Re: [tor-relays] Fallback directory mirror DFRI7 is dead
On Fri, Aug 25, 2017 at 11:43:10AM +1000, teor wrote: > > A new DFRI7 will appear on the same address and port within a couple of > > days. Should I simply update fallback_dirs.inc? > > No need to do anything right away! Will it be bad to have a new relay (with a new key), on the same IP:port as what many clients think is an existing fallback relay? I can imagine clients getting warnings in their logs, about how they're getting an unexpected fingerprint while attempting to connect. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fallback directory mirror DFRI7 is dead
> On 25 Aug 2017, at 09:23, Linus Nordberg wrote: > > Hi teor, > > Fallback directory mirror DFRI7 [0] is down, due to multiple disk > krashes, since about 30h and will not come alive with the same key. > > [0] 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576 > > A new DFRI7 will appear on the same address and port within a couple of > days. Should I simply update fallback_dirs.inc? No need to do anything right away! We do a fallback refresh every 6-12 months. The list is backported to 0.2.8 and later, and goes out in the next patch release. I've updated the ticket [1] we're using to track whitelist changes. There is also a master ticket [2] for the 0.3.2 or 0.3.3 fallback refresh. We try to keep 90% of fallbacks available, and we're currently at about 88% [3]. (The network can cope with 50% of the fallbacks being down, but it puts load on the authorities.) So we'll do a refresh [4] some time in the next few months. It would be great to get it done in September for the 0.3.2 alpha series [5]. If anyone wants to help generate the list, the instructions are at [4] in section 3b. (We wrote longer instructions, but they took a lot of time, without adding much value.) Tim [1]: https://trac.torproject.org/projects/tor/ticket/22321#comment:4 [2]: https://trac.torproject.org/projects/tor/ticket/22271 [3]: https://consensus-health.torproject.org/graphs.html (Needs JS, SVG) [4]: https://trac.torproject.org/projects/tor/wiki/doc/UpdatingFallbackDirectoryMirrors#b.GeneratingtheList [5]: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases Tim T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Fallback directory mirror DFRI7 is dead
Hi teor, Fallback directory mirror DFRI7 [0] is down, due to multiple disk krashes, since about 30h and will not come alive with the same key. [0] 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576 A new DFRI7 will appear on the same address and port within a couple of days. Should I simply update fallback_dirs.inc? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Install Error
On Thu, Aug 24, 2017 at 11:42:23AM -0700, Kurt Besig wrote: > While using apt-get to update my tor relay to a 'recommended' version I > keep encountering this error: > > W: An error occurred during the signature verification. The repository > is not updated and the previous index files will be used. GPG error: > http://deb.torproject.org trusty InRelease: The following signatures > couldn't be verified because the public key is not available: NO_PUBKEY > 74A941BA219EC810 > > W: Failed to fetch > http://deb.torproject.org/torproject.org/dists/trusty/InRelease > > I've read several approaches to remedying this error, however I'm > wondering what would be the 'most widely accepted as correct' method of > dealing with the error? Run the following commands: gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - sudo apt-get update sudo apt-get install tor deb.torproject.org-keyring You can find the instructions for using the repository here: https://www.torproject.org/docs/debian.html.en#ubuntu -- 4096R/1224DBD299A4F5F3 47BC 7DE8 3D46 2E8B ED18 AA86 1224 DBD2 99A4 F5F3 signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OR banned?
I have no say in how/when your relay can be reinstated. But, before you resume any such research from any relay you should consult the Tor Research Safety Board guidelines and then submit to them a request for advice about the research you wish to do. https://research.torproject.org/safetyboard.html HTH, Paul On Thu, Aug 24, 2017 at 02:35:29PM -0300, Marcus Danilo Leite Rodrigues wrote: > David, > > My relay was harvesting .onion addresses and I apologize if that breaks any > rule or ethical guideline. > > I'm a Junior Researcher at the Laboratory of Security and Cryptography at > University of Campinas. We were conducting some research on malicious > Hidden Services to study their behavior and how we could design a tool that > could tell malicious and benign Hidden Services apart. > > Because we focus mainly on web pages, we use a crawler to get almost all of > the data we need. However, there are some statistics (such as the size of > the Tor network, how many HSs run HTTP(s) protocol, how many run other > protocols and which protocols do they run, etc) which cannot be obtained > through a crawler. That's why we were harvesting .onion addresses. > > We would run a simple portscan and download the index page, in case it was > running a web server, on a few random addresses we collected. We would also > try and determine the average longevity of those few HSs. However, after > collecting the data we needed for statistical purposes, the .onion > addresses we collected would be deleted and under no circumstances we would > disclose the information we collected on a specific .onion address we > harvested. In addition, we would never target specific harvested HS, but > only a random sample. > > We would like to keep running our relay. We can make this process as > transparent as possible without disclosing any information that would harm > the anonymity of any user. We could also comply with any demands that the > Tor authorities might have. In case that's not possible, we will completely > respect your decision and will no longer harvest .onion addresses. However, > I'd like to ask for our IP address range to be unbanned so that other > people at my university can conduct some other research in the future and > so we can run a regular relay :) > > I appreciate the time you took to address this issue and I'm willing to > answer any questions you may have. > > Much obliged, > Marcus. > > 2017-08-24 12:16 GMT-03:00 David Goulet : > > > On 24 Aug (12:11:47), Marcus Danilo Leite Rodrigues wrote: > > > Hello. > > > > > > I was running a Tor Relay for the past month (fingerprint > > > 71BEBB61D0D35234D57087D035F12971FA315168) > > > at my university and it seems that it got banned somehow. I got messages > > on > > > my log like the following: > > > > > > http status 400 ("Fingerprint is marked rejected -- please contact us?") > > > response from dirserver '171.25.193.9:443'. Please correct. > > > > > > I was hoping to get some information regarding this ban and how I could > > > correct whatever was done wrong in order to get my relay up and running > > > again. > > > > Hello Marcus, > > > > You relay has been found to be harvesting .onion addresses which is > > strictly > > prohibited on the network. > > > > See https://blog.torproject.org/blog/ethical-tor-research-guidelines > > > > Were you conducting some research or ? > > > > Thanks for running a relay! > > David > > > > > > > > Best wishes, > > > Marcus Rodrigues. > > > > > ___ > > > tor-relays mailing list > > > tor-relays@lists.torproject.org > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > > -- > > dI6qBwjRAsZuHbMRuPaXkArKESn4fYnY9Gcn/UW8Dlc= > > > > ___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor Install Error
While using apt-get to update my tor relay to a 'recommended' version I keep encountering this error: W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 74A941BA219EC810 W: Failed to fetch http://deb.torproject.org/torproject.org/dists/trusty/InRelease I've read several approaches to remedying this error, however I'm wondering what would be the 'most widely accepted as correct' method of dealing with the error? Thanks signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OR banned?
David, My relay was harvesting .onion addresses and I apologize if that breaks any rule or ethical guideline. I'm a Junior Researcher at the Laboratory of Security and Cryptography at University of Campinas. We were conducting some research on malicious Hidden Services to study their behavior and how we could design a tool that could tell malicious and benign Hidden Services apart. Because we focus mainly on web pages, we use a crawler to get almost all of the data we need. However, there are some statistics (such as the size of the Tor network, how many HSs run HTTP(s) protocol, how many run other protocols and which protocols do they run, etc) which cannot be obtained through a crawler. That's why we were harvesting .onion addresses. We would run a simple portscan and download the index page, in case it was running a web server, on a few random addresses we collected. We would also try and determine the average longevity of those few HSs. However, after collecting the data we needed for statistical purposes, the .onion addresses we collected would be deleted and under no circumstances we would disclose the information we collected on a specific .onion address we harvested. In addition, we would never target specific harvested HS, but only a random sample. We would like to keep running our relay. We can make this process as transparent as possible without disclosing any information that would harm the anonymity of any user. We could also comply with any demands that the Tor authorities might have. In case that's not possible, we will completely respect your decision and will no longer harvest .onion addresses. However, I'd like to ask for our IP address range to be unbanned so that other people at my university can conduct some other research in the future and so we can run a regular relay :) I appreciate the time you took to address this issue and I'm willing to answer any questions you may have. Much obliged, Marcus. 2017-08-24 12:16 GMT-03:00 David Goulet : > On 24 Aug (12:11:47), Marcus Danilo Leite Rodrigues wrote: > > Hello. > > > > I was running a Tor Relay for the past month (fingerprint > > 71BEBB61D0D35234D57087D035F12971FA315168) > > at my university and it seems that it got banned somehow. I got messages > on > > my log like the following: > > > > http status 400 ("Fingerprint is marked rejected -- please contact us?") > > response from dirserver '171.25.193.9:443'. Please correct. > > > > I was hoping to get some information regarding this ban and how I could > > correct whatever was done wrong in order to get my relay up and running > > again. > > Hello Marcus, > > You relay has been found to be harvesting .onion addresses which is > strictly > prohibited on the network. > > See https://blog.torproject.org/blog/ethical-tor-research-guidelines > > Were you conducting some research or ? > > Thanks for running a relay! > David > > > > > Best wishes, > > Marcus Rodrigues. > > > ___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > -- > dI6qBwjRAsZuHbMRuPaXkArKESn4fYnY9Gcn/UW8Dlc= > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OR banned?
