansible yet. It took about 5 minutes to setup, and seem

  1   2   >