Re: [tor-relays] Questing regarding Team Cymru Tor Relays and Bridges

2021-03-22 Thread Roger Dingledine
On Mon, Mar 22, 2021 at 09:21:24PM +, Lisa Winter wrote:
> I decided to do some own research, and it seems like the Tor Project
> has a long-standing relationship with Team Cymru (at least since 2012,
> and maybe even earlier):
> 
> https://blog.torproject.org/knock-knock-knockin-bridges-doors
> 
> Still, I'm slightly paranoid when organizations like these start
> spinning up many different relays, effectively getting to see a
> substantial portion of the network's traffic.

Yes, we've been interacting with Team Cymru folks for more than a
decade now.

I even went to one of the conferences they organized a few years ago
hosted by the Council of Europe, where they had an audience full of
government and law enforcement people that I could teach about "what Tor
actually is" and "how the internet actually works" from my perspective,
because otherwise they'd just hear the "Tor is bad and the internet is
full of bad people" myths and FUD from their colleagues. You can read
more about that kind of outreach here:
https://blog.torproject.org/trip-report-october-fbi-conference
(different conference but same idea)

Also, their CEO is on Tor Project Inc's board currently, and I regard
that as a great step because he can help with (among other things)
oversight that we're running the business side of Tor properly:
https://www.torproject.org/about/reports/

I think most of the infrastructure that Team Cymru has set up for Tor,
we've asked them to do it. So that right there should help you look at
it differently.

Another answer might be that I'm a lot more worried about the groups
that *haven't* come forward to identify themselves, yet are trying to
watch the internet or build datasets about internet users etc.

And a third answer could be that the goal of the Tor design is to
distribute trust over multiple relays in your path, so the risk of any
one of those relays trying to attack you isn't so bad. (This angle is
a bit tricky of course, because even though that's true, having a lower
probability of being attacked is still better.)

In summary, yes it makes sense to wonder about the various organizations
that want to get involved in Tor, and understand their motives. But we
need to design our systems so that they don't fall apart if a small piece
of the network is trying to attack it. And at the same time we need to
strengthen our *communities* so that they are robust and represent many
different skills and interests and perspectives, because that's how you
grow mainstream acceptance. So, it is a balance, and there are many ways
in which we need to be doing that balance better, and I'd put this one
pretty far down the list.

Hope that helps!
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Questing regarding Team Cymru Tor Relays and Bridges

2021-03-22 Thread Lisa Winter
Georg Koppen:

Weird - I got the following reply a few hours after submitting the mail:

>Your message has been rejected, probably because you are not
>subscribed to the mailing list and the list's policy is to prohibit
>non-members from posting to it.

However, I was already a subscribed and confirmed member at this post.

Maybe someone decided to still approve it after someone else had
already declined the message.

Anyway, I hope this is being looked into, a reply regarding The Tor
Projects official stance on Team Cymru would also be great, because
right now, I avoid their relays and bridges like the plague.

I decided to do some own research, and it seems like the Tor Project
has a long-standing relationship with Team Cymru (at least since 2012,
and maybe even earlier):

https://blog.torproject.org/knock-knock-knockin-bridges-doors

Still, I'm slightly paranoid when organizations like these start
spinning up many different relays, effectively getting to see a
substantial portion of the network's traffic.

So long,
Lisa

2021-03-22 17:17 GMT, Georg Koppen :
> Lisa Winter:
>> Hello list,
>>
>> I just visited BridgeDB and got a bridge from "Team Cymru", according to
>> the whois of the IP - should the Tor Project really allow a company
>> trying to "track and take down threat actors and criminals around the
>> globe" host a substantial portion of the network, according to their
>> info page:
>>
>> https://team-cymru.com/company/
>>
>> The following was also very concerning:
>>
>> "Team Cymru is comprised of former…"
>> - ...
>> - Law enforcement
>> - ISP backbone engineers
>> - ...
>>
>> I suspect that they log connections to their relays and bridges, and
>> maybe even more.
>>
>> Such companies profit from gathering and selling information's,
>> exploits and the likes.
>>
>> bad-relays rejected this message, which is concerning.. I hope someone
>
> I am not sure which message you are talking about but, for the record,
> that mailing list contains a quite similar mail from you. So, that one
> at least did not get rejected.
>
> Georg
>
>> here could redirect it to the right people, or do the Tor Project
>> higher-ups know the people behind Team Cymru and vouch for them?
>>
>> Bye,
>> Lisa Winter
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


[tor-relays] Circuit Creation Madness: Anyone else still experiencing (extremely) excessive clients / (possibly) modified relays creating millions upon millions of circuits?

2021-03-22 Thread William Kane
@tor-relays:

Sorry for being quite noisy recently but I really need to know how
many people are suffering from the same madness I am encountering
right now.

Quick excerpt from the log:

...
Mar 22 09:48:10  tor[pid_redacted]: Mar 22
09:48:10.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [12420 similar message(s) suppressed in last 120 seconds]
Mar 22 09:49:10  tor[pid_redacted]: Mar 22
09:49:10.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [31764 similar message(s) suppressed in last 60 seconds]
Mar 22 09:50:10  tor[pid_redacted]: Mar 22
09:50:10.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [104748 similar message(s) suppressed in last 60 seconds]
Mar 22 09:51:10  tor[pid_redacted]: Mar 22
09:51:10.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [364165 similar message(s) suppressed in last 60 seconds]
Mar 22 09:52:10  tor[pid_redacted]: Mar 22
09:52:10.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [509474 similar message(s) suppressed in last 60 seconds]
Mar 22 09:53:10  tor[pid_redacted]: Mar 22
09:53:10.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [241332 similar message(s) suppressed in last 60 seconds]
...

This then goes on for a while, stopping at a few million suppressed
messages / circuit creation attempts.

Sorry, but 1 million circuit creation requests in just 5 minutes,
there is no way that this is legitimate behavior we are seeing - this
is also what was previously used to get my relay oom-killed but that I
have fixed so the legitimate clients hopefully don't suffer too much
anymore.

If any other relay operators are encountering the same log entries or
behavior, please don't hesitate to reply.

Added tor-...@lists.torproject.org as a CC as they might want to know
about this.

@tor-dev:

I suspect some kind of denial-of-service attack against onion services
or a more targeted attack against singular relays for guard discovery
/ traffic confirmation attacks.

Might be smart to add some code which, if this scenario is triggered,
lists offenders by hashes of their signing keys (if relay), or IP
addresses (if client).

There doesn't seem to be a defense against this, and the new connect()
rate-limit added through ticket 40253 also won't handle this as the
connection is already ACK'd and established, and a malicious relay
with custom source code could do whatever it was programmed to do
anyway.

- William
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


[tor-relays] Questing regarding Team Cymru Tor Relays and Bridges

2021-03-22 Thread Lisa Winter
Hello list,

I just visited BridgeDB and got a bridge from "Team Cymru", according to
the whois of the IP - should the Tor Project really allow a company
trying to "track and take down threat actors and criminals around the
globe" host a substantial portion of the network, according to their
info page:

https://team-cymru.com/company/

The following was also very concerning:

"Team Cymru is comprised of former…"
- ...
- Law enforcement
- ISP backbone engineers
- ...

I suspect that they log connections to their relays and bridges, and
maybe even more.

Such companies profit from gathering and selling information's,
exploits and the likes.

bad-relays rejected this message, which is concerning.. I hope someone
here could redirect it to the right people, or do the Tor Project
higher-ups know the people behind Team Cymru and vouch for them?

Bye,
Lisa Winter
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Questing regarding Team Cymru Tor Relays and Bridges

2021-03-22 Thread Georg Koppen
Lisa Winter:
> Hello list,
> 
> I just visited BridgeDB and got a bridge from "Team Cymru", according to
> the whois of the IP - should the Tor Project really allow a company
> trying to "track and take down threat actors and criminals around the
> globe" host a substantial portion of the network, according to their
> info page:
> 
> https://team-cymru.com/company/
> 
> The following was also very concerning:
> 
> "Team Cymru is comprised of former…"
> - ...
> - Law enforcement
> - ISP backbone engineers
> - ...
> 
> I suspect that they log connections to their relays and bridges, and
> maybe even more.
> 
> Such companies profit from gathering and selling information's,
> exploits and the likes.
> 
> bad-relays rejected this message, which is concerning.. I hope someone

I am not sure which message you are talking about but, for the record,
that mailing list contains a quite similar mail from you. So, that one
at least did not get rejected.

Georg

> here could redirect it to the right people, or do the Tor Project
> higher-ups know the people behind Team Cymru and vouch for them?
> 
> Bye,
> Lisa Winter
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 




OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Active MetricsPort logs "Address already in use"

2021-03-22 Thread David Goulet
On 19 Mar (21:11:25), Alexander Dietrich wrote:
> Hello,
> 
> when I activate the "MetricsPort" feature, the Tor log reports that it is
> going to open the port, then it says "Address already in use". According to
> "netstat", the address is indeed in use, but by "tor".

Thanks for this report! I'll open a ticket about this "already in use".

> Sending GET requests to the address returns empty responses.

You should be able to get the metrics with a GET on /metrics.

Let us know if this works for you!

David

-- 
IFgD210MlJt+yahijraRB/TGC29Q74yIQ65x9UnKnXs=


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


[tor-relays] Question

2021-03-22 Thread Андрей Гвоздев
What does it mean "Tor's file descriptor usage is at 90%. If you run
out Tor will be unable to continue functioning."?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays