[tor-relays] Relay operators: help improve this hardening document?
Hi, all! There's a project going on to try to add instructions for hardening a Tor relay for security: https://trac.torproject.org/projects/tor/ticket/13703 The idea is that Tor could ship with some basic recommendations, and links to places to find more advice? Recently, mmcc has uploaded a new draft. Do we think this is better than nothing and worth shipping with Tor, or does it need big changes? If possible, please write comments on the trac ticket above: it will help keep all the discussion in one place. best wishes, -- Nick ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay operators: help improve this hardening document?
On 02/06/2015 12:03 AM, grarpamp wrote: On Thu, Feb 5, 2015 at 11:15 PM, Nick Mathewson ni...@freehaven.net wrote: The idea is that Tor could ship with some basic recommendations, and links to places to find more advice? If it's a question that can be answered by searching how do i secure and run my unix server, including anything other than links to such answers would seem redundant. Sure, noobs are out there, but it isn't efficient for application projects to formally provide general computer training. If it's a question of how do i make tor/unix run happy together on my server, ie: file descriptor shortages, that's a specific known interaction with tor itself, and thus a different situation. The only thing I'd ship with tor are links... to two community maintained wiki pages, one for each class of question above. From there the community can write whatever faq help desired independant of the release process and considering external developments. If there wasn't a community or wiki, then shipping any critical runtime dependency notes on the second class of question would be reasonable. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays For what it's worth, I'm mmcc - I wrote the doc/HARDENING draft. It did end up containing more text than we had hoped. However, I think some of it is worthwhile. For example, the firewall rules are unique to Tor and not entirely obvious. People also wouldn't encounter the DNS suggestion elsewhere. I added that version to the ticket because it was being considered for the 0.2.6 release. I sent a similar version to the mailing lists a couple months ago and haven't reviewed and incorporated some of the suggestions I received, partially because I suspected that it was already too verbose. I'm not attached to this document, and I'm fine with it not being added. I also like the idea of linking to a wiki page. Generally, I think we need to make more of an effort to get security information to relay operators. Many volunteer a VPS or home server out of curiosity, and there isn't much of a culture of operational security among those contributors. This could become a problem as the network matures. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay operators: help improve this hardening document?
On Thu, Feb 5, 2015 at 11:15 PM, Nick Mathewson ni...@freehaven.net wrote: The idea is that Tor could ship with some basic recommendations, and links to places to find more advice? If it's a question that can be answered by searching how do i secure and run my unix server, including anything other than links to such answers would seem redundant. Sure, noobs are out there, but it isn't efficient for application projects to formally provide general computer training. If it's a question of how do i make tor/unix run happy together on my server, ie: file descriptor shortages, that's a specific known interaction with tor itself, and thus a different situation. The only thing I'd ship with tor are links... to two community maintained wiki pages, one for each class of question above. From there the community can write whatever faq help desired independant of the release process and considering external developments. If there wasn't a community or wiki, then shipping any critical runtime dependency notes on the second class of question would be reasonable. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Changes in network traffic pattern
Hi All I have been running a tor relay for about a year and according to my munin graph It normally receives, on average, just under 2,000 incoming tcp connections on port 443 every 5 minutes. In the last few days that figure has increased to about 10,000 and spiked to about 19,000 incoming requests every 5 minutes. First thought was DDOS but traffic is not high enough to cause any problems. I did some digging and in a 5 minute period received the following requests to the port tor is listening on (number of requests and source ip address) 2722 SRC=107.167.22.79 1355 SRC=107.167.22.90 1334 SRC=104.37.244.131 1237 SRC=213.251.185.14 604 SRC=188.247.130.32 13 DST=178.200.216.58 7 SRC=92.63.110.232 6 SRC=5.196.8.208 6 SRC=200.76.82.231 6 DST=93.158.248.243 This is only the top 10 source ip addresses. I had a look and none of the top few seem to be tor relays. Just wondering if others are seeing a large number of requests from the above ip addresses or if it's just me. If it is just me then I can easily just block these ip addresses. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TOR: Inbound, Outbound, Exit connections
Inbounds: Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server's IP address (and thus its network location), a hidden service is accessed through its onion address https://en.wikipedia.org/wiki/.onion. Outbound: Trrafic going out from your server. To allow only tor to use it: https://trac.torproject.org/projects/tor/wiki/doc/BlockNonTorTrafficDebian Exit: Your server will be used as public ip for end user. On 2 February 2015 at 23:39, Ralph Bolliger ia.tor.re...@gmail.com wrote: *Good evening ladies and gentleman* I'm running a TOR Exit for a few days now ( https://globe.torproject.org/#/relay/06BA80D9E1143CFAD835442142A3FA5A1E4FD910). I'm also using TOR ARM in order to monitor TOR's performance, log messages and connections. When I have a look at the connections page on TOR ARM I read about «Inbound», «Outbound» or «Exit» connections. I searched the web already. But I wasn't able to find a site that explains in simple words what's the difference between «Inbound», «Outbound» or «Exit» connections. Is there anybody who is able to tell me what «Inbound», «Outbound» or «Exit» connections are? Greetings from Switzerland Information Architect ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- http://www.backbox.org http://www.pentester.iz.rs ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays