Re: [tor-relays] Is Tor-network protected from using one hop?

2018-06-26 Thread teor 

> On 27 Jun 2018, at 00:34, Matt Traudt  wrote:
> 
>> On 6/26/18 10:29, Nagaev Boris wrote:
>>> On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt  wrote:
 On 6/26/18 10:16, dave levi wrote:
 I'm testing few things in Tor and I noticed that if im changing(from the
 source code) the number of hop's(nodes) to be more then 3 hop's it
 work's fine(slowly,  but still working) and if im sting only 2 hop's its
 still works great. but, when i'm setting only 1 hop, i can open the
 Tor-browser but i can't use it(Tor-browser) to visit site(regular site
 or onion site too). so im thinking maybe the Tor-network have protected
 from users who are using 1 hop?
 
>>> 
>>> Yes.
>>> 
>>> Even before the DoS mitigation stuff, relays wouldn't allow themselves
>>> to be used as the only hop in a circuit. Apparently this affects onion
>>> service circuits too.
>>> 
>>> If you want a single-hop proxy, then you don't want Tor.
>> 
>> How does a relay know if there is another relay in the circuit? What
>> if the attacker runs a "relay" locally?
>> 
> 
> The way a client connects to a relay and the way a relay connects to
> another relay is different.
> 
> Technically the attacker/user could run a relay/bridge locally and

A relay, not a bridge: bridges look like clients to relays.
Also, relays that aren't in the consensus trigger the exit defence,
and I think they trigger some of the DDoS defences as well.

> connect to that before the remote relay, creating a 2-hop circuit that
> **might** have performance similar to a 1-hop circuit.

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Become a Fallback Directory Mirror

2018-06-26 Thread Matthew Glennon 
924B24AFA7F075D059E8EEB284CC400B33D3D036

Will be stable for the foreseeable future and is available as a fallback if
needed.

On Tue, Jun 26, 2018, 12:41 Colin Childs  wrote:

> Hello Tor Relay Operators,
>
> Do you want your relay to be a Tor fallback directory mirror?
> Will it have the same address and port for the next 2 years?
> Just reply to this email with your relay's fingerprint.
>
> If your relay is on the current list, you don't need to do anything.
>
> If you're asking:
>
> Q: What's a fallback directory mirror?
>
> Fallback directory mirrors help Tor clients connect to the network.
> For more details, see [1].
>
> Q: Is my relay on the current list?
>
> Search [2] and [3] for your relay fingerprint or IP address and port:
>
> [2] is the current list of fallbacks in Tor.
> [3] is used to create the next list of fallbacks.
>
> Q: What do I need to do if my relay is on the list?
>
> Keep the same IP address, keys, and ports.
> Email tor-relays if the relay's details change.
>
> Q: Can my relay be on the list next time?
>
> We need fast relays that will be on the same IP address and port for 2
> years. Reply to this email to get on the list, or to update the details
> of your relay.
>
> Once or twice a year, we run a script to choose about 150-200 relays
> from the potential list [3] for the list in Tor [2].
>
> Q: Why didn't my relay get on the list last time?
>
> We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might
> be down when we check. That's ok, we will check it again next time.
>
> It's good to have some new relays on the list every release. That helps
> tor clients, because blocking a changing list is harder.
>
> Q. I already have a relay in the fallback list, can I add another?
>
> We will pick up to 7 relays per operator to be in the fallback list.
> Please send
> any relays that you would like considered for the fallback list.
>
> Thanks for considering and/or being a fallback directory mirror!
>
> [1]:
> https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors
> [2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc
> [3]:
> https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist
> [4]:
> https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-- 
Matthew Glennon
matthew@glennon.online
PGP Signing Available Upon Request
https://keybase.io/crazysane
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Become a Fallback Directory Mirror

2018-06-26 Thread Colin Childs 
Hello Tor Relay Operators,

Do you want your relay to be a Tor fallback directory mirror?
Will it have the same address and port for the next 2 years?
Just reply to this email with your relay's fingerprint.

If your relay is on the current list, you don't need to do anything.

If you're asking:

Q: What's a fallback directory mirror?

Fallback directory mirrors help Tor clients connect to the network.
For more details, see [1].

Q: Is my relay on the current list?

Search [2] and [3] for your relay fingerprint or IP address and port:

[2] is the current list of fallbacks in Tor.
[3] is used to create the next list of fallbacks.

Q: What do I need to do if my relay is on the list?

Keep the same IP address, keys, and ports.
Email tor-relays if the relay's details change.

Q: Can my relay be on the list next time?

We need fast relays that will be on the same IP address and port for 2
years. Reply to this email to get on the list, or to update the details
of your relay.

Once or twice a year, we run a script to choose about 150-200 relays
from the potential list [3] for the list in Tor [2].

Q: Why didn't my relay get on the list last time?

We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might
be down when we check. That's ok, we will check it again next time.

It's good to have some new relays on the list every release. That helps
tor clients, because blocking a changing list is harder.

Q. I already have a relay in the fallback list, can I add another?

We will pick up to 7 relays per operator to be in the fallback list. Please 
send 
any relays that you would like considered for the fallback list.

Thanks for considering and/or being a fallback directory mirror!

[1]: https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors 

[2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc 

[3]: 
https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist 

[4]: 
https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log
 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] More about single-hop exits (was: tor-relays Digest, Vol 89, Issue 49)

2018-06-26 Thread Matt Traudt 
On 6/26/18 10:52, dave levi wrote:
> first, Thank you all for you answers and help.
> let me make it a bit harder. now, im running a relay which is Guard and
> Exit relays.
> i have defined in my relay(the server that's running the relay in /torrc
> file) to be "AllowSingleHopExits 1"
> and set in my computer that running the TOR(in /torrc file) with the
> 1(one) hop to:
> "ExcludeSingleHopRelays  0"    and
> "AllowSingleHopCircuits  1"
> so now every thing needs to be ok right?
> but, still its not working
> 

Those options were removed in May 2017. Setting them has no effect.

https://trac.torproject.org/projects/tor/ticket/22060

Matt
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor-relays Digest, Vol 89, Issue 49

2018-06-26 Thread dave levi 
first, Thank you all for you answers and help.
let me make it a bit harder. now, im running a relay which is Guard and
Exit relays.
i have defined in my relay(the server that's running the relay in /torrc
file) to be "AllowSingleHopExits 1"
and set in my computer that running the TOR(in /torrc file) with the 1(one)
hop to:
"ExcludeSingleHopRelays  0"and
"AllowSingleHopCircuits  1"
so now every thing needs to be ok right?
but, still its not working

On Tue, Jun 26, 2018 at 5:34 PM, 
wrote:

