Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

[nusenu]

> Here is the OrNetRadar email for that event including all FPs in the
> last line:
> 
> http://article.gmane.org/gmane.network.onion-routing.ornetradar/433
> 
> http://bgp.he.net/AS29119
> 
> (added the address provided in the contactinfo field to the recipients
> of this email)


+ 11 relays on 2015-10-31 (in a new /16 network block)

total "11BX1371" relays: 142 relays

Now clients might choose more than one relay of that group to create a
given circuit (no family set, non-exit + exit relays and more than one
/16 network).
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

[tor-server-creator]

should relays add some lines to torrc like reject *.fingerprint?

 
Am Sonntag, 1. November 2015 12:58 schrieb nusenu 
:

 

Here is the OrNetRadar email for that event including all FPs in the
last line:

http://article.gmane.org/gmane.network.onion-routing.ornetradar/433

http://bgp.he.net/AS29119

(added the address provided in the contactinfo field to the 
recipients

of this email)


+ 11 relays on 2015-10-31 (in a new /16 network block)

total "11BX1371" relays: 142 relays

Now clients might choose more than one relay of that group to create 
a
given circuit (no family set, non-exit + exit relays and more than 
one

/16 network).
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

[n...@cock.li]

tor-server-crea...@use.startmail.com:
> should relays add some lines to torrc like reject *.fingerprint?

The authorities should be rejecting the relays / dropping their traffic
soon, I assume now they're trying to contact the operator before doing that.

On another note, reject allows cidr notation, so something like
 ExcludeNodes 185.99.184.0/22,185.45.72.0/23
should work.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

[Tom van der Woerdt]

Op 01/11/15 om 18:22 schreef n...@cock.li:

tor-server-crea...@use.startmail.com:

should relays add some lines to torrc like reject *.fingerprint?


The authorities should be rejecting the relays / dropping their traffic
soon, I assume now they're trying to contact the operator before doing that.

On another note, reject allows cidr notation, so something like
  ExcludeNodes 185.99.184.0/22,185.45.72.0/23
should work.


Should they actually be blocked though?

I mean, it's a lot of relays, but they're also contributing actual exit 
bandwidth and it's not like they're spread over hundreds of /16s.


Maybe this calls for some dirauth-level patches to throttle families of 
servers to a certain CW?


Tom
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

[n...@cock.li]

Tom van der Woerdt:
> Should they actually be blocked though?
> 
> I mean, it's a lot of relays, but they're also contributing actual exit 
> bandwidth and it's not like they're spread over hundreds of /16s.

I was just about to write a bit of clarification actually:
They shouldn't be in a position to be able to really de-anon anyone via
sybil, the oldest relays seem to be 3 days old, so there's still at
least another 4 until they can get Guard, and that will still take a
while to get users on it. Not to mention tor doesn't build circuits with
more than one node on the same /16 (although now this batch has taken on
another range)
Though, they could have already set up a number of guards prior to this
that may not be obviously linkable to the same entity.
Assuming this is not the case, for now they just have a better advantage
at sniffing/injecting as an exit, but you should already be (trying to)
use encryption as much as possible.

With intentions and scenarios unknown, it could also be someone who
wants to help, there /was/ a call for exits not too long ago, after all.

So, If you're a relay, you shouldn't bother trying to filter these, the
Authorities should figure it out.
If you're a client, I guess that's up to you, there might not be a whole
lot of benefit if you do.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 130 "11BX1371" relays joined on 2015-10-30

[Green Dream]

> The authorities should be rejecting the relays
> dropping their traffic soon, I assume now they're
> trying to contact the operator before doing that


Is there somewhere we can follow the conversation and decisions of the
authorities when there are incidents like this? IRC? Another mailing list?
As an operator, I would appreciate more transparency into how
this "open" network is administered.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily format

[Tim Wilson-Brown - teor]

> On 29 Oct 2015, at 14:48, Green Dream  wrote:
> 
> The correct format for MyFamily is documented here: 
> https://www.torproject.org/docs/faq.html.en#MultipleRelays 
> 
> 
> I'm not sure how important it is to set at this point though? 
> https://trac.torproject.org/projects/tor/ticket/6676 
> 
MyFamily is still being used to detect Sybil attacks, so it's quite important 
to set it for families of relays.

(I don't think that ticket has moved much, it probably needs to be turned into 
a proposal, and then have community consensus, before being implemented.)

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DirAuths are blocking my node on Amazon EC2. Why?

[Tim Wilson-Brown - teor]

> On 31 Oct 2015, at 08:42, Yousif Al Saif  wrote:
> 
> On 10/31/15, 12:11 AM, "tor-relays on behalf of Philipp Winter" 
>  wrote:
> 
>> 
>> Was your relay doing experiments on onion services or Tor's distributed
>> hash table?
> 
> The node itself is not contributing much bandwidth but I am trying to 
> maintain the limits set by the free tier of the Amazon EC2. Nevertheless, are 
> experiments on Tor’s DHT not welcome?

Experiments on Tor's DHT often try to discover hidden service addresses. This 
is considered an attack, and relays that perform this attack are currently 
being blocked.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor relay + bridge

[Tim Wilson-Brown - teor]

> On 31 Oct 2015, at 12:07, tinych...@ruggedinbox.com wrote:
> 
> Hi,
> 
> I have a vps acc with 2 ips. I'd like to keep one free of tor, the
> other is tor only. Right now I run a relay -
> http://torstatus.blutmagie.de/router_detail.php?FP=e6277f0036890d4ff334c65e1ca37fd348455b7d
> 
> Is it possible to run a bridge on the same server? I assume the same ip
> would be a problem, but I can get practically unlimited ipv6. Can I run
> one on only ipv4 and the other on only ipv6? Which do you suggest for
> each?

Currently, relays and bridges need an IPv4 address to bootstrap.

Bridges and relays that have both an IPv4 and IPv6 address can support 
IPv6-only clients.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays