Re: [tor-relays] CVE-2015-7547 Tor network stats

Based on the exploit, aren't, at most, only the exits vulnerable? I didn't think middles would do any DNS resolving. Those like me running debian and putting off doing a reboot might find needrestart (package of same name) and checkrestart (package debian-goodies) useful. On Tue, 23 Feb 2016, at

Re: [tor-relays] CVE-2015-7547 Tor network stats

> you say that 64% of the guard relays and 51% of the exit relaysare are > unpatched ? These numbers are not based on relaycount but on guard/exit probability (so it takes a relay's contributed bandwidth/consensus weight into account). If you are more interested in relay counts: 3754 out of 7268

Re: [tor-relays] CVE-2015-7547 Tor network stats

Louie Cardone-Noott: > Based on the exploit, aren't, at most, only the exits vulnerable? I > didn't think middles would do any DNS resolving. I didn't mean to imply that tor does the relevant DNS lookup but most servers will do DNS lookups at some point (even if not caused by tor). signature.as

Re: [tor-relays] CVE-2015-7547 Tor network stats

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Louie Cardone-Noott: > Those like me running debian and putting off doing a reboot might find > needrestart (package of same name) and checkrestart (package > debian-goodies) useful. Under Gentoo "lib_users -s" is a useful command IMO to see if a in

Re: [tor-relays] CVE-2015-7547 Tor network stats

Op 23/02/16 om 22:10 schreef Toralf Förster: > Louie Cardone-Noott: >> Those like me running debian and putting off doing a reboot might find >> needrestart (package of same name) and checkrestart (package >> debian-goodies) useful. > > Under Gentoo "lib_users -s" is a useful command IMO to see if

Re: [tor-relays] CVE-2015-7547 Tor network stats

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23.02.2016 22:12, Tom van der Woerdt wrote: > Op 23/02/16 om 22:10 schreef Toralf Förster: >> Louie Cardone-Noott: >>> Those like me running debian and putting off doing a reboot >>> might find needrestart (package of same name) and checkrestart >>>

Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers

I guess another reminder doesn't hurt since Google is still the most prevalent DNS server on the tor network, accounting for ~25% of tor exit bw. https://nymity.ch/dns-traffic-correlation/img/top-exit-resolvers.png https://lists.torproject.org/pipermail/metrics-team/2016-February/78.html

Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers

That link almost makes it seem like we shouldn't use any public DNS servers. Can you reliably run an exit server on just a local resolver? I have Unbound, OpenDNS, and Google DNS on my exit relay, and I still get "all nameservers failed." Also, does this apply to Orbot? Because the latest update c

Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers

Try https://www.opennicproject.org/ On Dienstag, 23. Februar 2016, 19:16:30 Tristan wrote: > That link almost makes it seem like we shouldn't use any public DNS > servers. Can you reliably run an exit server on just a local resolver? I > have Unbound, OpenDNS, and Google DNS on my exit relay, and

Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers

Same for me Tristan.  It's becoming a problem here.  My last notices.log.gz was over a meg in length.  About 40,000 pages per month on a small exit.  Most entries were dns related. Larry On 2/23/2016 5:16 PM, Tristan wrote: That link almost makes it s