-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/23/2017 03:10 AM, Dave Warren wrote:
> One note, 9.9.9.10 does no filtering, but sadly also doesn't enforce
> DNSSEC. It has the same privacy policy and similar.
The former is good, the later not a problem, b/c DNSSEC validation has to be
made
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/12/2017 11:54 AM, teor wrote:
> I assume the operator is aware and is working on a fix.
There're since months errors logged here for that machine. I decided to ignore
all errors from that machine.
- --
Toralf
PGP C4EACDDE 0076E94E
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/14/2017 11:08 PM, Sebastian Hahn wrote:
> If you don't want to run an Exit relay, set ExitRelay 0.
Not needed IMO - I'm under the impression that nowadays with recent Tor
versions a user must opt-in to configure Tor to be an exit.
- --
Toral
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/11/2017 11:20 PM, teor wrote:
>
> We're working on having better support for IPv6 across Relay Search and
> consensus health.
At my 2 relays (1AF72E8906 and D11D1187776) I have both ipv4 and ipv6 activated.
The load is about 1.5 TByte/day. 30
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/15/2017 10:38 AM, Ralph Seichter wrote:
> My relay uses Gentoo Linux kernel version
If you run a Gentoo system then take a look at this file :
# cat /etc/conf.d/tor
#
# Set the file limit
rc_ulimit="-n 3"
- --
Toralf
PGP C4EACDDE 0076E9
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/15/2017 11:46 AM, teor wrote:
>
>> On 15 Dec 2017, at 21:09, Toralf Förster wrote:
>>
>>> On 12/11/2017 11:20 PM, teor wrote:
>>>
>>> We're working on having better support for IPv6 across Relay
On 12/17/2017 10:24 PM, teor wrote:
> Using 256 per IP is probably reasonable.
Is this a rather arbitrary limit or does this limit fit the use of NATed
addresses entirely ?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
__
On 12/18/2017 11:10 PM, teor wrote:
> The number of active connections that can be NATed per IP address is
> limited by the number of ports: 65535. (Technically, it's 65535 per
> remote IP address and port, but most NATs don't have that much RAM
> or bandwidth.)
>
> Also, genuine users behind a NA
On 12/16/2017 04:35 PM, tordoswitchhun...@airmail.cc wrote:
> -A torrelayfilter -s 198.7.59.194/32 -p tcp -j REJECT --reject-with
> tcp-reset
Why not DROP ?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor
On 12/20/2017 04:39 PM, x9p wrote:
>> My relay B33BFA9AA0005730C1C0E8F7E6F53CF3C5716BD6 is not currently
>> tagged as Guard, and I am seeing more than twenty IPv4s with more than
>> 10 connections, and one with 147. Should that be considered normal for a
>> non-guard relay?
>>
>> Cheers,
>>
>> --
On 12/21/2017 06:33 AM, Conrad Rockenhaus wrote:
> Hello,
>
> One of the relays that I brought online yesterday, ConradsAWSExit (Hash
> 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the
> IPv6 OR is unreachable.
Just a guess:
IPv6 needs ICMPv6, so you should have somethi
With 0.3.2.7-rc the command
/usr/sbin/iftop -B -i eth0 -P -N -n -m 320M
showed every then and when (few times in a hour) for 10-20 sec a traffic value
of nearly 0 bytes for the short-term period (the left of the 3 values).
Usuaally I do poberve between 6 and 26 MByte/sec.
With the Tor vers
On 12/22/2017 03:48 PM, David Goulet wrote:
> Are you on BSD or Linux?
I do run a stable Gentoo hardened Linux with latest kernel (4.14.8 currently)
and LibreSSL-2.6.4.
OTOH I was informed by my ISP that the server is being under attack currently -
will observe its behaviour over the next days.
On 12/31/2017 01:36 PM, starlight.201...@binnacle.cx wrote:
> first it was hit with a DDOS packet-saturation blast calibrated to overload
> the network interface but not so strong as to trigger the ISP's anti-DDOS
> system (which works well); the first attack had little effect. Then within
> tw
On 01/10/2018 06:39 AM, teor wrote:
> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent
> --set
> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent
> --update --seconds 60 --hitcount 100 -j DROP
What's about the following approach;
IPT="/sbin/i
On 01/11/2018 02:10 AM, teor wrote:
> We allow 2 relays per IPv4 address, and each relay makes 1-2 connections
> to each other relay. (Or more, if the connections start failing. This is
> a bug we want to fix.)
>
> So if you're going to do this, please set a much higher limit than 2.
> I would sug
On 01/11/2018 02:10 AM, teor wrote:
> As far as I can tell, this single rule has the same effect:
Even if " -P INPUT DROP" is et ?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-
I do wonder why
$> scripts/maint/updateFallbackDirs.py check_existing
tells
$> WARNING::1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA not a candidate:
changed address/port recently (2017-10-22 07:00:00)
But 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA didn't changed it address/port
since
On 01/16/2018 11:15 PM, teor wrote:
> * it stops publishing an IPv6 ORPort or IPv4 DirPort,
> for one or more consensuses, even if it changes back.
Ick, that was it.
There was an attempt by me to close ports 80 and 443 of IPv6 for 1 minute to
let certbot try to renew the LetsEncrypt certificate ov
On 01/17/2018 10:03 PM, teor wrote:
> If you need to do this in future, set PublishServerDescriptor 0.
Cool hint, thx.
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.
On 01/11/2018 02:10 AM, teor wrote:
> So if you're going to do this, please set a much higher limit than 2.
> I would suggest at least 4, but 10 or more is better.
>
> You might be able to set it higher if you put a limit on repeated
> connection attempts.
The simple approach (allowing 8 syn req
On 01/16/2018 11:15 PM, teor wrote:
> Hi,
>
> On 17 Jan 2018, at 08:31, Toralf Förster <mailto:toralf.foers...@gmx.de>> wrote:
>
>> I do wonder why
>> $> scripts/maint/updateFallbackDirs.py check_existing
>> tells
>> $> WARNING::1AF72E89
On 01/25/2018 07:06 PM, Peter Ott wrote:
> A change of the IP-adress seems to be handled fine by TOR. This change
> by the ISP occurs at least every 3 days or so).
?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
__
On 01/31/2018 10:16 AM, Roger Dingledine wrote:
> but if you're
> the sort who enjoys running code from git, now is a great time to try it
> and let us know of problems and/or successes.
at a first glance master (tor-0.3.3.1-alpha-42-g2294e330b) works like a charm
here at a hardened stable Gentoo
On 01/31/2018 08:57 PM, Tyler Johnson wrote:
> with or without additional firewall
*with* additional firewall rules currently.
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays
On 01/31/2018 10:16 AM, Roger Dingledine wrote:
> the sort who enjoys running code from git, now is a great time to try it
> and let us know of problems and/or successes.
>
tor-0.3.3.1-alpha-58-ga846fd267 is bad here, the inbound connections stays at
5-10
tor-0.3.3.1-alpha-42-g2294e330b works f
I do wonder why the follwoing iptables rule does fire more often than expected
althought there're much less (<100) new outgoing Tor exit connections within 1
second at my Tor exit relay:
/sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit
--connlimit-above 2000 --con
On 02/02/2018 11:02 PM, r1610091651 wrote:
> mask 0 => so results in: more than 2000 connections to anywhere
That's intentional.
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-rela
Got this today:
Feb 13 22:02:49.000 [err] tor_assertion_failed_(): Bug:
src/or/connection.c:5113: assert_connection_ok: Assertion (conn->type ==
CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_RESOLVING) ||
connection_is_writing(conn) || conn->write_blocked_on_bw || (CONN_IS_EDGE(conn)
&& TO_
On 02/13/2018 11:03 PM, s7r wrote:
> Hi,
>
> This looks like it's worth a ticket on trac. I've searched and there are
> no open reports about this, just a ~5 year old one that is closed (#9017).
>
https://trac.torproject.org/projects/tor/ticket/25245
> So this happened only when you had IPv6Exi
On 02/18/2018 02:30 PM, nusenu wrote:
> Arthur's DNS exit scanner is detecting a high
> DNS failure rate on some of your tor instances:
>
> https://arthuredelstein.net/exits/
The head of the table has 1 column more than the rest.
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: Ope
This happenes here now with that version usually once a day.
Feb 19 18:59:00.000 [warn] Our clock is 1 minutes, 1 seconds behind the time
published in the consensus network status document (2018-02-19 18:00:00 UTC).
Tor needs an accurate clock to work correctly. Please check your time and date
On 02/21/2018 08:38 PM, pikami wrote:
> but I can't find any solution for this on google.
Which is sometimes good indicator that it is not a good idea ;)
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-rel
On 02/24/2018 08:36 PM, Olaf Grimm wrote:
> I am now on my server with SSH and get the message during login:
Choose another port for SSH login and close all in-ports except ssh, ORPort and
DirPort.
Configure it in /etc/ssh/sshd_config (eg.: "Port 12345") and for convenience
define this in your l
On 02/19/2018 07:32 PM, Toralf Förster wrote:
> This happenes here now with that version usually once a day.
>
> Feb 19 18:59:00.000 [warn] Our clock is 1 minutes, 1 seconds behind the time
> published in the consensus network status document (2018-02-19 18:00:00 UTC).
> Tor ne
On 03/04/2018 07:41 PM, Dhalgren Tor wrote:
> the main event-worker thread
> going from a normal load level of about 30%/core to 100%/core and
> staying there for about 30 seconds;
I do wonder if this is just the normal behaviour when - IIRC correctly -
consensus documents are compressed before
I do wonder about the differences of "proc" versus the other 3 ("netstat,
"lsof" and "ss") related to the Inbound/Outbound values at my Tor relay.
As an example I copied below the output of "proc" and "netstat".
Does anybody have a clue about those differences?
mr-fox ~ # python ~/stem/docs/_st
On 03/10/2018 01:05 AM, Damian Johnson wrote:
> Anything about the
> connections which differ that seem interesting?
>
> Cheers! -Damian
Will try to find the time - FWIW it seems just to be an IPv4 issue - the IPv6
numbers are roughly the same.
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
D
On 03/10/2018 10:39 AM, Toralf Förster wrote:
> Will try to find the time - FWIW it seems just to be an IPv4 issue - the IPv6
> numbers are roughly the same.
And I should mention (again?) that I do run 2 exit relay at the same ip adress,
just with different ports.
--
Toralf
PGP C4
On 03/11/2018 08:33 AM, Roger Dingledine wrote:
> On Wed, Jan 31, 2018 at 04:16:52AM -0500, Roger Dingledine wrote:
>> Thanks for your patience with the relay overload issues.
>
> Early indications are that the overloaders have stopped. At least
> for now, but hopefully for longer.
>
> https://me
On 03/11/2018 09:44 AM, nusenu wrote:
> 33% of guard capacity and 37% of consensus weight is running on tor versions
> with DoS mitigation features.
>
But there was no abrupt change around that time where the # user users droped
down - so there'S no strong correlation IMO.
--
Toralf
PGP C4EACD
On 03/15/2018 10:02 PM, robink wrote:
> Mar 15 19:03:52.000 [warn] eventdns: All nameservers have failed
> Mar 15 19:03:52.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
> Mar 15 19:04:01.000 [warn] eventdns: All nameservers have failed
> Mar 15 19:04:01.000 [notice] eventdns: Nameserver 8
caused by both of the 2 Tor exits here at a Linux server.
I do wonder what both processes do exactly 2 minutaes past each hour for about
half a minute?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-re
On 03/17/2018 11:07 AM, Sebastian Hahn wrote:
>
>> On 17. Mar 2018, at 11:05, Toralf Förster wrote:
>>
>> caused by both of the 2 Tor exits here at a Linux server.
>>
>> I do wonder what both processes do exactly 2 minutaes past each hour for
>> about h
On 03/10/2018 01:05 AM, Damian Johnson wrote:
> Unfortunately I can't troubleshoot this without a local repro. If
> you'd care to dig in I'd suggest adjusting the script a little to
> print the connections, then see in what way netstat differs from proc.
> Is it a strict superset? Does it have dupl
Hi atagar,
./run_nyx
gives an empty
exit policy:
line in that case - is this bug or a feature?
:-)
Example for a wrong line:
ExitPolicy reject6 /32
Good is
ExitPolicy reject6 []/32
Tested with latest stem and nyx Git trees.
--
Toralf
PGP C4EACDDE 0076E94E
On 04/26/2018 03:15 PM, smichel0 wrote:
> Hello!
>
> I want to monitor my new tor relay (set up on a raspbian pi 3 by
> migrating my former relay incl. keys) with nyx. When try to start nyx by
> "nyx" in the command line "Tor controller password" is prompted.
>
> I can't find a password except th
For family:D11D11877769B9E617537B4B46BFB92B443DE33D - running at the same IP -
I do wonder about the differences of the values 44300 versus 36800 (one is 1
1/2 year, the other is 1/2 year old).
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
_
When I started with IPv6 I put this into my torrc:
Nickname zwiebeltoralf
DirPort 80
ORPort 443
DirPort [2a01:4f8:190:514a::2]:80 NoAdvertise
ORPort [2a01:4f8:190:514a::2]:443
Now I do wonder why I needed to add "NoAdvertise§ to the IPv6 port. Any hint
On 05/05/2018 06:56 PM, nusenu wrote:
> to quote teor (2017-12-21 on tor-relays):
> "By the way, there are no IPv6 DirPorts"
Hhm, this works:
wget http://[2a01:4f8:190:514a::2]:9030
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
__
On 05/11/2018 01:41 PM, Nathaniel Suchy (Lunorian) wrote:
> Like OpenDNS, Quad9 is a censoring DNS resolver
Is this true for 9.9.9.10 too ?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing li
I do have here a Gentoo Linux and a KVM (Gentoo too) - now I'm wondering if I
can just emerge the Gentoo Tor package here in the KVM and play with it or
should I prepare few things before to avoid that it will be used by the Tor
network immediately ?
--
Toralf
pgp key: 0076 E94E
On 09/07/2014 03:00 AM, ja...@icetor.is wrote:
> (I know nicknames are depreciated now)
Said that, when I setup my first exit node I do no longer need to define a
nickname ?
--
Toralf
pgp key: 0076 E94E
___
tor-relays mailing list
tor-relays@lists.to
3 things:
1.
=
This is what I get few days ago from Hetzer Support:
>Guten Tag Herr Förster,
>
>laut Deutschem Recht sind Tor Server im Moment nicht verboten.
>Aus diesem Grund sind Tor Server bei uns auch nicht verboten.
>Aus Erfahrung raten wir jedoch vom Betrieb eines Tor Exit Node ab
On 09/10/2014 11:05 PM, Moritz Bartl wrote:
> Overall, I would strongly suggest a different provider, but there is no
> groud truth on how much bandwidth any ISP (or country) should see.
Looked around for another provider in Germany with good prices and an
appropriate AGB (added few things to the
On 09/11/2014 08:21 PM, DerTorSteher wrote:
> euServ used to be a good provider I think. But to legally host a Tor relay
> you have to rent a dedicated root server there.
Was one of my candidates (due to Gentoo-supported OS), but :
http://faq.euserv.de/content/1/149/en/is-tor-irc-or-another-proxy-s
On 09/11/2014 10:47 PM, Sebastian Hahn wrote:
>
> On 11 Sep 2014, at 21:20, Toralf Förster wrote:
>>> Did you already look at Server4You?
>> oops, not now, wiki discouraged me at the first glance - will check
>
> I have the worst possible expierences with that co
On 09/16/2014 03:35 AM, Paritesh Boyeyoko wrote:
> Hello --
> So, I was thinking that in the same way that Tor relays have port-based exit
> policies, could they not
> also have port-based entrance policies? I
Beside the general answer (probably "NO") - you mean something, which cannot be
hand
On 09/16/2014 03:33 PM, Sebastian Urbach wrote:
> Is someone able to provide a timetable for the multithreading
> implementation into the alpha branch ? I'll take anything ;-)
+1
I run 4-core i7-3770, where all 4 cores idles at lowest ondemand cpu
governor frequency of 1.6 GHz currently - I insta
On 10/11/2014 08:05 AM, Blaise Gagnon wrote:
> Hi and many thanks for developping this project !
>
> I have a dedicated 200Mb (25 MB) fiber optics connection and a dedicated
> quad-core Linux server (64). What is the best setup to get maximum
> bandwidth usage ? I'm still stuck at 46.4Kb measured
On 10/13/2014 02:56 AM, subk...@riseup.net wrote:
> should the community start a revamp project (or start a whole new list)?
> i'd be willing to donate my time to help get this started if need be.
There's no good/bad ISP in my opinion, there're just ISs who forbid exit nodes
by their terms and co
On 10/19/2014 03:48 PM, obx wrote:
> Same here, I've blacklisted their /24 in my torrc. The complaints
> stopped.
Did the same after I got those complaints.
B/c my provider do open for every complaint a ticket I do not have another
chance than doing this:
reject 217.112.0.0/16:*
--
Toralf
pgp
On 10/19/2014 01:24 PM, Kees Goossens wrote:
> Lesson (for me at least): since HTTP was used, even a very reduced exit
> policy is does not make one immune to abuse problems.
> At this point I reverted back to being a non-exit relay, as I have no
> interest in having to deal with this.
>
Well, n
On 10/26/2014 07:21 PM, Michael Kelly wrote:
> 0.2.5.9-rc (and later to 0.2.5.10).
Because there's no code change (except the version string itself) between both
version, the culprit must be located in the packaging method itself IMO.
--
Toralf
pgp key: 0076 E94E
___
Watching the status of a tor-relay (4 MB bandwith, guard + exit, having more
than open 1000 connections) with arm shows a rather high frequent amount of
connection errors. Nearly every seconds or so a connection can't be established.
/me just wonders if this is common (replaced ip addresses with
On 10/28/2014 08:56 PM, Mike Patton wrote:
> My exit isn't the size of yours but at times has supported quite a bit of
> traffic and I haven't ever seen one of these errors.
Well, I'm running 0.2.5.10 at a 64 bit Gentoo hardened Linux in the meanwhile -
unfortunately I did not looked before at t
On 10/29/2014 05:09 PM, eric gisse wrote:
> I have never seen such errors and I'm running on 64 bit gentoo hardened
> as well. Are you running with special debug options or something?
>
No, I just switched from an amd64 Gentoo to a hardened by switching the Gentoo
profile and compiling current ke
On 11/18/2014 04:28 PM, Jeroen Massar wrote:
> People should realize though that it is not 'safer' in any way running
> SSH on another port.
But it is (slightly) more expensive - which counts, or ?
--
Toralf
pgp key: 0076 E94E
___
tor-relays mailing
On 11/18/2014 05:45 PM, Zack Weinberg wrote:
> On Tue, Nov 18, 2014 at 11:15 AM, Toralf Förster
> wrote:
>> On 11/18/2014 04:28 PM, Jeroen Massar wrote:
>>> People should realize though that it is not 'safer' in any way running
>>> SSH on another port.
&
On 11/18/2014 08:10 PM, Philipp Winter wrote:
> On Tue, Nov 18, 2014 at 09:43:53AM -0800, Andy Isaacson wrote:
>> On Tue, Nov 18, 2014 at 10:09:37AM -0500, Libertas wrote:
>>> * SSH being served on a non-standard port - something other than port
>>> 22. This is a good idea, as many brute-force atta
On 11/21/2014 09:44 AM, Chuck Peters wrote:
> Nov 16 00:00:00.000 [notice] Opening OR listener on 0.0.0.0:80
> Nov 16 00:00:00.000 [warn] Could not bind to 0.0.0.0:80: Permission denied
As stated in [1] you could try something like
$> setcap 'cap_net_bind_service=+ep' /usr/bin/tor
[1]
http://s
On 11/28/2014 11:50 PM, Tom van der Woerdt wrote:
> 10TB/month is 30Mbit/s. You will have reached those 10TBs long before
> coming close to maxing out a single CPU core. I'd estimate that a single
> E3-1240 CPU core can deliver between 150Mbit/s and 250Mbit/s.
>
> The specs on that server are fine
On 11/28/2014 11:40 PM, I wrote:
> How many instances could this run?
>
>
> Intel E3-1240 Dedicated Server Special
>
> Server Location: Buffalo USA
> Processor: Intel Xeon E3-1240 V2 3.40 GHz
> HDD: 500GB 7200RPM
> RAM: 16GB DDR3
> Bandwidth: 10TB Monthly Traffic
> IP: /29
> Port Speed: 1Gbit
f
On 12/03/2014 06:17 PM, webmaster wrote:
> At first I thought: Fuck, someone intruded into my machine.
> But after some looking through Arm I found many (>100) INBOUND connections.
"many" ?
I do have usually something like this :
Connections (782 inbound, 458 outbound, 245 exit, 1 control)
I still do wonder about the high percentage of IOERRORs of closed ORconnections
(as seen in page 1#5 of the arm tool window, press e + q). May I ask here
others about their experiences ?
The issue is already filed in [1]. [2] contains a python script I used to
monitor the issue directly (instea
On 12/05/2014 10:57 PM, Austin Bentley wrote:
> The main reason we strive for stable, rock-solid relays is for
> connectivity. If you have ever used SSH/IRC via Tor, you know how
> annoying it is when you get disconnected. This is likely because one of
> the 3 relays went offline. I would say a mac
On 12/22/2014 06:44 PM, Michael Renner wrote:
> Hi,
>
> my tor exit node was targeted with two DDoS attacks, one on 2014-12-20
> 01:00 CET and one on 2014-12-22 18:00 CET [1], both lasting about 5
> minutes each.
Not sure if this is related too, but somebody uses my exit relay for port scans
(>1
On 12/27/2014 01:19 PM, teor wrote:
> Some thoughts on the security of crowdsourced computing:
>
> Installing additional software increases the attack surface of your
> relay, even more so when the new software access the network. (Not to
> mention any additional libraries.) There is also the issu
On 01/04/2015 05:27 AM, Kura wrote:
> I've noticed a rather large jump in abuse emails from admits about brute
> force attempts coming from my exit nodes.
>
> I've had a handful of these in past, as you'd expect but now they are
> arriving multiple times a day, some automated emails, some not.
>
On 01/05/2015 06:16 PM, tor-ad...@torland.me wrote:
> On Monday 05 January 2015 17:40:09 mattia wrote:
>> Hi, I would like to know how one can monitor traffic that goes
>> through a bridge. I have set one up and would like to know whether it
>> is being used or not, and how much. Thanks!
>
> You m
On 01/08/2015 05:07 PM, Libertas wrote:
> And add 'nameserver 127.0.0.1' as the first line of your
> /etc/resolv.conf.tail
Why not /etc/resolv.conf.head ??
--
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E
___
tor-relays mailing l
I am wondering if an adversary would be able to derive useful information due
to the fact that the consensus weights are changed abrupt ?
(screen shot attached)
--
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E
___
tor-relays mailin
On 02/01/2015 08:02 PM, Sebastian Urbach wrote:
> Usually a few days before the end of every month my systems are getting
> slammed with traffic / directory requests. I thought about that and came
> up with the theory that a lot of systems with traffic limitations are
> dropping out a few days bef
On 02/05/2015 11:32 PM, Hu Man wrote:
> I have been running a tor relay for about a year and according to my
> munin graph It normally receives, on average, just under 2,000 incoming
> tcp connections on port 443 every 5 minutes.
/me assumes 443 is your ORport ?
> In the last few days that figure
On 02/11/2015 12:06 AM, Steve Snyder wrote:
> This is a good place to start:
>
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
+1
But even with the reduced policy I was spammed w/ DCMA emails 12 hours after I
installed and configured my Tor relay as an exit.
My strateg
On 02/25/2015 07:35 PM, Speak Freely wrote:
> "Your account was suspended
Does this really mean, that your money is lost already ?
Often ISPs just plugged off a server from the network till "you solved the
problem"
> "your IPs are blacklisted on multiples lists for Spam and other malicious
> act
On 02/25/2015 07:53 PM, Josef Stautner wrote:
> Is portscanning even possible there?
Should better used "service discovering" or "address range scanning" ?
I do observe at my exit relay since December last year, that few times per hour
between 500 and 5000 different ip address are "contacted" ov
On 03/23/2015 11:26 AM, Jens Kubieziel wrote:
> https://pad.systemli.org/p/ukMTrpwf6Yzv>. I'll add some more text
"Sorry, you have to enable Javascript in order to use this."
:-/
--
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E
__
Since few days (or since 0.2.6.7 ?) I do observe this behaviour at y exit node,
eg. to port 81, 110, 636 and other non-http ports.
Didn't saw this before - any hints ?
--
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E
--
"; the past is all dirty and cruel in the modern popula
On 04/22/2015 06:29 AM, CJ Barlow wrote:
> @reboot rm -f /var/lib/tor/keys/* && echo "keys gone!" >
> /home/[me]/reboot.txt 2>&1
What's about
rm -f /var/lib/tor/keys/* 2>&1 >> /home/[me]/reboot.txt
to see the error msg ?
--
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E
--
On 05/11/2015 05:40 PM, Geo Rift wrote:
> I've had my exit relay running on a spare Hivelocity server that I had for 17
> days now. Even after a reduced exit policy I continued to receive abuse
> reports.
I made similar experiences with my ISP.
Therefore I run my new tor relay as non-exit for 3-
On 05/13/2015 01:43 AM, Moritz Bartl wrote:
> On 05/13/2015 12:53 AM, Aaron Hopkins wrote:
>> I tried configuring this a while ago, but got confused by what appeared to
>> be conflicting documentation for IPv6 exit policies. Is the ExitPolicy for
>> IPv6 completely separate (only using accept6/rej
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/13/2015 02:41 AM, n...@cock.li wrote:
> Wildcard accept/reject policies seem to catch both IPv6 and v4 going
> from the comment (and code) in src/or/routerparse.c[1]:
When I (naivly) prepend just the following lines into torrc before the curre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/13/2015 01:43 AM, Moritz Bartl wrote:
> It is exclusively using accept6/reject6 lines.
Sure - there are currently few trac entries opened for that.
I do currently assume, that the following 2 lines :
ExitPolicy accept *:443
ExitPolicy accept
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
B/c ipv6 of Tor implements currently no DirPort I copied+pasted together the
following solution to deliver a Tor exit notice over HTTP port of ipv6 too :
The python snippet runs under a non-privileged user w/o login shell :
$ cat ipv6-httpd.py
i
On 05/21/2015 06:45 PM, Toralf Förster wrote:
> nice python ~/ipv6-httpd.py 1>./log 2>&1
Gah - and of course never ever use this crap which just gives a nifty DDoS
flank - therefore change this line to :
nice python2 ~/ipv6-httpd.py >& /dev/null
--
Toralf
pgp key: 7B1A
On 06/01/2015 08:12 PM, tor-server-crea...@use.startmail.com wrote:
> hi,
> is that IPv6 adress valid for example "becks" [2a01:4f8:162:7345::2]?
> how do i know if IPv6 is correct and reachable?
> thanks
>
http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-port-scanner.php?input=
On 06/02/2015 07:31 PM, torelay wrote:
> I have two relays that I set up last night to test. They're at the same
> datacenter, same spec server, and configured identically. The only
> difference is one is set up for IPv6 and the other isn't.
> With IPv6 BW is at: 75kB/s
> Without IPv6 BW is: 110kB/
On 06/04/2015 07:05 PM, Maximilian Kaul wrote:
> I just set up my first relay and as I'm living in Germany it needs to be
> a non exit relay :-(
In the Germany where I do live I can run an exit node - it is one among over
100 german exit nodes.
You might verify it here https://torstatus.blutmagie
On 06/04/2015 07:58 PM, Maximilian Kaul wrote:
thanks for the prompt answers.
urw,
BTW this (german) lists was a great help for me : exitno...@lists.ccc.de
--
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E
___
tor-relays mailing lis
101 - 200 of 476 matches
Mail list logo