> Send tor-relays mailing list submissions to
> tor-relays@lists.torproject.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> or, via email, send a message with subject or body 'help' to
> tor-relays-requ...@lists.torproject.org
>
> You can reach the person managing the list at
> tor-relays-ow...@lists.torproject.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-relays digest..."
>
>
> Today's Topics:
>
>1. Is Tor-network protected from using one hop? (dave levi)
>2. Re: Is Tor-network protected from using one hop? (Logforme)
>3. Re: Is Tor-network protected from using one hop? (Matt Traudt)
>4. Re: Is Tor-network protected from using one hop? (Nagaev Boris)
>5. Re: Is Tor-network protected from using one hop?
>   (Roger Dingledine)
>6. Re: Is Tor-network protected from using one hop? (Matt Traudt)
>
>
> --
>
> Message: 1
> Date: Tue, 26 Jun 2018 17:16:46 +0300
> From: dave levi 
> To: tor-relays@lists.torproject.org
> Subject: [tor-relays] Is Tor-network protected from using one hop?
> Message-ID:
>  mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
>  I'm testing few things in Tor and I noticed that if im changing(from the
> source code) the number of hop's(nodes) to be more then 3 hop's it work's
> fine(slowly,  but still working) and if im sting only 2 hop's its still
> works great. but, when i'm setting only 1 hop, i can open the Tor-browser
> but i can't use it(Tor-browser) to visit site(regular site or onion site
> too). so im thinking maybe the Tor-network have protected from users who
> are using 1 hop?
> -- next part --
> An HTML attachment was scrubbed...
> URL: <http://lists.torproject.org/pipermail/tor-relays/
> attachments/20180626/0ee9a653/attachment-0001.html>
>
> --
>
> Message: 2
> Date: Tue, 26 Jun 2018 14:25:42 +
> From: Logforme 
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Is Tor-network protected from using one hop?
> Message-ID: 
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> On 2018-06-26 16:16:46, "dave levi"  wrote:
>
> >I'm testing few things in Tor and I noticed that if im changing(from
> >the source code) the number of hop's(nodes) to be more then 3 hop's it
> >work's fine(slowly,  but still working) and if im sting only 2 hop's
> >its still works great. but, when i'm setting only 1 hop, i can open the
> >Tor-browser but i can't use it(Tor-browser) to visit site(regular site
> >or onion site too). so im thinking maybe the Tor-network have protected
> >from users who are using 1 hop?
>
> I guess it's part of the DoS protection recently implemented. My guard
> relay DoS statistics in the heartbeat log entry:
>
> [notice] DoS mitigation since startup: 0 circuits killed with too many
> cells. 232704 circuits rejected, 15 marked addresses. 2939 connections
> closed. 1534 single hop clients refused.
> -- next part --
> An HTML attachment was scrubbed...
> URL: <http://lists.torproject.org/pipermail/tor-relays/
> attachments/20180626/5eeea141/attachment-0001.html>
>
> --
>
> Message: 3
> Date: Tue, 26 Jun 2018 10:27:29 -0400
> From: Matt Traudt 
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Is Tor-network protected from using one hop?
> Message-ID: <35ec8dd3-43bc-1c71-4cb0-00029ba56...@torproject.org>
> Content-Type: text/plain; charset=utf-8
>
> On 6/26/18 10:16, dave levi wrote:
> > I'm testing few things in Tor and I noticed that if im changing(from the
> > source code) the number of hop's(nodes) to be more then 3 hop's it
> > work's fine(slowly,  but still working) and if im sting on

Re: [tor-relays] Is Tor-network protected from using one hop?

2018-06-26 Thread Matt Traudt 
On 6/26/18 10:29, Nagaev Boris wrote:
> On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt  wrote:
>> On 6/26/18 10:16, dave levi wrote:
>>> I'm testing few things in Tor and I noticed that if im changing(from the
>>> source code) the number of hop's(nodes) to be more then 3 hop's it
>>> work's fine(slowly,  but still working) and if im sting only 2 hop's its
>>> still works great. but, when i'm setting only 1 hop, i can open the
>>> Tor-browser but i can't use it(Tor-browser) to visit site(regular site
>>> or onion site too). so im thinking maybe the Tor-network have protected
>>> from users who are using 1 hop?
>>>
>>
>> Yes.
>>
>> Even before the DoS mitigation stuff, relays wouldn't allow themselves
>> to be used as the only hop in a circuit. Apparently this affects onion
>> service circuits too.
>>
>> If you want a single-hop proxy, then you don't want Tor.
>>
>> Matt
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> How does a relay know if there is another relay in the circuit? What
> if the attacker runs a "relay" locally?
> 

The way a client connects to a relay and the way a relay connects to
another relay is different.

Technically the attacker/user could run a relay/bridge locally and
connect to that before the remote relay, creating a 2-hop circuit that
**might** have performance similar to a 1-hop circuit.

Matt
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is Tor-network protected from using one hop?

2018-06-26 Thread Roger Dingledine 
On Tue, Jun 26, 2018 at 10:27:29AM -0400, Matt Traudt wrote:
> Even before the DoS mitigation stuff, relays wouldn't allow themselves
> to be used as the only hop in a circuit. Apparently this affects onion
> service circuits too.

Right. Relays protect themselves from being used as one-hop proxies,
because it could make life harder for the operators:

"Currently there is no reason to suspect that investigating a single
relay will yield user-destination pairs, but if many people are using
only a single hop, we make it more likely that attackers will seize or
break into relays in hopes of tracing users."

https://www.torproject.org/docs/faq#ChoosePathLength

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is Tor-network protected from using one hop?

2018-06-26 Thread Nagaev Boris 
On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt  wrote:
> On 6/26/18 10:16, dave levi wrote:
>> I'm testing few things in Tor and I noticed that if im changing(from the
>> source code) the number of hop's(nodes) to be more then 3 hop's it
>> work's fine(slowly,  but still working) and if im sting only 2 hop's its
>> still works great. but, when i'm setting only 1 hop, i can open the
>> Tor-browser but i can't use it(Tor-browser) to visit site(regular site
>> or onion site too). so im thinking maybe the Tor-network have protected
>> from users who are using 1 hop?
>>
>
> Yes.
>
> Even before the DoS mitigation stuff, relays wouldn't allow themselves
> to be used as the only hop in a circuit. Apparently this affects onion
> service circuits too.
>
> If you want a single-hop proxy, then you don't want Tor.
>
> Matt
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

How does a relay know if there is another relay in the circuit? What
if the attacker runs a "relay" locally?

-- 
Best regards,
Boris Nagaev
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is Tor-network protected from using one hop?

2018-06-26 Thread Matt Traudt 
On 6/26/18 10:16, dave levi wrote:
> I'm testing few things in Tor and I noticed that if im changing(from the
> source code) the number of hop's(nodes) to be more then 3 hop's it
> work's fine(slowly,  but still working) and if im sting only 2 hop's its
> still works great. but, when i'm setting only 1 hop, i can open the
> Tor-browser but i can't use it(Tor-browser) to visit site(regular site
> or onion site too). so im thinking maybe the Tor-network have protected
> from users who are using 1 hop?
> 

Yes.

Even before the DoS mitigation stuff, relays wouldn't allow themselves
to be used as the only hop in a circuit. Apparently this affects onion
service circuits too.

If you want a single-hop proxy, then you don't want Tor.

Matt
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is Tor-network protected from using one hop?

2018-06-26 Thread Logforme 

On 2018-06-26 16:16:46, "dave levi"  wrote:

I'm testing few things in Tor and I noticed that if im changing(from 
the source code) the number of hop's(nodes) to be more then 3 hop's it 
work's fine(slowly,  but still working) and if im sting only 2 hop's 
its still works great. but, when i'm setting only 1 hop, i can open the 
Tor-browser but i can't use it(Tor-browser) to visit site(regular site 
or onion site too). so im thinking maybe the Tor-network have protected 
from users who are using 1 hop?


I guess it's part of the DoS protection recently implemented. My guard 
relay DoS statistics in the heartbeat log entry:


[notice] DoS mitigation since startup: 0 circuits killed with too many 
cells. 232704 circuits rejected, 15 marked addresses. 2939 connections 
closed. 1534 single hop clients refused.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Is Tor-network protected from using one hop?

2018-06-26 Thread dave levi 
 I'm testing few things in Tor and I noticed that if im changing(from the
source code) the number of hop's(nodes) to be more then 3 hop's it work's
fine(slowly,  but still working) and if im sting only 2 hop's its still
works great. but, when i'm setting only 1 hop, i can open the Tor-browser
but i can't use it(Tor-browser) to visit site(regular site or onion site
too). so im thinking maybe the Tor-network have protected from users who
are using 1 hop?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] No IPv6 bridges from bridges.torproject.org

2018-06-26 Thread Roman Mamedov 
Hello,

If you select "Do you need IPv6 addresses - Yes", it always results in an
error "There aren't any bridges available". No matter if choosing obfs4 or
none for the pluggable transport. Is that thing working?

There should be at least one available (with obfs4, too), or at least I was
under impression that I run one.

As a side note, that page always loads in my native language with no way to
switch to English -- pages which do this are the worst. In this case it means
I can't usefully copy-paste you the exact error messages that I get.

-- 
With respect,
Roman
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays