Re: [tor-relays] Shutting down middle relays (off-topic)
At least the qualys online test is only testing port 443 - could it be that you run your web-server on this port? If you run your web-server with e.g. mod-spdy you also have to update mod-spdy because it is built with its own openssl. This was a problem on my server too (not fedora or Centos tough) Regards Am 22.06.2014 03:36, schrieb Tora Tora Tora: Basically, I am left to conclude that (1) the latest update on Fedora/Centos does not patch CCS Injection vulnerability or (2) the test is wrong--correction, both Tripwire and Qualys tests are wrong or (3) between a Fedora and two Centos machines, one of which is really just a test machine, all are out of wack or (4) something else is weird. Anyone else ran Qualys test on their patched Centos server? https://www.ssllabs.com/ssltest/analyze.html?d=YOUR_DOMAIN_NAMEhideResults=on Anyone else tried Tripwire on their patched Centos server? https://raw.githubusercontent.com/Tripwire/OpenSSL-CCS-Inject-Test/master/OSSL_CCS_InjectTest.py I would love to see if anyone else is getting the same warnings. Thanks... On 06/21/2014 03:09 PM, Tora Tora Tora wrote: And now I have tried a reboot. No change. Weird ... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Shutting down middle relays (off-topic)
Yes, both Qualys and Tripwire tests are testing a web server's HTTPS port. Yes, I do run mod_pagespeed on the web server. Alas, I get the same result when I disable it and restart Apache. It is however an interesting direction to investigate, since now I am thinking of examining other modules as well, such as mod_ssl, etc. Does anyone know of a test to run against OpenSSL directly to confirm it is patched (I do not mean checking the change log)? Thanks... On 06/22/2014 03:52 AM, Andreas Reich wrote: At least the qualys online test is only testing port 443 - could it be that you run your web-server on this port? If you run your web-server with e.g. mod-spdy you also have to update mod-spdy because it is built with its own openssl. This was a problem on my server too (not fedora or Centos tough) Regards ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Why is UFW bllocking allowed TOR traffic?
I was monitoring UFW today and noticed that it was periodically blocking allowed TOR traffic. any ideas why from those with more experience than I? toradmin@IrvineTorExit:~$ sudo ufw status Status: active To Action From -- -- 22 ALLOW Anywhere 9001/tcp ALLOW Anywhere 9030/tcp ALLOW Anywhere 80 ALLOW Anywhere 22 (v6)ALLOW Anywhere (v6) 9001/tcp (v6) ALLOW Anywhere (v6) 9030/tcp (v6) ALLOW Anywhere (v6) 80 (v6)ALLOW Anywhere (v6) toradmin@IrvineTorExit:~$ sudo tail -f /var/log/syslog | grep DPT=9001 Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246977] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00 SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=10392 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0 Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246988] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00 SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=10396 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0 Regards, Jeff ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Is my tor exit relay set up correctly?
Hi, A few weeks ago I setup a tor exit relay, using this documentation: https://www.torproject.org/docs/tor-relay-debian.html.en I have somewhat experience, so I kinda knew what I was doing, and I got the message Self-testing indicates your ORPort is reachable from the outside. Excellent. in the log file. But my server doesn't seem to appear in any tor relay lists such as https://globe.torproject.org, even after a few weeks. What could I have done wrong?___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] CLI tool like Atlast
Here's the code for anyone interested: https://github.com/woeisme/torchart pretty basic json query to php and pchart -Jason On 06/18/2014 03:17 PM, Kali Tor wrote: Hi, On Wednesday, June 18, 2014 11:26 AM, ja...@icetor.is ja...@icetor.is wrote: I fooled around with some php json parsing in order to get my metrics charts working on icetor.is . I can send you the code if you'd like. -Jason That would be much appreciated! Thanks, KaliTor On 06/18/2014 10:15 AM, Lukas Erlacher wrote: Hi, I'm working on that. The onion.py script in OnionPy [1] has some rudimentary atlas-like functionality that I hope I can soon make complete as soon as I find some free time. If you know python, it shouldn't be too hard to do that, PR's welcome! Best, Luke [1] https://github.com/duk3luk3/onion-py On 06/18/2014 12:01 PM, Kali Tor wrote: Hi all, Is there a CLI client/tool that does what https://atlas.torproject.org/ does? Basically provide an output based on a node's fingerprint? e.g. https://atlas.torproject.org/#details/7EDE11A41D1C7DF4F9103ABAA4F0A31E42CB0C02 Thanks, KaliTor ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