On 24 Aug (12:11:47), Marcus Danilo Leite Rodrigues wrote: > Hello. > > I was running a Tor Relay for the past month (fingerprint > 71BEBB61D0D35234D57087D035F12971FA315168) > at my university and it seems that it got banned somehow. I got messages on > my log like the following: > > http status 400 ("Fingerprint is marked rejected -- please contact us?") > response from dirserver '171.25.193.9:443'. Please correct. > > I was hoping to get some information regarding this ban and how I could > correct whatever was done wrong in order to get my relay up and running > again. Hello Marcus, You relay has been found to be harvesting .onion addresses which is strictly prohibited on the network. See https://blog.torproject.org/blog/ethical-tor-research-guidelines Were you conducting some research or ? Thanks for running a relay! David > > Best wishes, > Marcus Rodrigues. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- dI6qBwjRAsZuHbMRuPaXkArKESn4fYnY9Gcn/UW8Dlc= signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] OR banned?
Hello. I was running a Tor Relay for the past month (fingerprint 71BEBB61D0D35234D57087D035F12971FA315168) at my university and it seems that it got banned somehow. I got messages on my log like the following: http status 400 ("Fingerprint is marked rejected -- please contact us?") response from dirserver '171.25.193.9:443'. Please correct. I was hoping to get some information regarding this ban and how I could correct whatever was done wrong in order to get my relay up and running again. Best wishes, Marcus Rodrigues. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Any IP allocations available out there?
Hi, On Wed, Aug 23, 2017 at 5:29 PM, Paul Templeton wrote: > Thanx to all here on the list for input to earlier posts. Helped a lot. > > Question I have is there anywhere where you can get a block of IP address or > lease as I'm in the process of getting a 10/10Mb SHDSL service(No flaming > data cap :-)) here in AU but I want an IP range that abuse questions can be > forwarded to me. The service provider doesn't provide ARIN registration but > said if I have my own block I can update the BG and manage it my self. If you're interested in becoming your own ISP (obtaining your own ASN, IPv6 and IPv4 scopes), you'll need to apply via APNIC, as I did in the US with ARIN. Here is an example: 1. Find co-location space in AU with good prices. Be transparent and educational about what you plan on doing so your provider isn't surprised. You would need to get a quote from them for 2U of space, 2 amps of power, 100Mbps commit on a 1G port, and a /28 or greater. You need two low power systems, one router (pfsense, opnsense, etc) for BGP and general routing, and one system for Tor processes. You will run middle relays until you get your own IP scopes -- rDNS and SWIP is not enough to get all abuse to come directly to you. 2. Once you have your /28 (etc) IPv4 scope (Tor still depends on v4), you can apply to APNIC for ASN and IP scopes. I encourage you to prioritize IPv6, but v4 is still required. You need to show current IP usage in order to apply for, and be granted, your own IP scopes (chicken before the egg). ARIN is $550 for ASN, and $500 each for v6 (/36) and v4 (/24) scopes. Each item is $100 recurring annually, but I don't know what APNIC charges for any of those things. 3. Once you have your own AS and IPs, you'll need to sign a BGP Letter of Agency (LOA) with your transit provider so they can announce your IP scopes upstream. Then you can then change your IPs and begin exit relaying if you're comfortable with that. So, there's lots of details that I didn't go into, obviously this example depends on many things and also requires knowledge of certain systems and legality. Doing all of this will require a couple thousand dollars and fortitude, especially if you are new to networking. Happy to help further if needed. Cheers, Yawnbox https://emeraldonion.org/ > > Regards, > > Paul > PS - the best price I can do at the moment is $550pm - *SIGH* - but worth it. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays