roject.org/#/relay/741488D89B860E59D6391ACA27A157E87EB533FF
Thanks,
G
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
reports
throughput around 1 Mbit/s. Why is my "measured" bandwidth only 110
Kbit/s on blutmagie.de? (My connection is advertised as 10 Mbit and
always gets over 1 Mbit).
https://torstatus.blutmagie.de/router_detail.php?FP=741488d89b860e59d6391aca27a157e87eb533ff
-G
> On 18.8.15 1:29, Pas
sense. It's good for the network if that
happens and allows diversity.
> Maybe a change in your strategy would make the life of your precious
> and fast relays a bit easier...
I have shut down our "precious and fast relays" recently as we
decided unanimously that the tor-community d
much as a
> > "thank you!" from anyone.
>
> Operating tor nodes is - like operating any
> invisible infrastructure - inherently thankless.
Absolutely. Most of the infrastructure we provide on that basis and it
is ok! The reason for running that exit node was that we believed it
w
On 06.02.17 09:25, nusenu wrote:
The first release with the fix for [1] was in 0.3.0.3-alpha [2].
So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially
increases the tor network's IPv6 exit capacity.
teor and nickm plan a backport for tor 0.2.9.x
[1] https://trac.torprojec
On 8/02/2017 15:00, Andrew Deason wrote:
> I assume some people will say this isn't even worth the effort; it's not
> like it's hard to just ignore those reports. But it doesn't take much
> effort to just try to talk ot them, and it perhaps helps to give tor a
&g
On 16/02/2017 08:55, tor-ad...@torland.is wrote:
> Hi all,
>
> after 5 years of operation I will shutdown TorLand1
> (https://atlas.torproject.org/#details/E1E922A20AF608728824A620BADC6EFC8CB8C2B8)
>
> on February 17 2017.
Thank you for
isn't going to help at all. Tor still isn't optimized for it.
If running on Linux or Unix there are a lot of optimizations to be done. For
Linux, I'd start here: https://www.torservers.net/wiki/setup/server and look at
the "High Bandwidth Tweaks" section._____
our control._______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
reducing the log footprint of a relay? Are
the OS defaults generally sufficient, or do operators need to take additional
steps to preserve user privacy?___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin
> What can be known is *how* TOR is being used by setting up studies at exits
> and seeing what kind of services people are connecting to.
Please don't do that, or suggest doing that. Sniffing or inspecting exit
traffic may be illegal in some jurisdictions, and will result in the Ba
>>> What can be known is *how* TOR is being used by setting up studies at
>>> exits and seeing what kind of services people are connecting to.
>> Please don't do that, or suggest doing that. Sniffing or inspecting exit
>> traffic may be illegal in some ju
would use around 5TB per month. They might notice._______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Here's a recent thread with a good answer:
https://www.mail-archive.com/tor-relays@lists.torproject.org/msg10829.html
The consensus seems to be, since bridges are allocated to users randomly, they
may not see much traffic in some cases.
There's some guidance here:
https://www.torp
I just checked a handful of relays that have been running for months or years,
and the DataDir ranged in size from 60 to 90 MB. They're all running debian or
ubuntu.
I also don't understand the point of encrypting this directory._______
tor-rela
> I tried disabling pf and restarting tor. To my surprise, the authorities
> connected to my relay successfully and distributed its information in
> subsequent consensuses!
Haha. This is the least surprising thing I've read all week.________
I've suddenly started seeing a lot of these in our exit's logs:
Rejecting INTRODUCE1 on non-OR or non-edge circuit ...
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/li
>> On 23 Jun 2017, at 04:57, t...@t-3.net wrote:
>>
>>
>> I've suddenly started seeing a lot of these in our exit's logs:
>>
>> Rejecting INTRODUCE1 on non-OR or non-edge circuit ...….
>
>Did you upgrade the Tor version on your relay recently?
The files in the repo location we have configured have not changed
recently, and I know that Tor's been updated.
The repo we're configured for is based out of:
https://deb.torproject.org/torproject.org/rpm/el/6/x86_64
_______
tor-rela
I'm trying to follow the instructions here to install Tor from the official
package repository:
https://www.torproject.org/docs/debian.html.en
On the steps to add the gpg signing key, it doesn't work. It seems something
has changed with the keyserver at keys.gnupg.net:
1) http://keys
till don't know why there is a SSL mismatch
in the browser, or why you can no longer access the web UI, but it's not as
broken as it looked._______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailma
ferent network.
> I'd recommend posting your finding to the sks-devel mailing list ... I'll
> post it in the morning if you like.
Please do if you think it would be helpful. Thanks Paul.___________
tor-relays mailing list
tor-relays@lists.torpro
http://154.35.175.225/ is the directory authority "Faravahar". This error
happens from time to time with this authority. There's nothing for you (the
relay operator) to do about it._______
tor-relays mailing list
tor-relays@lists.torpr
Hi Doug,
I think the short story is that you're managing the service the wrong (old)
way. Ubuntu moved to systemd as of 15.04. This should help:
https://www.digitalocean.com/community/tutorials/systemd-essentials-working-with-services-units-and-the-journal
> sudo service tor restar
> Since the Nickname option is merely cosmetic, we can safely reuse an expired
> Tor exit node's nickname on a new Tor exit node with no adverse side effects
> on directories, metrics sites, or the network as a whole?
Yes._______
tor-relays ma
@Toralf
> Tor serves the "DirPortFrontPage /etc/tor/tor-exit-notice_DE.html" at that
> port
> and I'd like to avoid a slow responsive Tor due to a DDoS at that port.
Tor also provides the directory service on the same port (unless you have it
disabled). How do you know
afe to disable the DirPort on a fallback relay?___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
You'll lose your uptime, but... don't be ridiculous. It's better to keep Tor
up-to-date. That uptime undoubtedly means you're running an outdated kernel
too, which is not ideal. I think it would be wise to take the hit and update
both.______
ck directory
traffic go over the ORPort too? Is it safe to disable the DirPort on fallback
relays?___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> So let me get this straight – Because you don’t agree with the way I’m
> marketing my network I must be malicious and this must be a “social
> engineering” attack? Seriously guys, put away the tin foil hats. I truly
> DON’T want to know what people on tor are browsing.
>
>
Yes, I'd find that very useful._______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
s.google.com/speed/public-dns/docs/dns-over-https. It encrypts
DNS traffic on the wire. There are already some fairly good client-side
implementations. However, we need other providers to put up DNS-over-HTTPS
endpoints, since no one wants to trust Google._________
> I get about sixty (60) abuse notifications a day and on average eight (8)
> subpoenas a month.
How do you handle the subpoenas?_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listin
> Doesn't a lot of it depend on context anyway?
Yes.
> How can we quantify something like this?
We can't. We don't have all the data. We have to assume the worst and plan
accordingly._______
tor-relays mailing list
tor-relays@lists
Hi,
I'm troubleshooting a Linux relay where the Tor service is having problems.
External monitoring alerts indicate both the ORPort and DirPort are unreachable
(TCP connection timeout). I can ssh in and the Tor service is still running.
The node seems to have increased memory usage at
been up for 700+ days and aside from kernel
upgrades, there's no recent changes. Maybe it's just busier than usual now.
I'll keep digging. Thanks for the feedback!___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> There's a bug in 0.3.0 and later that causes clients to fetch
> microdescriptors from fallbacks. So fallbacks (and authorities)
> will have extra load until that's fixed.
>
> https://trac.torproject.org/projects/tor/ticket/23862
Makes sense. The relay can't kee
oadly, any tips for troubleshooting this beyond looking in the Tor logs
and syslog would be appreciated.
> There's 0.2.9 nightly, but I don't know if we have an 0.2.9-release build.
Yeah, unfortunately I could not find a 0.2.9.12 dpkg. I did find a deb, but it
wouldn't in
eed.
> I'm not sure that using 0.2.9 will help you, anyway.
I'm not sure either. :) I'm getting some mixed messages. 0.2.9.11 has the bug
https://trac.torproject.org/projects/tor/ticket/20059 from my top post, which
was fixed in 0.2.9.12. That package would at least remove the bug
In a relay's logs:
Oct 20 10:31:47 XXXXX Tor[]: We're low on memory. Killing circuits with
over-long queues. (This behavior is controlled by MaxMemInQueues.)
Oct 20 10:32:11 X Tor[]: Removed 1565259696 bytes by killing 1
circuits; 40008 circuits remain alive. Also ki
The relay is running Tor version 0.3.1.7 on Linux. There's 2 GB of available
RAM._______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I see "Onionoo seems to serve outdated data :( Last update was: Tue Oct 24
2017" at the top of Atlas, and querying the Onionoo API directly results in the
same outdated data.
Anyone working on fixing it?_______
tor-relays mailing list
> These nodes are popping up everywhere - is this some sort of malware being
> deployed on systems around the globe?
Interesting. It does look like malware to me.
- all running Tor 0.3.1.7 on Linux
- diverse AS / IP allocation, mostly looks like ISP end-subscriber
- same exit policy (
tc) provide
english results
OSError: [Errno 14] Bad address
Thanks for working on nyx!___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
27;-i' argument.
> Unfortunately I'm not sure of a good self-discovery mechanism. Would
> alternative messaging help?
It didn't take me long to figure out, but additional messaging might be
helpful. Right now nyx just displays "Unable to connect to tor. Are you sure
it
Hi Damian,
I can confirm the connections now display correctly. Thanks!
> Is 'tor' listed when you run "ps -ao ucomm="?
It is *not* listed. In case it helps, Tor 0.3.1.8 was installed via
ports/security/tor (https://www.freshports.org/security/tor), and I haven't
> Is it shown in the ps output as '/usr/local/bin/tor'? If so then I'll
> adjust Stem to look for that too.
Yep. 'ps ax' output looks like:
PID TT STATTIME COMMAND
83797 - R 1152:14.26 /usr/local/bin/tor -f /usr/local/etc/tor/torrc
--PidFile /var/
thanks for the tip about the different sqlite3 versions, although my
system seems to actually still use Python 2.7.14 by default.___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
ck and the list is still populated.
It's not really critical but it does seem to have changed with recent commits.
This is on FreeBSD.
Thanks._______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailm
even
after waiting 5 minutes. It may be the same underlying issue that you just
fixed, but thought I'd mention it. (I'd test it again, but that particular
config option requires a hard restart of the Tor service, so I'm going to lea
t; #!/usr/bin/env -S -i /usr/local/bin/python
> import os
> os.putenv('LANG', 'FOO')
> os.system('/usr/bin/env')
> os.putenv('LANG', 'BAR')
> os.system('/usr/bin/env')
> EOF
> chmod 0755 etest
> sudo -u _tor ./etest___
A 200px purple banner with a Schneier quote at the top of every page?
Seriously? What a hideous waste of space. Can anyone explain how this UI
element is helpful to users? It's awful._______
tor-relays mailing list
tor-relays@lists.torproject.org
Using the Tor Browser must have been a joke, because your traffic will route
through the exit nodes, and those exit IPs will presumably be on the same
blacklists.
I'd recommend you don't run a relay at home. Switch it to a bridge. Bridge IP
addresses are (usually) not published an
https://www.globalcyberalliance.org/community-partners.html#partner-industries
This leaves many unanswered questions. What criteria is used to define
"malicious" traffic? Who gets to add domains to the blacklist? Etc.
_______
tor-relays mailing
solved, go figure =p
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
.113.32.29:46023 munged>: SYN_SENT
Port is supposedly opened up for listen by a virus.
___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I went and added a reject for exit to port and HUPed the process.
Maybe this is the fix! :)
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
sible course of action for this sort of thing
would be within Tor itself. I don't know that it was a single client
connection into Tor that was causing all this trouble, but maybe it
was. One would think that one client should not be allowed to do
something so severe with the TCP that it
hosts and ports continually vary -
it never hits multiple destinations on 1 port, and it does not hit
multiple ports on 1 host. I presume it is an attack that is intended
to degrade this relay's service quality, or otherwise more broadly,
degrade Tor.
I'm going to reject a few more troj
;s machine, it's going to be mainly complaints about attempts.
I feel like a short notification should be all you need and you're
done with responses to stuff like that, such as:
Hi ,
That is the Tor exit router we host. https://www.torproject.org .
Unfortunately, bad actors sometimes m
>I am getting this too, I saw this the logs a few months ago and didn't think
>anything of it.
I wouldn't worry about it. Faravahar has a long history of misbehavior:
https://lists.torproject.org/pipermail/tor-relays/2015-November/008097.html
https://lists.torproject.org/pipe
+1, thanks for working on IPv6!
Just curious and didn't see an answer on the roadmap -- do bandwidth authority
measurements ever happen over IPv6?
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cg
https://www.twitch.tv/sp00k13z
https://twitter.com/notdan/status/941116413070270465
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
e relay that's still up?
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
hat will probably fix it. You'll need to trigger Tor to re-upload
its descriptor too. A restart of the Tor service will do it (although there may
be a better way). I've noticed similar issues before with Atlas holding on to
old nodes until that's done.
Cheers.
____
at seems entirely normal.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I think you just have a typo here:
> ORPort 80.127.177.180:993 NoListen
177 instead of 117 for the third octet.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>Other relays seeing this too?
For sure. Here is some recent reading material:
https://lists.torproject.org/pipermail/tor-relays/2017-December/013669.html
https://lists.torproject.org/pipermail/tor-relays/2017-December/013771.html
https://lists.torproject.org/pipermail/tor-relays/2017-Decem
> As a last resort, try setting:
>
> DisableOOSCheck 1
Did you mean "DisableOOSCheck 0"?
"DisableOOSCheck 1" seems to be the default already (for Debian/Ubuntu and as
mentioned here
https://www.torproject.org/docs/tor-m
For relay operators using iptables connlimit to mitigate DoS attacks (or
increased load from new clients), is it better for the Tor network to use
"DROP" rules, or should we use something like "REJECT --reject-with tcp-reset"?
______
Attempting to limit a relay to only certain times of day, days of the week,
etc., is very likely to produce a relay that doesn't really get used. I'm not
sure I see the point in running a relay under those types of restrictions.
_______
tor-rela
m falling over
instead. The second reduces the amount of memory used.
___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
e. What's that about? Will disabling the DirCache affect the
Guard flag (today)?
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>If you have the CPU, RAM, and disk space, you should leave these settings on.
>
>It will affect some client versions' choice of guards:
>https://trac.torproject.org/projects/tor/ticket/24312#comment:4
I have guards that are bottle-necked by CPU, and I'm still explori
e which ones are the most performant, and then keep the
best ones. That's what I would do. :)
___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I see this occasionally. It's not specific to 0.3.3.x. I reported it back in
October 2017:
https://lists.torproject.org/pipermail/tor-relays/2017-October/013328.html
Roger replied here:
https://lists.torproject.org/pipermail/tor-relays/2017-October/013334.html
MaxMemInQueues is set to 1
curity reasons. It's also not
recommended to run Tor as root. For best security on FreeBSD, it may be best to
use ports over 1024 for Tor.
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/l
branch has the package with DoS
mitigations.
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> Relay search appears to be down right now.
It seems the website (https://www.torproject.org) and package repos (ex:
deb.torproject.org) are currently down as well.
Anyone working on it?
___
tor-relays mailing list
tor-relays@lists.torproject.
) scanned in 3.56 seconds
If you're behind a router doing NAT, you'll need to forward the DirPort and
ORPort ports.
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
in the
consensus, but I've seen suggestions to lower it to 4).
Am I misunderstanding?
___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
nning them.
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
how about adding IPv6 to your relays, from a quick look at where they
are hosted all providers support it.
Thank you
On 4/28/2018 8:31 PM, Nathaniel Suchy (Lunorian) wrote:
Hi,
The Tor relay
https://metrics.torproject.org/rs.html#details/B0BF533DA3BC09DEEB4AF2BEC16FA21063216FE4
of mine
making a filter that outright rejects Base-64 emails from that sender
(ie: requiring all abuse@ emails to be submitted plain text or HTML).
___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
. The quoted content may be ugly, but it
does not appear to qualify as site or network abuse.
Ch'Gans wrote:
>Everything went well so far, until today. Someone, let's call this
>person/group "A", reported an abuse to Hetzner. A TOR User, "B", is
>spamming
Are you sure that you want allow port 25 on ipv4 and 6? Can't test it from
here but it looks like you allow all ports on v4 and v6
Am 22.05.2014 09:11 schrieb "Adam Brenner" :
> Howdy,
>
> I have setup a Tor exit node and IPv4 appears to work (will get a real
> test in
The spam to my own Tor relay operator email address (same one as in
this list) isn't meaningful in volume. I haven't seen any amounts that
a delete key couldn't easily handle.
In my experience, you should be careful with spam filtering, as you
could end up dumping abuse comp
15:36:10
Jun 29 15:36:38
Jun 29 15:37:15
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In my experience yes, you should be able to move those files to the
current working directory and it will just work.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Assuming the Tor service is running on a dedicated host, you could use
an SNMP-aware switch and query it with Cacti for graphs on the
switchports, or maybe run an snmpd on the node and use Cacti to build
graphs against the node's ethernet card stats.
http://www.cacti.net . It can al
You somewhat made a mistake here - you've got to have an exit policy
that (minimally) rejects ports 25 and 465, or else your relay becomes
a giant abuse tool for spammers, scammers, and phishers instead of
what you intended it to be (which was a standard-functioning Tor
relay).
You
relay
becomes
a
>> giant abuse tool for spammers, scammers, and phishers instead of
what
>> you intended it to be (which was a standard-functioning Tor
relay).
>>
>> You might try telling your ISP that you made a mistake in your
>> configuration which allowed spam
Let's not confuse two things, here. The customer wanting to host a Tor
exit relay is a different service request than wanting to run a
wide-open SMTP relay. No reputable ISP would agree to host an open
SMTP relay and I'm sure this one did not knowingly do so.
It would be unfor
tting tor
unfriendly because of this, i run there exits for 2 years on some vps's
without a problem and i hope they don't start killing them now
Am 30.07.2014 14:39 schrieb "Lunar" :
> t...@t-3.net:
> > You somewhat made a mistake here - you've got to have an exit po
0 PREC=0x00
TTL=49 ID=21840 DF PROTO=TCP SPT=10200 DPT=9001 WINDOW=46 RES=0x00 ACK
PSH FIN URGP=0
___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
We never had our exit nodes become the targets of DDOS attacks
HOWEVER, we occasionally see abuse complaints due to someone abusing
Tor to DDOS attack other targets. Perhaps that's what you're seeing?
_______
tor-relays mailing list
fix most of the data
> racing places
> Current version of tor daemon, passes chutney test, and chutney + valgrind
> for data racing test.
>
> I glad I work for tor, thank you all.
>
>
>
> ___________
> tor-dev mailing l
On 10/9/14, 8:21 AM, Eric Hocking wrote:
> Hi everyone,
>
> Is there a limit to how many exit nodes we can run?
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/
n to do this, or why there is a problem.
Can think of quite a few negatives, the worst of which are related to
the fact that NSA/GCHQ would like for Tor to go away. Something like
what you describe would be a nice little tool for them to get
useful-to-them personal info about Tor node operators.
1 - 100 of 1399 matches
Mail list logo
