Re: [tor-relays] amount of unmeasured relays continuously rising since 2 weeks

2015-05-21 Thread Network Operations Center 

Matt,

135 Kb/s measured, I'm currently pushing data at 40Mbit in/out (limit is 
80 Mbit with burst to 120 Mbit).


On 21.05.2015 11:14 PM, Speak Freely wrote:

Hey NOC,

Nah I had the same experience with *1* relay. Following the same
pattern, none of the other relays have left 20. I'm now at 16200 and
averaging ~30mb/s.

4 still in limbo. What's also interesting is I setup a non-exit and it
also will not get past 20.

What does arm say your measured speed is? Mine was 45Kb/s for the
longest time, but very recently went to 126.5Kb/s, but that's silly.


Matt
Speak Freely
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Speak Freely 
The problem is compounded by the fact each BL company is racing it's way
to the bottom, adding each others finds to their own lists. SpamHaus has
OVER 1 *BILLION* addresses listed.

I lost several relays (11) from OVH because DanTor recorded my relays,
then CBL recorded DanTor, then SpamHaus Zen recorded CBL, which allowed
OVH to claim "100% of your IPs are blacklisted on multiple lists" when
in reality it was from a guy in the UK who publishes all Tor relays -
guard, middle, exit - that caused this whole problem for me. Not one
single complaint from anyone against any of my relays.


Matt
Speak Freely
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] amount of unmeasured relays continuously rising since 2 weeks

2015-05-21 Thread Speak Freely 
Hey NOC,

Nah I had the same experience with *1* relay. Following the same
pattern, none of the other relays have left 20. I'm now at 16200 and
averaging ~30mb/s.

4 still in limbo. What's also interesting is I setup a non-exit and it
also will not get past 20.

What does arm say your measured speed is? Mine was 45Kb/s for the
longest time, but very recently went to 126.5Kb/s, but that's silly.


Matt
Speak Freely
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] amount of unmeasured relays continuously rising since 2 weeks

2015-05-21 Thread Network Operations Center 
After changing my exit node to a regular node it jumped from 20 to 7000 
rating. I changed it back to exit and it jumped to 9000 and stayed on 
that value. This was a few days ago.


Right now I've seen an increase to 17000. I assume this is due to the 
new authorities? I'm glad that my node is being used again.


On 18.05.2015 11:27 PM, s7r wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi nusenu,

Again thanks for keeping an eye on things. At least partially, the
balance of measured/unmeasured should be fixed in the new few days.

To relay operators, in the mean time, please bare for few more days
and sorry for the inconvenience, I can imagine what it feels like to
have a high capacity unmeasured relay. Developers already know that a
new bandwidth measurement system is badly needed, just need to find
workarounds for the short term until such a system will be ready.



On 5/19/2015 12:02 AM, nusenu wrote:

now even DocTor starts to complain

https://lists.torproject.org/pipermail/tor-consensus-health/2015-May/0

05772.html




___

tor-relays mailing list tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVWlkwAAoJEIN/pSyBJlsRPUEH/3x9638bl0mSoq2oEpC3MazV
GgCEh/MG+6dWDKdASG0qdrpdFPt4VrihuwhIOB5l5G9x6RUhf1LEZvGjdqYiyz0Y
JRB1m4Mek8x0iHKeVQeY8VnWX3WQBEpgXc4EVUHgkTGXZByLSAueyYnviD0hGeiy
ftfaBhN6SE5nzxAVBmzHBiC5rmFl5cam3o9YxguGOkugaWeLHgHDECbQ+yjacy1N
6VjudnuuFeAu2myfo6g2W7tCHswVaDwqyUhmhuab9OUguImv0HdHoGgeJM/tn3TZ
EQuRSKYV4jhfCkzpcLvzcsueJKuLfchGyJ8JxiD/vbLuXe9swLJsUcwORg4BMQQ=
=w3+J
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Tim Semeijn 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Good point. I should have thought better about phrasing my opinion as
labeling the lists as simply shitty might be a bit blindsighted.
Listing whole ranges though seems to do more damage than good in most
cases, certainly when no proper delisting policy is in place.

On 5/21/15 10:46 PM, Rejo Zenger wrote:
> ++ 21/05/15 22:35 +0200 - Tim Semeijn:
>> The lists of SECTOOR might be used wrongly but they sound like
>> they belong to the ever growing list of 'shitty blacklists'. In
>> my work for
> 
> In my personal opinion: you are barking at the wrong tree. It's
> your freedom to create a list of whatever you like with whatever
> criteria you please and name it whatever it makes you feel good.
> And yes, of course, it is your freedom to label one more of those
> lists as "shitty blacklists".
> 
> Point is: I don't think there is such a thing as a shitty
> blacklist. In the end it's up to the administrator of a server to
> use or not to use a list.
> 
> And yes, I am aware some issues may arise if one of thoses lists
> has a large user base (as, in that case, the compiler of that list
> may (ab)use that power). It's not that I am 100% in favor of these
> lists. :)
> 
> 
> 
> 
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

- -- 
Tim Semeijn
Babylon Network
pgp 0x5B8A4DDF
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJVXkZAAAoJEIZioqpbik3fayIP/jqr98PUj06rZkWqu/dyEmWK
DXDTvD4Vt7wBik5NW0xQhUlRlcjtflkVEW9jM5KjslORdLS2A03nUt85pp2CzlfP
gAcWuGAQJqUjDVySnyNxR7RB5MyCrAOtXf0Cr1UhJjVdebyRoAmtZfRwzMT8b6XJ
V3/KJQszw45RofKaLDQ33996LX1eNvILswSG3+ueEOUSt4sXPvpxuxMZRPX5wGW4
32GEPBlSGgPeSjvaDxZ+B+2zKa0aKlD2ARaDTv2W/ye+J+yevvfVAzBJgP9v00ap
7+yp4yUhgIsNDzV9BG+EYK8fEq1ve1H302kw52s7Zk2jGAozPNgBnZgCVfL46m4O
sA/hPwIsUGDk6Gx5Vs5iwAzkCpO5sOq2VoSEKklbfvu8pJN+DOvCJkYuyMIWdbp/
JYl/rk79zwlX37n4Cm8dLZeLpJtBXlRy/cPhunlPbF7sdv0UDahqyMP0sYiuHhUz
jDIzpDGw8K6UWmK9DGyqkomoUF5LNot4y9GmyFRrLd6P9c18OKDGHg3TdEpvuBYV
SChnvDp1auBR8eIXWKdvba7eKe+yhA/aK2Ld/gDFYM+HMwKPSyC+Y+W1qT1M40Ra
HawPewnd3S2mfAGwL1HXmuNzxdbrljLDVltC53tF/Tjn0EvVnRC15loAzNN94Sys
7A4D0oPu3QXXSyO1HxmP
=+RXC
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Rejo Zenger 
++ 21/05/15 22:35 +0200 - Tim Semeijn:
>The lists of SECTOOR might be used wrongly but they sound like they
>belong to the ever growing list of 'shitty blacklists'. In my work for

In my personal opinion: you are barking at the wrong tree. It's your 
freedom to create a list of whatever you like with whatever criteria you 
please and name it whatever it makes you feel good. And yes, of course, 
it is your freedom to label one more of those lists as "shitty 
blacklists". 

Point is: I don't think there is such a thing as a shitty blacklist. In 
the end it's up to the administrator of a server to use or not to use a 
list. 

And yes, I am aware some issues may arise if one of thoses lists has a 
large user base (as, in that case, the compiler of that list may (ab)use 
that power). It's not that I am 100% in favor of these lists. :)


-- 
Rejo Zenger
E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl  
T @rejozenger | J r...@zenger.nl
OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
Signal0507 A41B F4D6 5DB4 937D  E8A1 29B6 AAA6 524F B68B
  93D4 4C6E 8BAB 7C9E 17C9  FB28 03


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread n...@cock.li 
blaatenator:
>>   * Port 25
>>   * Port 194
>>   * Port 465
>>   * Port 587
>>   * Port 994
>>   * Port 6657
>>   * Ports 6660-6670
>>   * Port 6697
>>   * Ports 7000-7005
>>   * Port 7070
>>   * Ports 8000-8004
>>   * Port 9000
>>   * Port 9001
>>   * Port 9998
>>   * Port 

Were you using the recommended reduced exit policy? It seems like it'd
block most of the ports they're complaining about:
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

If you haven't, you might want to start now, and make sure it covers the
extra ports they're mentioning, to make them happy.


You may also want to see the other of tips for running an exit node with
less harassment:
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Tim Semeijn 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I forgot to mention the list of 'shitty blacklists' offers hardly any
way to request delisting when the event occurs an IP address gets
handed out to a different user. As far as I have seen SECTOOR belongs
on this list based on the fact that delisting is a pain.

On 5/21/15 10:35 PM, Tim Semeijn wrote:
> The lists of SECTOOR might be used wrongly but they sound like
> they belong to the ever growing list of 'shitty blacklists'. In my
> work for a hosting company I receive complaints regarding
> malpractices of such lists on a daily basis. For example there are
> lists who blacklist whole IP ranges based on generic rDNS (hello
> Spamrats Dyna). Being a company that sets rDNS to
> [IP-ADDRESS].companyname.tld for all non-used IP addresses you are
> basically fucked.
> 
> Most of these blacklists are actually used by parties who probably 
> started using them when these lists were not vigilante-like.
> 
> Hooray for shitty blacklists...
> 
> On 5/21/15 10:15 PM, Roger Dingledine wrote:
>> On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen
>> wrote:
>>> I got the same message yesterday, I asked leaseweb to put our 
>>> exit node(hviv103) in a "dirty" ip-block and asked sectoor for
>>> a clarification on what happened. No reply to date of any
>>> party.
> 
>> Doesn't sectoor publish two lists, one which is just Tor exit IP
>>  addresses, and another which is the /24's around them? And then 
>> they encourage people to use the more conservative list, but of 
>> course they hint that using the broader list will catch more 
>> spammers?
> 
>> So it's possible that the answer is "some website somewhere on
>> the Internet is using sectoor's lists wrong". :/
> 
>> And in case you haven't read this lately (I read it every few 
>> months and it makes me freshly angry each time), here's your 
>> pointer to http://paulgraham.com/spamhausblacklist.html
> 
>> --Roger
> 
>> ___ tor-relays
>> mailing list tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

- -- 
Tim Semeijn
Babylon Network
pgp 0x5B8A4DDF
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJVXkNBAAoJEIZioqpbik3fgpEP/inQTt3WB8RG1pmAIltx92/L
emog+azFnm5xdxUXB5Eg1U0CqyVOAl0RS8wVUKSnAHYfG0W6KZZ/0pRpierT6Kxm
623+g8j4Q547dbPSyXpd7mQ/hwmMLTvdlUIS5nON1xLXtS5eatPwyid6KJaY40dQ
XlevcUyhxRAxl5ckn6me+5K+3u/QW07h1U27TCNCGzTkpsoP8QTY4hPeNA3q8VrW
wwWErfNaQ/A4d4HHMUC5yTclc1m3O86FIHTV6ks4DBAGOVf7XIrM1L/1NGgIJRXR
gh3Mqlx7i5/0LGiAcSd1VmvgUgxci1Y/k9ig77WvVEb8mSCR/vtLMDnH6L+vQ0+G
Ys1LD/QoZgv+ka6lC0Jl3Bx6qTGcyG8ykGG1HE7pXVvGLvOltnuSiiyS269vLi1K
ezeypTgPjHjIgF8gbUnfs1tOaZhX5qdrbm1oSck2v3CsRVQkTuv5H2FANaSOgB6C
U8QWWOEM7dC1zD1VJRMvCJDXaFDPA4Vf3kgJDv+/BuQYaMdkyXrO7gyhgRU7dNzu
9XVIZHLza9HsCuBjUzv7DsCcwHw75x9q1EmaBlbOd1TB5wtxxr22Tt+v1GxWm8GT
ij6z2Xgq00bUX+nf84Q00l2m3+a7/UDQAzrlB8uYhCRgUJ24NVu11itVCz2y7pYn
8apsND5k8o1InjsNLhby
=BkaQ
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Tim Semeijn 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The lists of SECTOOR might be used wrongly but they sound like they
belong to the ever growing list of 'shitty blacklists'. In my work for
a hosting company I receive complaints regarding malpractices of such
lists on a daily basis. For example there are lists who blacklist
whole IP ranges based on generic rDNS (hello Spamrats Dyna). Being a
company that sets rDNS to [IP-ADDRESS].companyname.tld for all
non-used IP addresses you are basically fucked.

Most of these blacklists are actually used by parties who probably
started using them when these lists were not vigilante-like.

Hooray for shitty blacklists...

On 5/21/15 10:15 PM, Roger Dingledine wrote:
> On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
>> I got the same message yesterday, I asked leaseweb to put our
>> exit node(hviv103) in a "dirty" ip-block and asked sectoor for a 
>> clarification on what happened. No reply to date of any party.
> 
> Doesn't sectoor publish two lists, one which is just Tor exit IP 
> addresses, and another which is the /24's around them? And then
> they encourage people to use the more conservative list, but of
> course they hint that using the broader list will catch more
> spammers?
> 
> So it's possible that the answer is "some website somewhere on the 
> Internet is using sectoor's lists wrong". :/
> 
> And in case you haven't read this lately (I read it every few
> months and it makes me freshly angry each time), here's your
> pointer to http://paulgraham.com/spamhausblacklist.html
> 
> --Roger
> 
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

- -- 
Tim Semeijn
Babylon Network
pgp 0x5B8A4DDF
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJVXkGeAAoJEIZioqpbik3fODoP/RiHaxmOgCWzvMgIgnA+nVp6
jn5zD+WkgvnbY2fRnPsq7rJPZBl6zKZ9DgkuPlbqcvgGWzLHPuJm8Rx7zDHbG1Wj
h1hEzr1vXff+iPYoGBIVmSv9hXp0HoKiNvjpLHHrlY0zF2XGJ3uuu2XlaKY3ISDx
u9LfeTsg2Quf/MMR5ueHG1nEjBWJsKkFFSduwRrUhyjRmWEYerbKxgfh5JVChgNZ
NhEUERKLZm6/iP0iP5PAui8nHJ34RpO+oXuzxvMywKhGBITLclwHhz5pRv9tUJlL
rabaXcyV1y/SJrTkiKuR26zCIH59Epx+OPwVEXTRypYELhCL45+ny/ryAdT2rCj8
9SAzdCANN7qJCyave490zUoqZTxaryk7aFtg9YGx/FhdTRGtIPNy2WrgqfR0n03u
RQr0NzPZ7Tg8d4DllmTfhFzZqF63wvBOI5TcmGB4F+6/6XOdxyrVICYE0YXJhssr
6JdB8U+KvzumdToOr+dGIGFctbdx5muoZPmWWpLd7X0OFJ6FAexxmSSzrnDulMYi
EqxzUtQckKULMz8knTJgC0geTIIW/Vi+SxWXZHbn/PfA7or+HtAFPN8fzPtM9Z29
/lWUp/BC06XjKsixInGQVX+ufF/AD+hPXaOD2N0nbmBWPda1UIE6XCTqhnPhwhJW
R4jON6/+TAvQ6fIY/N4V
=l0Kn
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Rejo Zenger 
++ 21/05/15 22:04 +0200 - Jurre van Bergen:
>I got the same message yesterday, I asked leaseweb to put our exit
>node(hviv103) in a "dirty" ip-block and asked sectoor for a
>clarification on what happened. No reply to date of any party.

This DNSBL has a fairly straightforward listing for an IP-address: ((the 
IP-address itself is a Tor exit-node OR the IP-address is within a /24 
that has some other IP-address with a Tor exit-node) AND the Tor 
exit-node(s) allow clients to connect to a list of about 15 different 
ports). Administrators are supposed to use this list as a scoring 
mechanisme, not for blocking. Of course, any administrator is free to 
use this DNSBL he or she wants. 

There's not much you can do - other than just not running the Tor-node.


-- 
Rejo Zenger
E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl  
T @rejozenger | J r...@zenger.nl
OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
Signal0507 A41B F4D6 5DB4 937D  E8A1 29B6 AAA6 524F B68B
  93D4 4C6E 8BAB 7C9E 17C9  FB28 03


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Roger Dingledine 
On Thu, May 21, 2015 at 10:04:19PM +0200, Jurre van Bergen wrote:
> I got the same message yesterday, I asked leaseweb to put our exit
> node(hviv103) in a "dirty" ip-block and asked sectoor for a
> clarification on what happened. No reply to date of any party.

Doesn't sectoor publish two lists, one which is just Tor exit IP
addresses, and another which is the /24's around them? And then they
encourage people to use the more conservative list, but of course they
hint that using the broader list will catch more spammers?

So it's possible that the answer is "some website somewhere on the
Internet is using sectoor's lists wrong". :/

And in case you haven't read this lately (I read it every few months
and it makes me freshly angry each time), here's your pointer to
http://paulgraham.com/spamhausblacklist.html

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Tom van der Woerdt 

I got the same. Restricting the exit policy to 80/443 until Sectoor replies.

Tom


Jurre van Bergen schreef op 21/05/15 om 22:04:

Hi,

I got the same message yesterday, I asked leaseweb to put our exit
node(hviv103) in a "dirty" ip-block and asked sectoor for a
clarification on what happened. No reply to date of any party.

For now, I have shutdown the server.

Sorry to hear :(

Best,
Jurre

On 05/21/2015 09:36 PM, blaatenator wrote:

Hi all,

FYI: Yesterday I got the notice below from Leaseweb. I picked them
because Leaseweb is mentioned in the Good/Bad ISP
 post.
Apparently a blacklist named SECTOOR added a whole IP block of
Leaseweb to block my Exit relay. Since this list is used by some
bigger corporations, it got some other customers in trouble and they
asked me to restrict the mentioned ports.

I understand the reasoning and can't blame them for asking my I guess
(and since most relevant ports are not mentioned I guess it is not too
bad), but I found it a bit weird that a whole subnet is being listed.

On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
>
> It appears you are hosting a TOR node on your LeaseWeb IP address.
> This has resulted in the block of a (part) LeaseWeb IP subnet. (/24)
> As the subnet is added on the SECTOOR blacklist
> (http://www.sectoor.de/tor.php) this is affecting customers in the same
> range as yourself.
>
> The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail.
> This results in other customers not being able to longer use the mail
> services of these companies.
> Sectoor TOR DNSBL lists every IP address which is known to run a tor
> server and allow their clients to connect to one of the following ports:
>
>   * Port 25
>   * Port 194
>   * Port 465
>   * Port 587
>   * Port 994
>   * Port 6657
>   * Ports 6660-6670
>   * Port 6697
>   * Ports 7000-7005
>   * Port 7070
>   * Ports 8000-8004
>   * Port 9000
>   * Port 9001
>   * Port 9998
>   * Port 
>
>
> Therefore, we kindly, yet urgently ask you to disable the connection to
> the mentioned ports within 24 hours. Failure to comply and respond
> (confirm) to this warning, will result in a block of your involved IP
> address(es).
>
> Thank you for your co-operation and understanding.
>
>
>
> Kind regards,
>
> Lesley Koomen
> Team Manager Abuse Prevention


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays





smime.p7s
Description: S/MIME-cryptografische ondertekening
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Leaseweb exit relay notice

2015-05-21 Thread Jurre van Bergen 
Hi,

I got the same message yesterday, I asked leaseweb to put our exit
node(hviv103) in a "dirty" ip-block and asked sectoor for a
clarification on what happened. No reply to date of any party.

For now, I have shutdown the server.

Sorry to hear :(

Best,
Jurre

On 05/21/2015 09:36 PM, blaatenator wrote:
> Hi all,
>
> FYI: Yesterday I got the notice below from Leaseweb. I picked them
> because Leaseweb is mentioned in the Good/Bad ISP
>  post.
> Apparently a blacklist named SECTOOR added a whole IP block of
> Leaseweb to block my Exit relay. Since this list is used by some
> bigger corporations, it got some other customers in trouble and they
> asked me to restrict the mentioned ports.
>
> I understand the reasoning and can't blame them for asking my I guess
> (and since most relevant ports are not mentioned I guess it is not too
> bad), but I found it a bit weird that a whole subnet is being listed.
>
> On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
> >
> > It appears you are hosting a TOR node on your LeaseWeb IP address.
> > This has resulted in the block of a (part) LeaseWeb IP subnet. (/24)
> > As the subnet is added on the SECTOOR blacklist
> > (http://www.sectoor.de/tor.php) this is affecting customers in the same
> > range as yourself.
> >
> > The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail.
> > This results in other customers not being able to longer use the mail
> > services of these companies.
> > Sectoor TOR DNSBL lists every IP address which is known to run a tor
> > server and allow their clients to connect to one of the following ports:
> >
> >   * Port 25
> >   * Port 194
> >   * Port 465
> >   * Port 587
> >   * Port 994
> >   * Port 6657
> >   * Ports 6660-6670
> >   * Port 6697
> >   * Ports 7000-7005
> >   * Port 7070
> >   * Ports 8000-8004
> >   * Port 9000
> >   * Port 9001
> >   * Port 9998
> >   * Port 
> >
> >
> > Therefore, we kindly, yet urgently ask you to disable the connection to
> > the mentioned ports within 24 hours. Failure to comply and respond
> > (confirm) to this warning, will result in a block of your involved IP
> > address(es).
> >
> > Thank you for your co-operation and understanding.
> >
> > 
> >
> > Kind regards,
> >
> > Lesley Koomen
> > Team Manager Abuse Prevention
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Leaseweb exit relay notice

2015-05-21 Thread blaatenator 
Hi all,

FYI: Yesterday I got the notice below from Leaseweb. I picked them
because Leaseweb is mentioned in the Good/Bad ISP
 post.
Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb
to block my Exit relay. Since this list is used by some bigger
corporations, it got some other customers in trouble and they asked me
to restrict the mentioned ports.

I understand the reasoning and can't blame them for asking my I guess
(and since most relevant ports are not mentioned I guess it is not too
bad), but I found it a bit weird that a whole subnet is being listed.

On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam,
>
> It appears you are hosting a TOR node on your LeaseWeb IP address.
> This has resulted in the block of a (part) LeaseWeb IP subnet. (/24)
> As the subnet is added on the SECTOOR blacklist
> (http://www.sectoor.de/tor.php) this is affecting customers in the same
> range as yourself.
>
> The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail.
> This results in other customers not being able to longer use the mail
> services of these companies.
> Sectoor TOR DNSBL lists every IP address which is known to run a tor
> server and allow their clients to connect to one of the following ports:
>
>   * Port 25
>   * Port 194
>   * Port 465
>   * Port 587
>   * Port 994
>   * Port 6657
>   * Ports 6660-6670
>   * Port 6697
>   * Ports 7000-7005
>   * Port 7070
>   * Ports 8000-8004
>   * Port 9000
>   * Port 9001
>   * Port 9998
>   * Port 
>
>
> Therefore, we kindly, yet urgently ask you to disable the connection to
> the mentioned ports within 24 hours. Failure to comply and respond
> (confirm) to this warning, will result in a block of your involved IP
> address(es).
>
> Thank you for your co-operation and understanding.
>
> 
>
> Kind regards,
>
> Lesley Koomen
> Team Manager Abuse Prevention
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] HOWTO: deliver tor-exit-notice_DE.html over ipv6 port 80 too

2015-05-21 Thread Toralf Förster 
On 05/21/2015 06:45 PM, Toralf Förster wrote:
> nice python ~/ipv6-httpd.py 1>./log 2>&1

Gah - and of course never ever use this crap which just gives a nifty DDoS 
flank - therefore change this line to :

nice python2 ~/ipv6-httpd.py >& /dev/null

-- 
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2  8936 872A E508 0076 E94E
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] HOWTO: deliver tor-exit-notice_DE.html over ipv6 port 80 too

2015-05-21 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

B/c ipv6 of Tor implements currently no DirPort I copied+pasted together the 
following solution to deliver a Tor exit notice over HTTP port of ipv6 too :


The python snippet runs under a non-privileged user w/o login shell :


$ cat ipv6-httpd.py
import socket
from BaseHTTPServer import HTTPServer
from SimpleHTTPServer import SimpleHTTPRequestHandler

class MyHandler(SimpleHTTPRequestHandler):
  def do_GET(self):
return SimpleHTTPRequestHandler.do_GET(self)

class HTTPServerV6(HTTPServer):
  address_family = socket.AF_INET6

def main():
  server = HTTPServerV6(('::', 8181), MyHandler)
  server.serve_forever()

if __name__ == '__main__':
  main()



The ip6table rules to redirect fort 80 from outside to the local non-privileged 
port :

  from=80
  to=8181
  $IPT -t nat -A PREROUTING -i enp3s0 -p tcp -m tcp --destination-port $from -j 
REDIRECT --to-ports $to
  $IPT -A INPUT -p tcp -m tcp --destination-port $to -j ACCEPT



And finally the script to start it during boot :


$> cat /home/simplehttp/ipv6-httpd.sh
#!/bin/sh
#

d=$(mktemp -d /tmp/XX)  &&\
cd $d   &&\
cp /etc/tor/tor-exit-notice_DE.html ./index.html&&\
nice python ~/ipv6-httpd.py 1>./log 2>&1


:-)

- -- 
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2  8936 872A E508 0076 E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlVeC48ACgkQxOrN3gB26U59HwD8CwnBIpZOkq8tN01ciWsZQh7c
FO42AGmkkhCI/CbucnYA/j3zSq1wJzuHgMdWZUbQCQvHt+KEYkobdNkcHqkK3mWE
=FA7E
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor network "loses" ~50 relays/day due to bw auth problem

2015-05-21 Thread Speak Freely 
I thank you, Tom.

I lack all of the cited qualifications - now I know. :)


Matt
Speak Freely
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

2015-05-21 Thread Random Tor Node Operator 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21.05.2015 13:23, Sharif Olorin wrote:
>> Any idea ? or its normal ?
> 
> I'm not sure, but I also saw this for the first time today after 
> enabling ipv6 on a relay last week. A quick look at the relevant
> code doesn't shed any immediate light on what would be causing this
> (the triggering request is to establish a rendezvous point with a
> hidden service, but I'm not familiar with the semantics of the
> CIRCUIT_PURPOSE check that's failing).


I have been getting these warnings on both of my relays for a long
time, whether with or without IPv6.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJVXcckAAoJEJe61A/xrcOQFboQAJFbwudTfJuQKvTQFxCQ7IAJ
HWhBCCsMHRHGyRZdywJJXNx5LKx+GYnvjWqNZiYANeGKpCvAsL6oXF60s81smv1U
baoXPdyA5z+GwVOTJVbC+URt1UzjMHV18Y5gdWM6w/IbBaiTUBu83KPhGrmE3z8V
NFKRb8aqrfqZ+tUx6K2vIONup6/NaByFHMF6d6xJfOCC0xrYTR0a2HnFV0cDP4Ne
vNYuTbLAoSkwyfQgJ0mvCLY0y+VDbW4RLgoLzBUchDIJSABghTnvfnH5U+cye8m+
fnFzY5WolIehtBwX9Y1vsJNpY9WGn9P5RO2OVKBn3s+u7IT6kIWcpVyv25MmkVUD
9c7ilxhsgdBjaEF29gAELZbAZiCPDXm2xMopwxZ67vVxBAOqc3PwbB4T4ly2idzZ
dL/i9Kw4PgPWN5YIkaR6ksyz67fTwXmg14crSj63xYyZHGUY1h1gGphH/SG7HdSF
+MLwJ+HKc2R9Qj0zVn3yCweybwMTgEh+d4MfkD42+dFvsebG5Kpy/vKse/IC/laM
BpgPcWM3TBYkls4cq+/GzgX/qe9oeNCt8RB7H0Rq3nLdNvS7SBXZWCB+TWsq8XFr
B9brTZWqzfUsqkxJARyDlUmkiygAQUliRq2ZR4I9ayWSaZw1LBKAfvX2XCg1+m9v
uHVr3hEUDx5ocfUJPQ5g
=QB5r
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

2015-05-21 Thread Cmar433 
Hi people ..

i yesterday started IPV6 but now i see in log following messages periodically


part of my torrc below.
I only add ipv6 lines.
Any idea ? or its normal ?

Thanks

Cmar


ORPort 37.157.192.208:443
ORPort [2a02:2b88:2:1::3a62:1]:9050

## If you want to listen on a port other than the one advertised in
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
## follows.  You'll need to do ipchains or other port forwarding
## yourself to make this work.
#ORPort 443 NoListen
#ORPort 127.0.0.1:9090 NoAdvertise

## The IP address or full DNS name for incoming connections to your
## relay. Leave commented out and Tor will guess.
Address 37.157.192.208

## If you have multiple network interfaces, you can specify one for
## outgoing traffic to use.
OutboundBindAddress 37.157.192.208


info from log:

May 19 22:42:03.000 [notice] Average packaged cell fullness: 99.082%
May 19 22:42:03.000 [notice] TLS write overhead: 3%
May 19 22:42:03.000 [notice] Circuit handshake stats since last time: 
118791/118793 TAP, 161141/161141 NTor.
May 19 23:13:45.000 [warn] Tried to establish rendezvous on non-OR or non-edge 
circuit.
May 20 03:08:03.000 [warn] Tried to establish rendezvous on non-OR or non-edge 
circuit.
May 20 03:33:54.000 [warn] Tried to establish rendezvous on non-OR or non-edge 
circuit.
May 20 04:42:03.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with 4375 
circuits open. I've sent 211.07 GB and received 203.24 GB.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

2015-05-21 Thread Sharif Olorin 
> Any idea ? or its normal ?

I'm not sure, but I also saw this for the first time today after
enabling ipv6 on a relay last week. A quick look at the relevant code
doesn't shed any immediate light on what would be causing this (the
triggering request is to establish a rendezvous point with a hidden
service, but I'm not familiar with the semantics of the CIRCUIT_PURPOSE
check that's failing).

Relevant: https://trac.torproject.org/projects/tor/ticket/15618

Regards,
Sharif

-- 
PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays