Re: [tor-relays] Relays spamming my OR port
On Donnerstag, 18. August 2022 19:47:45 CEST Toralf Förster wrote:
> On 8/18/22 18:19, li...@for-privacy.net wrote:
> > kantorkel's Article10 relays have more than 100 connections per IP to me.
>
> Those IPs mostly close with an error:
>
> $> grep -h " 185.220.101.*" /tmp/orstatus.*9051 | awk '{ print $1 }' | sort |
> uniq -c
OK, that's all 4 of us. We don't have IPv4 connections to each other, the Tor
protocol doesn't allow that.
> 341 CONNECTRESET
> 78 DONE
> 783 IOERROR
I have connections to kantorkel via IPv6 (2a0b:f4c2:2::/64).
This is actually fast but stupid when Tor relays connect in the same rack.
IPv6 connections should better be limited to /48 subnets in the Tor protocol.
Or /32
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relays spamming my OR port
On 8/18/22 21:31, li...@for-privacy.net wrote: If that's really the case, I can set up the ip|nftables rules much more strictly. Currently I do have it set to "3" [1], before it was 2, which seemed to work too. [1] https://github.com/toralf/torutils/blob/main/ipv4-rules.sh -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relays spamming my OR port
On Donnerstag, 18. August 2022 19:25:54 CEST Toralf Förster wrote: > On 8/18/22 18:19, li...@for-privacy.net wrote: > > 10, 20 or more users can have set up the circuits using the same relays. > > kantorkel's Article10 relays have more than 100 connections per IP to me. > > IMO there'se no 1:1 relation of circuits to TCP connections, or ? Heck, I'd have to read the tor specs for that. All I know is when I had tor-arm or NYX on some relays 2-3 years ago, there were multiple simultaneous connections to the same relay. > Doesn't 1 TCP connection between 2 relays will handle all circuits going > between them ? If that's really the case, I can set up the ip|nftables rules much more strictly. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [New Initiative] Tor Weather: Improving the Tor Weather
Hey, Apologies for getting back a bit late. While the project wasn't in a stage where contributing would have been easy at that time, now, I have worked to make sure that understanding the codebase and contributing to it is a breeze for anyone. In the current stage, most of the heavy-lifting pieces like authentication, authorization, verification, login, register flows are in place with a lot of utility functions that can be consumed across the application. The only major part left is the dashboard itself. If you are interested, you can contribute in its development. Thanks & Regards, Sarthik Gupta On Mon, Jul 4, 2022 at 11:44 AM nullvoid wrote: > Hi, > > Congratulations of being the GSoC 2022 project. > I have a soft spot for Tor Weather, it was the reason I remember to ask > for my tshirts for running my tor nodes. > > I would love to help get it back up and running, please let me know how > the process works to volunteer. > > nullvoid > > Sarthik Gupta: > > *[Status Update for the Project] - **Week-1 & Week-2* > > > > *Completed* > > *1. Initialized the Repository:* > > a. Used pipenv for managing packages & virtual environments. > > b. Added & configured linters, formatters & other tools. > > c. Created few pre-commit hooks for automating trivial tasks. > > d. Configured dev & prod environments with config file. > > e. Setup a few branch policies on GitLab. > > > > *2. Initiated the Flask App:* > > a. Created a shared SMTP package with few utility methods for > sending > > emails. > > b. Configured the process of injecting data in dynamic email > templates. > > c. Configured the database connections with the project. > > d. Added models for the tables to be created at startup if does not > > exist already. > > > > *In-Progress* > > 1. Initiated the development of scripts for fetching data from Onionoo. > > 2. Started developing queries for fetching data from the tables including > > interfaces for each of the responses. > > > > > > Updates for the Project will also be made available on the Project Wiki > - Week > > 1 & Week 2 · Wiki · sarthikg / Tor-Weather · GitLab (torproject.org) > > < > https://gitlab.torproject.org/sarthikg/tor-weather/-/wikis/Project-Status-Updates/Week-1-&-Week-2 > > > > . > > > > Thanks & Regards, > > Sarthik Gupta > > > > > > On Sat, Jun 11, 2022 at 1:00 AM Sarthik Gupta > wrote: > > > >> Hey, thanks for going through the proposal. > >> > >> So, prior to writing the proposal for the Tor-Weather, I referred > >> to multiple sources of which https://github.com/thingless/torweather > was > >> one. Some parts of the code can be reused, though the implementation > >> differs by a great extent. > >> > >> It’s nice to know that someone else is also working on a similar > project. > >> Would definitely love to interact with nusenu and explore his vision for > >> the project. In case the visions align, it would be great to have a > >> co-contributor. > >> > >> In terms of the notifications, we considered the issues that could be > >> caused by frequent unreliable notifications, and that’s why we’ll be > >> offering an option to customize each notification individually. For > >> instance, relay operators can customize the “Losing a flag” > notification to > >> only get triggered if the relay has lost a flag for a minimum of 24hrs. > >> Take note that this could be any number of hours. I think that should > solve > >> the issue. > >> > >> Prior to sending the previous email, I did try to enable comments on the > >> GitLab wiki, but it seemed a bit complicated to enable. Will be > exploring > >> other ways to get this done & will send a follow-up email for that. > >> > >> Finally, I agree the man-pages listed that the email may be obscure & > not > >> should be. Honestly, I didn’t pay attention to that level of detail > while > >> writing the proposal, have made the corrections, and will take a look > >> beforehand from the next time. > >> > >> Thanks & Regards, > >> Sarthik Gupta > >> > >> On Wed, Jun 8, 2022 at 7:49 PM wrote: > >> > >>> On Wednesday, June 8, 2022 3:39:55 AM CEST Sarthik Gupta wrote: > >>> > The tor-weather service will offer a plethora of notifications options > >>> for > the relays. > >>> If you program something new, see if you can use the old code: > >>> https://github.com/thingless/torweather > >>> As far as I know, nusenu is also building something new. I don't know > if > >>> he > >>> has already done something. He'll read this and get in touch. > >>> > >>> ;-) > >>> dream: someone resuscitates OnionTip.com or TorTip.com > >>> > These include, the node being down, running on EOL/Outdated > version, losing a flag, ranking in top 20/50/100, etc. These > >>> notifications > can be subscribed & customized by the relay operators to fit their > needs > using a web-frontend. > >>> Please not 'losing a flag' > >>> This confuses people and encourages even more people not to update > their >
Re: [tor-relays] Relays spamming my OR port
On Donnerstag, 18. August 2022 19:22:44 CEST Toralf Förster wrote: > On 8/18/22 18:19, li...@for-privacy.net wrote: > >> D767979FE4C99D310A46EC49037E9FE7E3F64E9D is a particularly frequent > >> naughty boy. > > > > ;-) It is very, very unlikely that there is a naughty relay in AS680. > > That relay most likely does DNS-, BW- or network healing test in the Tor > > network. https://metrics.torproject.org/rs.html#search/as:AS680 > > (German university or research institutes) > > Do you know more about those tests ? That relay produces many wrong > ORStatus.CLOSED events: So I don't know exactly. If someone is really screwing things up, it might be a student who hacked a server. I'll take Sebastian in CC, maybe he knows more about it. > $> grep D767979FE4C99 /tmp/orstatus.9051 | uniq -c > 896 TLS_ERRORD767979FE4C99D310A46EC49037E9FE7E3F64E9D > 141.20.103.33 443 v4 0.4.5.10 > > $> grep D767979FE4C99 /tmp/orstatus.29051 | uniq -c > 965 TLS_ERRORD767979FE4C99D310A46EC49037E9FE7E3F64E9D > 141.20.103.33 443 v4 0.4.5.10 > > The data were collected using [1] over the past 20 hours at [2]. > > > [1] D767979FE4C99D310A46EC49037E9FE7E3F64E9D > [2] 65.21.94.13 @Sebastian Do you know more about the relay in the DFN? -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relays spamming my OR port
On 8/18/22 18:19, li...@for-privacy.net wrote:
kantorkel's Article10 relays have more than 100 connections per IP to me.
Those IPs mostly close with an error:
$> grep -h " 185.220.101.*" /tmp/orstatus.*9051 | awk '{ print $1 }' |
sort | uniq -c
341 CONNECTRESET
78 DONE
783 IOERROR
Data were collected with [1] over past 20 hours.
[1] https://github.com/toralf/torutils/blob/main/orstatus.py
--
Toralf
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relays spamming my OR port
On 8/18/22 18:19, li...@for-privacy.net wrote: 10, 20 or more users can have set up the circuits using the same relays. kantorkel's Article10 relays have more than 100 connections per IP to me. IMO there'se no 1:1 relation of circuits to TCP connections, or ? Doesn't 1 TCP connection between 2 relays will handle all circuits going between them ? -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relays spamming my OR port
On 8/18/22 18:19, li...@for-privacy.net wrote: D767979FE4C99D310A46EC49037E9FE7E3F64E9D is a particularly frequent naughty boy. ;-) It is very, very unlikely that there is a naughty relay in AS680. That relay most likely does DNS-, BW- or network healing test in the Tor network. https://metrics.torproject.org/rs.html#search/as:AS680 (German university or research institutes) Do you know more about those tests ? That relay produces many wrong ORStatus.CLOSED events: $> grep D767979FE4C99 /tmp/orstatus.9051 | uniq -c 896 TLS_ERRORD767979FE4C99D310A46EC49037E9FE7E3F64E9D 141.20.103.33 443 v4 0.4.5.10 $> grep D767979FE4C99 /tmp/orstatus.29051 | uniq -c 965 TLS_ERRORD767979FE4C99D310A46EC49037E9FE7E3F64E9D 141.20.103.33 443 v4 0.4.5.10 The data were collected using [1] over the past 20 hours at [2]. [1] D767979FE4C99D310A46EC49037E9FE7E3F64E9D [2] 65.21.94.13 -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relays spamming my OR port
On Mittwoch, 17. August 2022 19:31:48 CEST Logforme wrote: > I run the relay 8F6A78B1EA917F2BF221E87D14361C050A70CCC3 > > I have tried to mitigate the current DoS by implemented connection > limits in my iptables using Toralf's template: More than 25 connection > during 10 mins and you end up on my naughty list. > Lots of connection attempts from the naughty list dropped but still my > relay gets "overloaded" > > However, I have noticed that a few relays also end up on the naughty > list, and I wonder how that can happen. My understanding is that a relay > will only open 1 connection to another relay so should therefore never > end up on the list. Correct? 10, 20 or more users can have set up the circuits using the same relays. kantorkel's Article10 relays have more than 100 connections per IP to me. On my smaller relays I allow 100 connections per IP: https://privatebin.deblan.org/?b4768471c3c9e7ef#EhDETgMKQRvpL6VwH7ABE3bN2cuM68PRVj3fmmAC8k54 But I can't use that on the big servers because Linux kernel “conntrack” tables and nftables sets only have 65535 entries. See: The dark side of using conntrack https://blog.cloudflare.com/conntrack-tales-one-thousand-and-one-flows/ > D767979FE4C99D310A46EC49037E9FE7E3F64E9D is a particularly frequent > naughty boy. ;-) It is very, very unlikely that there is a naughty relay in AS680. That relay most likely does DNS-, BW- or network healing test in the Tor network. https://metrics.torproject.org/rs.html#search/as:AS680 (German university or research institutes) > I guess my real question is if these connections are legit and I'm > hurting the Tor network by using connection limits? Yes, never block other relays. If you think there is somewhere a malicious relay, report it on bad-relay or in this list. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] easy way to test my exit policy
On Wed, 17 Aug 2022, li...@for-privacy.net wrote: On Dienstag, 16. August 2022 16:36:52 CEST Tom Yates wrote: i've been grumbled at in a way that makes me want to validate my exit policy before dismissing the grumble. I don't know exactly what you want to test there. You can see what you have open on tor metrics. That pretty much sums up the problem. I know what my config says I'm doing; I want independent confirmation that the daemon is behaving as advertised. Spoiler alert: unsurprisingly, it is. Should anyone else want to do this, the right way (it seems) is to run an instance of tor on a random test box, point that at the exit node to be tested, and use a socks-aware client (on random test box) to generate test traffic via the SOCKS interface on tor whilst using tcpdump (on the exit node) to verify whether packets flow. On random test client, let's call it "client", force the selection of your exit node in your local torrc, in this case by IP address: ExitNodes 178.17.171.102 and start tor. On the exit node, let's call it "angband", start tcpdump, looking for traffic to a random test server (let's call it "testserv.example.com"): angband% sudo tcpdump host testserv.example.com Then generate test traffic. This is test traffic that ought to be allowed to exit my exit node: client% nc --proxy 127.0.0.1:9050 --proxy-type socks5 testserv.example.com 80 and here's the tcpdump traffic: 08:28:47.111528 IP angband.teaparty.net.45438 > testserv.example.com.http: Flags [S], seq 1395500093, win 42340, options [mss 1460,sackOK,TS val 3055761411 ecr 0,nop,wscale 12], length 0 08:28:47.173259 IP testserv.example.com.http > angband.teaparty.net.45438: Flags [S.], seq 879943484, ack 1395500094, win 28960, options [mss 1460,sackOK,TS val 4141468305 ecr 3055761411,nop,wscale 7], length 0 08:28:47.173293 IP angband.teaparty.net.45438 > testserv.example.com.http: Flags [.], ack 1, win 11, options [nop,nop,TS val 3055761473 ecr 4141468305], length 0 [...] Here's test traffic that ought NOT to be allowed to exit my exit node: client% nc --proxy 127.0.0.1:9050 --proxy-type socks5 testserv.example.com 25 and tcpdump confirms nothing leaves. Many thanks to those who helped off-list (you know who you are); I'm grateful to everyone that responded. -- Tom Yates - https://www.teaparty.net ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relays spamming my OR port
I run the relay 8F6A78B1EA917F2BF221E87D14361C050A70CCC3 I have tried to mitigate the current DoS by implemented connection limits in my iptables using Toralf's template: More than 25 connection during 10 mins and you end up on my naughty list. Lots of connection attempts from the naughty list dropped but still my relay gets "overloaded" However, I have noticed that a few relays also end up on the naughty list, and I wonder how that can happen. My understanding is that a relay will only open 1 connection to another relay so should therefore never end up on the list. Correct? D767979FE4C99D310A46EC49037E9FE7E3F64E9D is a particularly frequent naughty boy. Maybe these relays disconnect and reconnect to my relay frequently due to network issues (effect from the DoS?) or from not having enough connections available on the router? I guess my real question is if these connections are legit and I'm hurting the Tor network by using connection limits? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] tor relay over wifi
hi i am running a tor relay on an old phone over wifi. is this a bad idea ? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
