Re: [tor-relays] Tor Relay Operators Meetup at 32c3: 28.12. 16:45
* Diarmaid McManus [2015-12-13 15:34:12 +]: Will there be availability for people who didn't manage to secure a 32c3 ticket? Be that voip or an informal, off-site meetup at another point in the conference. I'll be at BsidesHH, btw! I think this would have to be something we'd have to ask the room in advance about, considering the photography rules. I personally don't mind showing my face but I'm not the only one going to this meeting :) At i2pcon this past August we did a stream of the talks over Periscope from a plugged in phone, and it seemed to work somewhat okay based on the reception we got from those who were watching. Just a suggestion of course. Looking forward to finally being able to attend the relay operator meetup this year. See you all there! Colin ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] News reporting exit node attacks
There's no evidence to believe the attackers have used a 0-day against Tor. They have attempted a Sybil attack by trying to throw a huge amount of relays in, nothing more. On December 26, 2014 9:03:30 PM EST, Austin Bentley wrote: >Sorry about that, here's the news article: >http://yro.slashdot.org/story/14/12/26/2155252/lizard-squad-targets-tor > >On Fri, Dec 26, 2014 at 8:02 PM, Austin Bentley wrote: > >> Anyone have any more information on any of this stuff? They claim >it's a >> 0day but I have yet to see proof. >> >> >> >> >> > > > > >___ >tor-relays mailing list >tor-relays@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] List of Relays' Available SSH Auth Methods
Great work Libertas! Glad to see my relay didn't come up with any results :) Colin On November 18, 2014 10:09:37 AM EST, Libertas wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 > >Hi, everyone. Linked below is a list of relays that were live last >night >along with the SSH authentication methods they support: > >https://gist.githubusercontent.com/plsql/27e80e6dab421f8cba6c/raw/8bb0c7aa9d22b8c959834e9db8c80b6511bdf093/gistfile1.txt > >If no auth methods are listed, the SSH connection to the relay failed >(more on that below). > >I used this script to generate it: > >https://github.com/plsql/ssh-auth-methods > >The purpose of this is to alert relay operators that are still >allowing password authentication. 2,051 relays offered password auth, >and many more likely offer similarly insecure methods or were missed >for reasons discussed below. > >Generally, it is far more secure to allow only public key auth. The >Ubuntu help pages have a good guide on setting up key-based auth: > >https://help.ubuntu.com/community/SSH/OpenSSH/Keys > >Be sure to disable password authentication after you get key-based >auth working! > >https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#disable-password-authentication > >To test whether password auth is still supported, use my script (the >README is pretty thorough) or try SSHing from a machine that doesn't >have access to your private key. In the latter case, you should get >the response 'Permission denied (publickey).' immediately. > >If you're having issues, make sure that you've restarted sshd since >the last time you changed the config. > >Be sure to back up the node's secret key or your SSH private key, but >only somewhere safe! For example, store it in a password manager >database on Tarsnap or a USB. > >This script doesn't attempt any kind of authentication or unauthorized >access, so it's about as benign as network scanning scripts come. >Regardless, let me know if you have any concerns. > >It made successful SSH connections with 2839 / 6551 relays. Reasons >for failure include: > >* SSH being served on a non-standard port - something other than port >22. This is a good idea, as many brute-force attackers will only >bother trying port 22. The script I wrote could have used an alternate >port number supplied from nmap, but this would run much slower and >would potentially get my VPS blocked before it could even get the SSH >information. > >* The server only allowing SSH connections from certain IP addresses. >This is also commonly recommended, although it can be a little rigid >if you don't have a VPN with a static IP (what if your server goes >down while you're away from home?). > >* The server going down between when I downloaded the consensus and >when I ran the script. > >* My VPS's IP address getting added to a shared blacklist that the >server uses. > >* etc. > >If I gave any poor advice or got anything wrong, please let me know. > >Libertas >-BEGIN PGP SIGNATURE- >Version: GnuPG v1 > >iQIcBAEBCAAGBQJUa2ExAAoJELxHvGCsI27Np8IP/2duANtd55hs5L9IskFD2REe >9x5TR+uwZ54GhYLiFc+qiX3JnfoxfurZW7vi++D4R3E9L7nGo5weEZd0b88yJ6kx >fUT9QG8gq2RFYdG+RQgYoEI9mLNObK/uc6J9qV3Y7dLOE/may6t6BDWpQTh7g5BJ >8fOnhrqjs0JdfTldc6xzrHT+m1dKBpylWus/WwGaJBReKOx6v7FoMEY53qowK0iA >Vb5QS4idYb5WWF+K3Uzqk56v6sUzds/LTTlVc/R6mxjdse4AiMXO3DZsEffhI95W >8xSuw45e/Cfv/j80njsm4O1gFnrqyv/KcGwmL7vNPmtH4+i6dijTbBRroVElm1o3 >LQBgCdUmQLz7njeprKnw8xdKT9X3oht4p9VZDfqWogXGiqRRdEtQCVUVhJp+ZrPA >KrJBtV/IbYxyndhzC5cMAcTQUff0SOvDtzFnC4cxUbxSemtuO1NMwnIZtv3aGmG5 >NEfXS3RjaUlZeZPZuymBDL1CnFqki6+eBDvka8ZOhL1/BgmDqcgT7nRWhlC5MtCG >wBAfuJWB8BZl2PHg66VUN9X05TeHbVmrlyuRXaZO6SZof0Wp5vPjzJ1mKD6AyTlt >Y/7liLapWgCVSYldohvbLB016iO/aHyGf3oTvZqUyG3NyD267aRQCDQ+sZZq7Cdz >+eQO5eJLW/gFNXEptaJz >=alRk >-END PGP SIGNATURE- >___ >tor-relays mailing list >tor-relays@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Anonbox Project
It looks like Kickstarter has suspended the project. http://www.wired.com/2014/10/kickstarter-suspends-anonabox Colin On October 15, 2014 9:47:09 AM EDT, isis wrote: >Sven Reissmann transcribed 2.4K bytes: >> Hi there, >> >> I recently read about the anonbox project [1], a small >hardware-router, >> which allows end-users to connect their whole LAN to the Tor network. >> The project is on kickstarter at the moment [2]. >> >> Has there already been a discussion on how this might affect the >> performance of the Tor network? > >Yes and no. > >One of the Anonabox developers, August Germar, posted to their >kickstarter >page that the distributed Anonaboxes would have a checkout option to be >relays/bridges by default. [0] Colin Mahns responded to this, [1] >pointing out >some of my recent discussions with Mike Perry and others on the tor-dev >list >on scaling the Tor network. [2] [3] (And August Germar responded in >their >Reddit AMA. [4]) > >I agree with Colin that the Anonabox folks seem to be well-intentioned. >However, the network effects, were these routers to be distributed, and >were a >majority of them to be configured as relays by default, would likely be >harmful due to the low bandwidth of most residential connections. > >That said, I think that everyone here would welcome the chance for a >pocket-sized FLOSS router which enforces safe Tor usage. If that is >their >goal, and they are able to communicate honestly with users, I'd like to >help >them succeed. Particularly if it means someone else does hardware >development, >since that's not really my jam. :) > >[0]: >https://www.kickstarter.com/projects/augustgermar/anonabox-a-tor-hardware-router/posts/1017625 >[1]: >https://www.kickstarter.com/projects/augustgermar/anonabox-a-tor-hardware-router/posts/1017625?cursor=8115567#comment-8115566 >[2]: >https://lists.torproject.org/pipermail/tor-dev/2014-September/007558.html >[3]: >https://lists.torproject.org/pipermail/tor-dev/2014-September/007560.html >[4]: >https://www.reddit.com/r/anonabox/comments/2ja22g/hi_im_august_germar_a_developer_for_the_anonabox/cl9u17k > >-- > ♥Ⓐ isis agora lovecruft >_ >OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 >Current Keys: https://blog.patternsinthevoid.net/isis.txt > > > > >___ >tor-relays mailing list >tor-relays@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
