Re: [tor-relays] How to use a bridge configured with "ORport auto" within Tails?

On 12/20/18 3:13 PM, Matt Traudt wrote: > "ORPort auto" means let Tor pick. It picks at random (technically, I > think it lets the kernel pick and the kernel picks at random, but the > outcome is the same). Understood. But b/c this: sed -e "s/^ORPort.*/ORPort $((RANDOM))/g" /etc/tor/torrc

Re: [tor-relays] New exit relay help

On 12/27/18 10:12 PM, dns1...@riseup.net wrote: > I loaded an html file on my tor directory, uncommented the diretive > "DirFrontPage /path/html-file", but It doesn't works Did you made a "kill -HUP " to the tor process? -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digit

Re: [tor-relays] New exit relay help

On 12/27/18 11:19 PM, dns1...@riseup.net wrote: > Yes, I solved switching from DirPort 9030 to 80. I don't know why, but > in every debian machine on which i run tor, when I send kill -HUP > signal, often the process crash. In the log I read that It can't read > the config file, so I just restart I

[tor-relays] having just 1 exit port - helpful?

If just 1 port would be opened at an relay, eg. 6697, would this help the Tor network or would only spammers and DDoS use that port? -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list to

Re: [tor-relays] why the network lost >350 relays and some bridges

On 1/12/19 9:07 AM, nusenu wrote: > I guess I somehow expected that: the maintainer patched tor 0.3.4.10 to added > this > feature again and here we go again with the flood of relays using that > version of tor: > > 79 relays from 2019-01-11: Assuming those relays get a weight of 20 (or zero?)

Re: [tor-relays] why the network lost 350 relays and some, bridges

On 1/12/19 11:08 AM, Argo2 wrote: > It was last updated the 9th of January and when you download the stable > snap it is actually named 'snap269'. Just FWIW this is incremented to snap270: https://metrics.torproject.org/rs.html#details/93156A27C9B035C488678E98FE4156F7B593872F -- Toralf PGP C4EA

[tor-relays] 2 ip addresses at the same device, works except for the DirPort

I ordered a 2nd ip address for my server and put them in the first order in my network configuration. I do wonder, why this adapted torrcconfiguration: $> cat /etc/tor/torrc # torrc at tor-relay # PIDFile /var/run/tor/tor.pid DataDirectory /var/lib/tor/data Nickname zwiebeltoralf OutboundBind

Re: [tor-relays] 2 ip addresses at the same device, works except for the DirPort

On 2/6/19 10:47 PM, teor wrote: > Try setting the Address option. > > Tor will guess your IPv4 address, and it doesn't always guess the one you > want. That was it. 2 Questions I do have: Why does Tor does not derive that from the OutboundAdress if it reailzes, that its detected address doesn'

Re: [tor-relays] How To Add Reachable Ports To OBFS4 Bridge

On 2/22/19 12:11 AM, Keifer Bly wrote: > As this list is public, I guess I should not provide the port numbers > that tor and obfs4 are running on. The IP is much more important to be kept hidden. > However, would adding reachable ports like 80, 443, 8080 be doable? Sure, do it! -- Toralf PGP

Re: [tor-relays] bride&relay one host

On 3/22/19 8:19 AM, Roger Dingledine wrote: > https://blog.torproject.org/research-problems-ten-ways-discover-tor-bridges Which means, to avoid few attack vector, a Tor relay operator might run a bridge which points to its own relay always? -- Toralf PGP C4EACDDE 0076E94E signature.asc Desc

Re: [tor-relays] exit operators: tor-exit-notice.html file needs updating to solve 404

On 4/6/19 9:17 AM, nusenu wrote: > upstream: > https://trac.torproject.org/projects/tor/ticket/30052 I do not understood " the fix is easy: just add 2019. at the beginning of the domain." there :-/ -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature _

Re: [tor-relays] exit operators: tor-exit-notice.html file needs updating to solve 404

On 4/7/19 12:33 PM, nusenu wrote: > www.torproject.org > becomes: > 2019.www.torproject.org Ah thx - so the FQDN was meant. -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@l

Re: [tor-relays] exit operators: tor-exit-notice.html file needs updating to solve 404

On 4/7/19 12:58 PM, Toralf Förster wrote: > On 4/7/19 12:33 PM, nusenu wrote: >> www.torproject.org >> becomes: >> 2019.www.torproject.org > Ah thx - so the FQDN was meant. And this should made it: sed -i -e 's/www.torpr/2019.www.torpr/g' tor-exit-notice_D

Re: [tor-relays] Become a Fallback Directory Mirror

On 5/21/19 3:32 PM, gus wrote: > [1] > https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors contgains outdated links > [3] > https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist 404 -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenP

Re: [tor-relays] TCP SACK PANIC type kernel vulnerabilities: logging some packets

Hi, On 6/24/19 2:13 PM, t...@t-3.net wrote: > > As of last week there wasn't a new kernel out for our relay's distro switch to Gentoo Linux :-) > -A INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j LOG > --log-prefix "TCP_SACK_PANIC: " > -A INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --m

[tor-relays] What rules for a fallback dir - the compiled-in fingerprint, a flag from the authorities or both?

I do just wonder how a client decides whether/when fallback dir is to be used, especially when the *.inc file changed. -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists

Re: [tor-relays] New Fallbacks from June 2019

On 7/2/19 1:33 PM, teor wrote: > Dear Relay Operators, > > The FallbackDir flags on Consensus Health [2] and Relay Search [3] > might take a week or two to update. > > [3]: For example, this relay is a new fallback, but its flag isn't > shown yet: > https://metrics.torproject.org/rs.html#details/

Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths

On 7/26/19 4:18 PM, Rob Jansen wrote: > I am planning on performing an experiment on the Tor network to try to gauge > the accuracy of the advertised bandwidths that relays report in their server > descriptors. Hi, does this by any chance caused the lost of the "guard" flag ? Observed here now

Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths

On 8/19/19 4:56 AM, teor wrote: > Yes, changing other relays' bandwidths can affect the Guard flag, because > Guard is given to the fastest, most stable relays. I'm not convinced that this is the culprit for the mentioned relay [1]. I found another relay [2] where at least 4 of the 9 authorities

Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths

On 8/25/19 10:36 AM, Roger Dingledine wrote: > So my current thought is intermittent overload, or perhaps some sort > of "rate limiting via iptables" firewall. Hhm, at least for the "zwiebeltoralf[2]" there's no rate limiting or any firewall rules rate limiting it. But I do have ~80 MByte/sec loa

Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths

On 8/26/19 3:14 AM, teor wrote: > We expect to have funding to fix these bugs some time in the next month > or two. So I'll just wait. FWIW I set "RelayBandwidthRate 30 MBytes" for a day or so to see whether a possible overload of the my relays could cause some trouble but did not see any posi

Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths

On 8/26/19 11:58 PM, teor wrote: > Waiting might not help Indeed. The picture is: A bunch of relays, running since a longer time by different operators, are affected. Examples are [1], [2] and [3] The hoster do differ (Hetzner, i3D.net B.V, Host Europe GmbH), the OS too (

Re: [tor-relays] possible interference between sbws and a libressl relay (was: Measuring the Accuracy of Tor Relays' Advertised Bandwidths)

On 9/16/19 9:19 PM, Felix wrote: > On > Sep/14 the change to openssl brought back the guard flag today: Hhm, I installed LibreSSL at: 2019-05-24T18:51:19 >>> dev-libs/libressl-2.9.2: 2 minutes, 39 seconds so I do not see here a correlation. -- Toralf signature.asc Description: OpenPGP digita

Re: [tor-relays] possible interference between sbws and a libressl relay (was: Measuring the Accuracy of Tor Relays' Advertised Bandwidths)

On 9/16/19 9:19 PM, Felix wrote: > > The sbws bandwidth authorities now can measure the bandwidth of the relay. > > Can somebody confirm my observation or has prove (please no speculations). > I upgraded LibreSSL from 2.9.2 to 3.0.0 here at a stable Gentoo Linux and got immediately from all IPv

Re: [tor-relays] possible interference between sbws and a libressl relay (was: Measuring the Accuracy of Tor Relays' Advertised Bandwidths)

On 9/21/19 4:11 PM, Toralf Förster wrote: > I upgraded LibreSSL from 2.9.2 to 3.0.0 here at a stable Gentoo Linux > and got immediately from all IPv6 capable BW authorties the > "ReachableIPv6" flag back at both affected relays. Today one of 2 affected relays got its Gurad f

Re: [tor-relays] Install on Tor on fresh Debian 10 failed (gpg key invalid)

On 10/17/19 7:38 PM, Olaf Grimm wrote: > 'curl > https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc > | gpg --import' > > I get the error message > '2019-10-17 20:34:32 (1.01 MB/s) - > ‘A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc’ saved [19665/19665] > gpg: no

Re: [tor-relays] public open socks port

On 10/22/19 9:33 PM, ylms wrote: > Hello all, > I am wondering if there is any reason why one should not open the socks > port of Tor to the public internet? b/c everybody could configure then your Tor eg. with https://nyx.torproject.org ? -- Toralf signature.asc Description: OpenPGP digital

Re: [tor-relays] bridge relay search is "wrong"

On 11/23/19 6:04 PM, David Strappazon wrote: > My bridge appears down when checking "tor relay search" on smartphone > and up when checking the site from a laptop. You're sure that this is related to smartphone/laptop? Because 2 weeks ago my my bridge was marked as "down" too, but after few hours

Re: [tor-relays] tor crash on HUP only when SANDBOX is 1

On 1/5/20 7:43 AM, tor-re...@riseup.net wrote: > Hi, > > I'm running an exit relay on a Debian Buster. I installed libseccomp and > I've built tor 0.4.2.5 using debuild, like the wiki says. > > Today I noticed that tor crashes on HUP signal, only when the Sandbox > option is on. I never had this

Re: [tor-relays] Consensus Weight Dropping/Authority Issues?

On 1/7/20 1:57 PM, John Ricketts wrote: > I have been watching the consensus weight and bandwidth of all of my 50 exit > nodes drop consistently over the past few months. I have not made any > hardware changes in my data center Which correlates to https://metrics.torproject.org/bandwidth.html -

Re: [tor-relays] %include in torrc

On 1/7/20 6:36 PM, ylms wrote: > Is arm supposed to complain about the line with the %include as "The IMO "arm" is deprecated in favour of "Nyx". -- Toralf signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@

Re: [tor-relays] tor version 0.4.0.x reaches end-of-life on 2020-02-02

On 2/2/20 1:49 PM, nusenu wrote: > Currently over 10% of the network is running on end-of-life tor releases, > this is bad. I do wonder if recent Tor clients do already prefer to not choose EOL relays? -- Toralf signature.asc Description: OpenPGP digital signature ___

[tor-relays] unbound statistics interpretation

Hi, at a system shutdown unbound writes the stats in the syslog. Looking at the stats (pls see below) at a fast relay with 5 days uptime let me wonder about the huge resolving times above the 4 second limit. Especially I do wonder if there's a parameter to tell unbound to stop a resolving attem

Re: [tor-relays] Why MyFamily?

On 2/22/20 10:55 AM, nusenu wrote: > You can preemptively generate as many relay keys as you want and > use their fingerprints in MyFamily so you don't have to bother about changing > old > configs when you add new relays as long as you use these preemptively > generated keys. > And if you're

Re: [tor-relays] Why MyFamily?

On 2/23/20 11:51 AM, Moritz Bartl wrote: > Cheers, and thanks for trying to run relays in a good fashion :) > > Moritz (y) -- Toralf signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org htt

Re: [tor-relays] Dirport9030

On 3/10/20 2:46 PM, Nuno Rego wrote: > I edited the Tor Configuration File (/ etc / tor / torrc) and rebooted > the server. Restarting the Tor service itself is fully sufficient. Usually you need just to reboot a Linux server after a kernel upgrade. -- Toralf signature.asc Description: OpenPG

Re: [tor-relays] BadExit

On 3/27/20 2:17 PM, ger...@bulger.co.uk wrote: > I have been free of abuse complaints and copyright claims for two years now. Well, the main problem here fore me is to get complaints from my hoster itself b/c any open address range are abused soon for port scans -- Toralf signature.asc Descr

Re: [tor-relays] Question about authority clock skew

On 4/14/20 1:34 AM, Roger Dingledine wrote: > Using the definitions that "precision" is how many digits you're > providing, and "accuracy" is how right you are, I'd say that we're giving > you microsecond precision but not microsecond accuracy. :) Hehe, the first thing I was teached during my study

Re: [tor-relays] Port 853

On 5/15/20 5:53 AM, mnlph74 wrote: > I'm running a relay and planning to put an exit at port 853 (DNS over TLS) > Is this safe from abuse? Thanks for the help. > No port is safe. OTOH I opened it a year ago - no problems so far. -- Toralf signature.asc Description: OpenPGP digital signature

Re: [tor-relays] Why does it take 4 days to get the HSDir flag back?

On 5/23/20 11:40 AM, Roger Dingledine wrote: > And of course the long term fix is to drop the deprecated v2 onion > service design, since the v3 onion service design is much better at > limiting what an HSDir relay can learn about onion services: > https://www.youtube.com/watch?v=Di7qAVidy1Y I do

Re: [tor-relays] Help via Skype teamviewer

On 5/29/20 9:20 PM, Pac-Man wrote: > I have everything ready to roll with a fresh Ubuntu install all updated > could I get configuration help via Skype and teamviewer? > Sure, expose your Tor server to the wild to everybody, there's no risk in doing that, or? -- Toralf signature.asc Descrip

Re: [tor-relays] "/var/tor/diff-cache" full!

On 6/18/20 10:21 AM, Salvatore Cuzzilla wrote: > > The amount of files within "/var/tor/diff-cache" is steadily increasing. I do have 256 files, each 0.5 MB in size, the oldest is 24 hours old. So a retention seems not to work at your system. -- Toralf signature.asc Description: OpenPGP digit

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

On 7/7/20 7:13 PM, NOC wrote: > > great to see that the Tor network can lose ~20% capacity What let you think that this is correct ? -- Toralf signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproje

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

On 7/8/20 12:35 PM, Roger Dingledine wrote: > * One is dividing the network into known and unknown relays, where we > reserve some minimum fraction of attention for the known relays. Here > the next steps are to figure out how to do load balancing properly with > this new parameter (mainly a math p

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

On 7/12/20 2:40 PM, Charly Ghislain wrote: > There seems to be a consensus toward building a web of trust. > Thinking about it again, I don't like much the direction it is going. > +1 A Web of Trust does not mean that all have to trust a central instance. Similar to PGP where nobody relies on th

Re: [tor-relays] tor relay - vps maintenance - what to do ?

On 7/12/20 11:12 PM, dluga...@protonmail.com wrote: > What should I do ? Consider to use offline keys - it is a good idea always. -- Toralf signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject

Re: [tor-relays] Snowflake-proxy restricted NAT

On 7/18/20 10:45 AM, dmz21 wrote: > Recently it shows a new log message: Did you upgrde the sources before? -- Toralf signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torpr

Re: [tor-relays] ContactInfo Information Sharing Specification Version 1 released

On 7/21/20 7:16 PM, nusenu wrote: > verifyurl What is the advantage over the torrc config value "MyFamily" ? -- Toralf signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists

Re: [tor-relays] What is the command to view the tor log file on Debian?

On 7/30/20 8:54 AM, Paul Geurts wrote: > more syslog | grep Tor useless use of "more" IMO, just use grep "Tor" /var/log/syslog -or- for a continuous watching for new events: tail -f /var/log/syslog | grep "Tor" -- Toralf ___ tor-relay

[tor-relays] How many threads needed for unbound at a fast relay?

I do wonder about a reasonable number. -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] anyone else with this issue?

On 8/25/20 9:20 PM, Roger Dingledine wrote: > Also, if more people than just Nifty and John are seeing them. I got an abuse record from Hetzner for my relay (no Exit flag, but 2 dozen ports opened) at 8/18/20, 4:31 PM +0200 with a content like: irection OUT Internal 5.9.158.75 Threshold Packets

Re: [tor-relays] Call for Testing - New Feature: Relay IPv6 Address Discovery

On 8/26/20 4:56 PM, David Goulet wrote: > If you are still running a 0.4.5.0-alpha version Not tagged yet, or ? -- Toralf signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.

Re: [tor-relays] Call for Testing - New Feature: Relay IPv6 Address Discovery

On 8/26/20 5:46 PM, Toralf Förster wrote: > On 8/26/20 4:56 PM, David Goulet wrote: >> If you are still running a 0.4.5.0-alpha version > Not tagged yet, or ? > > > ___ > tor-relays mailing list > tor-relays@l

Re: [tor-relays] Call for Testing - New Feature: Relay IPv6 Address Discovery

On 8/26/20 7:00 PM, Toralf Förster wrote: > Or better asked, why it has a "tor-tor" prefix - this breaks any easy install > method/quirk here under Gentoo :-( :# > > $ tar -tvf /var/cache/distfiles/tor-0.4.5.0-alpha-dev.tar.gz | head > drwxrwxr-x root/root 0

Re: [tor-relays] Call for Testing - New Feature: Relay IPv6 Address Discovery

On 7/22/20 9:54 PM, David Goulet wrote: > In your notice log, you will see which address is used to bind on the ORPort Not here (hardened stable Gentoo), this is from the notice log: Aug 26 20:59:18.000 [notice] Interrupt: we have stopped accepting new connections, and will shut down in 30 secon

Re: [tor-relays] How many threads needed for unbound at a fast relay?

On 8/24/20 8:52 PM, Tim Niemeyer wrote: > Hi Toralf > > All F3 Netze relays together are using one unbound with 4 CPU Cores. > Each consumes about ~20%. It's a Xeon(R) CPU E3-1230 V2 @ 3.30GHz (w/o > Hyperthreading). Ah thx, so I used 4 threads here for my 2 relaays and observed the pattern, that

Re: [tor-relays] Become a Fallback Directory Mirror (deadline: July 23)

On 9/16/20 1:05 AM, Michael Gerstacker wrote: > the only relay i don't want to be a fallback anymore is a fallback now Maybe OT but I'm just curious about the reason to want a relay being not a fallback. -- Toralf signature.asc Description: OpenPGP digital signature _

Re: [tor-relays] Dropped off consensus (0.4.4.5) - reason is Libressl 3.2.1

On 9/20/20 12:57 PM, Felix wrote: >> > Libressl 321 is not compatible to what is needed to make the authorities > tor26, dizum, gabel., maatu. and longc. happy (let them not grant a > "Running"). What can that be? Just upgraded here 2 tor-0.4.5.0 (Gentoo Linux, same ip) from 3.2.0 to 3.2.1 Will see

Re: [tor-relays] Dropped off consensus (0.4.4.5) - reason is Libressl 3.2.1

On 9/20/20 12:57 PM, Felix wrote: > > Please somebody can _confirm_ this thing? Much more worse: The relay here under a hardened Gentoo Linux with LibreSSL 3.2.1 has only 50% of the amount of the conenctions as with 3.2.0 at all - and the TCP traffic dropped down by nearly 100%. I recompiled T

Re: [tor-relays] SSH

On 9/21/20 1:52 PM, Logforme wrote: > Change the SSH default port. AFAICT that helped but only fore a while. After few weeks/months the non-default port is discovered by (a probably more extensible port scan) and the failed login attempts continued. -- Toralf signature.asc Description: OpenPG

Re: [tor-relays] Network Performance Experiment - KISTSchedRunInterval - October 2020

On 10/15/20 3:14 PM, David Goulet wrote: This is where we need your help. We would like you to notify us on this thread about any noticeable changes in CPU, RAM, or BW usage. In other words, anything that changes from the "average" you've been seeing is worth informing us. Maybe completely unre

Re: [tor-relays] Help setting up 2 Relays

On 10/17/20 6:30 AM, John Csuti wrote: Interesting I’ll have to look into that. I am giving both IPv4 and IPv6 so that could be the issue. Should work, maybe you need NoAdvertise, eg.: # torrc # PIDFile /var/run/tor/tor.pid DataDirectory /var/lib/tor/data Nickname zwiebeltoralf Address 5.9.1

Re: [tor-relays] Help setting up 2 Relays

On 10/18/20 7:37 AM, postmas...@coolcomputers.info wrote: I changed my firewall to allow ipv6 and can access the ports i forgot to allow them through my 10GB pfsense router. What are we talking about the DirPort and why does your torrc use ipv6 on the DirPort from what i know IPv6 is not used o

Re: [tor-relays] Snowflakes

On 10/26/20 5:32 PM, entensai...@use.startmail.com wrote: Hi everybody, I'm not sure this is the right list to ask, but is it useful to run snowflake proxies? I'd say yes. FWIW I do run it as a ordinary Linux service (git clone + go build) instead as a plugin in my browser here under Gentoo

Re: [tor-relays] I bumped out some more bad relays

On 10/31/20 4:05 AM, Roger Dingledine wrote: I spent some time this week refining a new exit scanner, and today we pushed some new reject rules to kick out some relays that we confirmed were running mitmproxy to do more sslstrips. So these got the flag "Unmeasured" but not "BadExit", right ? --

Re: [tor-relays] Bridges under DDoS

On 11/11/20 10:05 PM, Jonas wrote: Any one else seeing such attacks lately? No -- Toralf OpenPGP_0xC4EACDDE0076E94E.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-r

Re: [tor-relays] Question: RAM requirement for an exit relay

On 12/14/20 1:15 PM, li...@for-privacy.net wrote: On both of my exits, unbound occupies 140-145MB RAM. Hhm, under a hardened stable Gentoo it occupiers 45 MB in RAM (virtual 378MB, but that involves all ever loaded libs before too) -- Toralf ___ tor-

Re: [tor-relays] Relay operators meetup @ rC3: today 22:00 UTC+1

On 12/29/20 12:30 PM, kantorkel wrote:  Please use https://jitsi.rc3.world/torrelayops-724b5 to join from the outside world. I joined it w/ Firefox at a hardened Gerntoo - but no sound so far. With Falkon at the same system sound worked. /me wonders if the issue is related to the "hardened" p

[tor-relays] event.reasons for ORStatus.CLOSED

I wrote a small Pythons script [1] to catch the event.reasons for ORStatus.CLOSED. The output is something like this: orstatus.py --ctrlport 9051 DONE FAF3236D37B0B18D8438C46317940F642E296924 IOERROR 917A0A924DA50B46CD740924AB42B237A831E182 DONE DCEA2A6D8034E164A4FFDD8AFF997

Re: [tor-relays] OrNetStats: Operator Level Graphs added

On 1/9/21 9:38 PM, nusenu wrote: I've added new operator level pages with an interactive graph showing the aggregated guard/exit probability and advertised bandwidth over time across all relays for a given operator. cool idea, canthose graphs being linked from eg https://yui.cat/relay/63BF46A6

Re: [tor-relays] OrNetStats: Operator Level Graphs added

On 1/10/21 7:08 PM, li...@for-privacy.net wrote: I don't want to expect the average user to fish something obfuscated out of the string. Yes, I am old and conservative ;-) /me too - therefore I tend to not add detailed technical information about the relays. (BTW that doesn't work at all wit

Re: [tor-relays] OrNetStats: Operator Level Graphs added

On 1/9/21 9:38 PM, nusenu wrote: - change the scale on the y axis (vertical drag and drop) Maybe nitpicking but IMO It is irritating, that the 0% value (zero) of the left y-axis doesn't match the 0 GBit/s at the right y-axis (per default). -- Toralf OpenPGP_signature Description: OpenPGP

Re: [tor-relays] Introducing new bridge status page

On 1/11/21 9:03 PM, Philipp Winter wrote: FINGERPRINT is your bridge's fingerprint or its hashed fingerprint -- either works. for public bridges ;-) -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cg

Re: [tor-relays] Server under attack according to my hoster

On 1/22/21 6:04 PM, lists.torproject@stein-io.de wrote: Today I received a notification that my server is "under attack" since my server got over the threshold of 300k packets/s. At the time of the mail it seems to be about 450k pps . I do run 2 Tor relays at 1 Hetzner host and do have rcp

Re: [tor-relays] Is my relay broken? No stable, hsdir or guard flags

On 1/30/21 5:59 AM, Scott Bennett wrote: Or, as an alternative to the above proposal, newly awakened authorities' votes regarding time-dependent flags should be ignored by other authorities until the newly awakened have been awake at least, say, ten days? I do wonder if this helps if all

Re: [tor-relays] Huge increase in bridge connections

On 2/12/21 2:04 PM, Logforme wrote: Don't know if it's connected but my 2 guard relays jumped from the normal 2k clients to over 6k during a 24h period. https IMO it is uncommon. FWIW I observed a jump from 18K to 34K at 10th of February around 10:00 pm UTC, slowly decreasing now. -- Toralf

Re: [tor-relays] anyone else getting sync floods from russia?

On 2/20/21 2:25 AM, niftybunny wrote: https://i.imgur.com/nDbaXqH.png https://i.imgur.com/Y5259wW.png Yep, I do wonder if sth like netstat --tcp -n -4 | perl -wane ' BEGIN { $Hist=(); } { next unless (m/^tcp/); ($Remote) = spl

Re: [tor-relays] anyone else getting sync floods from russia?

On 2/20/21 12:29 PM, niftybunny wrote: We already changed the timers on the TCP connections and we have scripts running which are blocking IPs who will send us x connections. Right now they changed tactics and for me it looks like SYNC flood from datacenter IP ranges and a few 100 IPs whic

Re: [tor-relays] anyone else getting sync floods from russia?

On 2/21/21 12:37 PM, niftybunny wrote: If I get say 2 connections from a single IP it would be blocked with iptables. Even much less looks unusal With this command watch -d -x bash -c 'ss --all --numeric --processes state syn-recv | sort -k 5 -n' I do see a handful of addresses -

Re: [tor-relays] anyone else getting sync floods from russia?

On 2/22/21 1:01 AM, li...@for-privacy.net wrote: Multiport example: # Up to 15 ports can be specified. A port range (port:port) counts as two ports. # Drop incoming connections which make more than 10 connection attempts upon ports x-y within 1 minute -A INPUT -p tcp -m multiport --dports xx:yy -

[tor-relays] syn flood iptables rule

The following 3 statements # Make sure NEW incoming tcp connections are SYN packets; otherwise we need to drop them. $IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # DDoS $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set $IPT -A INPUT -p tcp -m state

Re: [tor-relays] syn flood iptables rule

On 2/22/21 7:44 PM, Stephen Mollett wrote: Have you tried adding "xt_recent.ip_list_tot=" to your kernel command line? That formula works for most module parameters when their module is built-in, I think. Stephen Yep, that works. Thx. -- Toralf ___

Re: [tor-relays] syn flood iptables rule

On 2/22/21 7:29 PM, William Kane wrote: A hard limit of 9 might be a little too low - then again, a legit, unmodified tor binary would hold it's TCP connection established for as long as needed - Hhm, I'm really under the impression that even 5 or 4 should be enough. If a client connects more of

Re: [tor-relays] Bridge operator iat_mode setting

On 2/24/21 9:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. At my client I have iat_mode=2 set but I do wonder how to set that as default at a bridge? -- Toralf __

Re: [tor-relays] Bridge operator iat_mode setting

On 2/24/21 9:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. SO why is this not the default? -- Toralf ___ tor-relays mailing

Re: [tor-relays] Bridge operator iat_mode setting

On 2/25/21 6:32 PM, niftybunny wrote: And why did I read about this the first time in a mailing list? +1 -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ECONNREFUSED

On 3/16/21 2:44 PM, tor wrote: However, the status page keeps saying I'm dysfunctional with a ECONNREFUSED: https://bridges.torproject.org/status?id=E120A0492F789F5367EAD84C64F92EE279018F98 Wasn't aware of tha

Re: [tor-relays] is this valid bridge config

On 3/23/21 4:13 PM, gi vian wrote: ExitPolicy reject *:* IMO this is not needed -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ipv6 ORPort + DIRPort too ?

On 3/27/21 11:05 AM, Petrusko wrote: And I'm not sure if I can serve DIRPort on the ipv6 too ? If I understood it correctly a DirPort are no longer needed for latest Tor software version. So you should be fine with opened IPv4|6 ORports only. -- Toralf _

Re: [tor-relays] syn flood iptables rule

On 2/22/21 3:27 PM, Toralf Förster wrote:  # DDoS  $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set  $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --update --seconds 60 --hitcount 10 -j DROP just for the record: In the emanwhile I do think

Re: [tor-relays] Fallback Directories - Upcoming Change

On 4/7/21 9:04 PM, David Goulet wrote: Over time, we will remove or add more relays at each minor release if the set of fallback directories not working reaches a 25% threshold or more. In the past a fallback dir volunteer committed himself to have address and port stable for 2 years. If a rel

Re: [tor-relays] Questions about consensus votes

On 4/21/21 12:15 PM, Sebastian Hahn wrote: Moria applies its own criteria which differ from dir-spec. Its operator is testing future improvements to the Tor network and therefore frequently doesn't follow all the specs. bastet too, or ? -- Toralf __

Re: [tor-relays] OS Upgrade

On 4/23/21 2:03 PM, Matt Traudt wrote: Keeping tor up to date, and the OS and all the other things installed on it up to date, is much more important than maintaining your flags. You'll get them back. IMO relays with a way too long uptime should get a penalty. -- Toralf ___

Re: [tor-relays] how does one file a problem report?

On 4/24/21 7:18 AM, Scott Bennett wrote: I went through the process to get an account at gitlab.torproject.org in order to file a problem report for a very irksome and tiresome daily abort in tor 0.4.5.7 and 0.4.6.1-alpha under FreeBSD 11.4. However, I do not find anywhere on that web site

Re: [tor-relays] let's make ContactInfo mandatory for exits (and warn others)

On 4/24/21 12:11 PM, nusenu wrote: * tor 0.4.7: no longer assign the exit flag to relays not having a ContactInfo (< 5 chars) in their descriptor. Log a warning for relay operators, I've opened 1-2 dozen ports - except 80 sand 443 at 2 relays. So I do not have the Exit flag. Never

Re: [tor-relays] let's make ContactInfo mandatory for exits (and warn others)

On 4/24/21 9:21 PM, nusenu wrote: Hi Toralf, Toralf Förster: On 4/24/21 12:11 PM, nusenu wrote: * tor 0.4.7: no longer assign the exit flag to relays not having a ContactInfo (< 5 chars) in their descriptor. Log a warning for relay operators, I've opened 1-2 dozen ports

Re: [tor-relays] Problem moving my Tor Bridge Relay

On 6/12/21 5:42 PM, Cor.ling wrote: Jun 12 15:13:59 PC tor[38309]: Jun 12 15:13:59.476 [warn] /var/lib/tor/keys is not owned by this user (debian-tor, 124) but by root (0). Perhaps you are running Tor as the wrong user? Jun 12 15:13:59 PC tor[38309]: Jun 12 15:13:59.476 [warn] Failed to parse/val

Re: [tor-relays] Verify my Relay

On 6/24/21 1:59 AM, S1l3nt Hash wrote: Address xxx.xxx.xxx.xxx (static public ip) DirPort 9030 NoAdvertise DirPort xxx.xxx.xxx.xxx:9030 NoListen (static public ip) ORPort 9001 NoAdvertise ORPort xxx.xxx.xxx.xxx:9001 NoListen (static public ip) Hiding those IP addresses (and other *sensitive*) d

Re: [tor-relays] Move or Recreate

On 8/15/21 6:04 AM, Eddie wrote: I know how to maintain the keys for both relays and bridges for the replacements, but was wondering exactly what does that buy me, as both will now be running at different IPv4/6 addresses. As opposed to just blowing away the current ones and starting fresh copie

Re: [tor-relays] New round of measuring the accuracy of Tor relays' advertised bandwidth

On 8/25/21 12:02 PM, Georg Koppen wrote: Hello! You might recall we ran two "speed tests" so far for investigating the accuracy of a relay's advertised bandwidth, one in 2021[1] and another one earlier this year[2]. I do run 2 relays at the same ip address. Do the tests consider that ? -- To

<    1   2   3   4   5   >