[tor-relays] WannaCry fallout FYI

[Jon Gardner]

From the SNORT folks...

http://blog.talosintelligence.com/2017/05/wannacry.html?m=1

" Additionally, organizations should strongly consider blocking connections 
to TOR nodes and TOR traffic on network. Known TOR exit nodes are listed within 
the Security Intelligence feed of ASA Firepower devices. Enabling this to be 
blacklisted will prevent outbound communications to TOR networks."

<><
Jon L. Gardner
Mobile: +1 979-574-1189
Email/Skype/Jabber: j...@brazoslink.net
AIM/iChat/MSN: j...@mac.com___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Jon Gardner]

> On Oct 6, 2016, at 7:45 AM,   wrote:
> 
> - The traffic going out of tor exit nodes in our network is even worse that 
> the one which is comming out of the internet. Paul who started this thread 
> has constant flow over 50kpps. It consists mostly from various DoS attacks + 
> exploits against many known CMS. I wouldn't wonder if there could come an 
> attack against our infrastructure. Anyway it would be really interesting to 
> analyze that flow completely.


This is a useful point. Tor IPS wouldn't need to "censor" anything, or even 
scan Tor traffic. Tor nodes are under constant attack, they're natural 
"honeypot" servers. TIPS could detect a base set of commonly-known malicious 
attacks _on_the_node_itself_ (not on internal Tor traffic), and then determine 
if those attacks were coming from another Tor node (easily done). If so, TIPS 
could "run it up the chain" to block the actual offending host at the other end 
of the Tor connection, (probably) without compromising anonymity, and without 
breaking the Tor network. Attacks coming from a non-Tor node could optionally 
be ignored or processed like a "standard" IPS, depending on how it's 
implemented.

I recognize that the actual implementation is still non-trivial, but this would 
at least give the Tor network a base level of IPS capability without breaking 
anything. More important, it would demonstrate to the Internet community that 
Tor is actually doing something proactive about abuse. Tor claims to operate 
like a specialized ISP, and any good ISP protects its own servers.

Jon

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] The Onion Box: A web based status monitor for Tor relays

[Jon]

 Clicking on the nk is wrong some way...

By copy and paste the URL, I was able to get the page to not have an error


On Wed, Dec 30, 2015 at 6:28 AM, Jon  wrote:

> Still giving 403 error  -
> Ups, hier hat sich ein
> Fehler eingeschlichen...
>
> Fehler-Code: 403
>
>
> Would love to check it out  :)
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>  This
> email has been sent from a virus-free computer protected by Avast.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#151f2dc4632b80f6_DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> On Wed, Dec 30, 2015 at 6:18 AM, ZEROF  wrote:
>
>> Hi Ralph,
>>
>> I will first post url again because yours give me 404 error page:
>> https://github.com/ralphwetzel/theonionbox
>> <https://3c.gmx.net/mail/client/dereferrer?redirectUrl=https%3A%2F%2F3c.gmx.net%2Fmail%2Fclient%2Fdereferrer%3FredirectUrl%3Dhttps%253A%252F%252Fgithub.com%252Fralphwetzel%252Ftheonionbox>
>>
>> I will check this week and see.
>>
>> Thanks for your work and sharing.
>>
>> On 30 December 2015 at 10:49, k0nsl  wrote:
>>
>>> Good morning to you too Ralph!
>>> Thanks for the project; I will try it out later today.
>>> Best wishes,
>>> -k0nsl
>>>
>>> On 12/30/2015 10:36 AM, theonion...@gmx.com wrote:
>>> > Good morning!
>>> >
>>> > I've created a tool to monitor a Tor relay "in action". In the end it's
>>> > a web interface operating with Tor's ConfigPort data. Currently it's
>>> not
>>> > as powerful as arm... but it definitely looks better ;)!
>>> >
>>> > You can find the tool and some instructions to get it running at
>>> > GitHub: https://github.com/ralphwetzel/theonionbox
>>> > <
>>> https://3c.gmx.net/mail/client/dereferrer?redirectUrl=https%3A%2F%2F3c.gmx.net%2Fmail%2Fclient%2Fdereferrer%3FredirectUrl%3Dhttps%253A%252F%252Fgithub.com%252Fralphwetzel%252Ftheonionbox
>>> >
>>> >
>>> > I would be very happy if people gave it a try and provide feedback to
>>> > me, especially in case something fails... which probably might happen!
>>> >
>>> > Greetings,
>>> >
>>> > ralph
>>> >
>>> >
>>> >
>>> >
>>> > ___
>>> > tor-relays mailing list
>>> > tor-relays@lists.torproject.org
>>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> >
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>
>>
>>
>> --
>> http://www.backbox.org
>> http://www.pentester.iz.rs
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] The Onion Box: A web based status monitor for Tor relays

[Jon]

Still giving 403 error  -
Ups, hier hat sich ein
Fehler eingeschlichen...

Fehler-Code: 403


Would love to check it out  :)

This
email has been sent from a virus-free computer protected by Avast.
www.avast.com

<#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Wed, Dec 30, 2015 at 6:18 AM, ZEROF  wrote:

> Hi Ralph,
>
> I will first post url again because yours give me 404 error page:
> https://github.com/ralphwetzel/theonionbox
> 
>
> I will check this week and see.
>
> Thanks for your work and sharing.
>
> On 30 December 2015 at 10:49, k0nsl  wrote:
>
>> Good morning to you too Ralph!
>> Thanks for the project; I will try it out later today.
>> Best wishes,
>> -k0nsl
>>
>> On 12/30/2015 10:36 AM, theonion...@gmx.com wrote:
>> > Good morning!
>> >
>> > I've created a tool to monitor a Tor relay "in action". In the end it's
>> > a web interface operating with Tor's ConfigPort data. Currently it's not
>> > as powerful as arm... but it definitely looks better ;)!
>> >
>> > You can find the tool and some instructions to get it running at
>> > GitHub: https://github.com/ralphwetzel/theonionbox
>> > <
>> https://3c.gmx.net/mail/client/dereferrer?redirectUrl=https%3A%2F%2F3c.gmx.net%2Fmail%2Fclient%2Fdereferrer%3FredirectUrl%3Dhttps%253A%252F%252Fgithub.com%252Fralphwetzel%252Ftheonionbox
>> >
>> >
>> > I would be very happy if people gave it a try and provide feedback to
>> > me, especially in case something fails... which probably might happen!
>> >
>> > Greetings,
>> >
>> > ralph
>> >
>> >
>> >
>> >
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
>
> --
> http://www.backbox.org
> http://www.pentester.iz.rs
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Slow relay speeds for Australian geographic location(s)

[Jon Daniels]

Jeremy,

Yea I noticed that too.  So, I ended up putting them all on different
IP's.  Working well so far.

Cheers,
Jon

On Mon, Oct 13, 2014 at 3:55 PM, Jeremy Olexa  wrote:

> Hi Jon,
>
> On Mon, Oct 13, 2014 at 10:36 AM, Jon Daniels  wrote:
>
> > Recently I turned up nineteen additional nodes on that server and they're
> > averaging 60Mbps of overall throughput.  CPU load is still 0.00.
>
> While I can't speak for the Australian problem, I do want to highlight
> that you can only have two TOR processes per IP.
>
> "Note that running more than two tor processes per IP address will
> result in those other nodes not being used on the network. You'll see
> the following message in your logs:
>
> [notice] Heartbeat: It seems like we are not in the cached consensus."
>
> (source: https://www.torservers.net/wiki/setup/server - It probably is
> in the spec somewhere but I didn't have the right search term)
>
> -Jeremy
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Slow relay speeds for Australian geographic location(s)

[Jon Daniels]

Hi Mathew,

I run multiple exit nodes in the US and have what could be the same
problem.  My first node 'apexio' has been running with 99.99% uptime for
four months and the bandwidth usage is minimal and dropping.  I'm using
Linux with very fast hardware and ample resources.

I mentioned all the specifics on this list a couple weeks ago and no one
had a solution.

https://globe.torproject.org/#/search/query=apexio

A customer of mine also has the same issue.

Something is going on that's NOT related to hardware or network speed, but
is a symptom of some issue in the Tor network.

Recently I turned up nineteen additional nodes on that server and they're
averaging 60Mbps of overall throughput.  CPU load is still 0.00.

-Jon

On Sat, Oct 11, 2014 at 12:19 PM, Mathew  wrote:

> Hello all,
>
> I run a non-exit relay in Australia. My relay has been running for almost
> 15 days and has seen very little traffic.
> I have a 100/40 fibre connection and bandwidth is set at 2MB/s and 2.5MB/s
> burst.
>
> The mean read/write is 3.22kb/s and the advertised bandwidth constantly
> varies between 100-800kb/s which is obviously a fraction of my available
> bandwidth.
>
> Do relays located in less tor frequented countries see much less traffic
> or something? I have ports set at 443 and dirport 9030, is this an optimal
> port setting?
>
> Anyone with helpful information would be appreciated. My relay is 1337m8
> if anyone wants to look at the traffic.
>
> Thanks
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bandwidth not being used by Tor on Gigabit dedicated server

[Jon Daniels]

Thank you for the reply.  I have already (months ago) configured the max
file limit to be 795552.

Perhaps I'll try running more instances...

On Tue, Sep 30, 2014 at 11:46 AM, Tom van der Woerdt  wrote:

> I've often found my servers accidentally bottlenecked by the default open
> file limit on some Linuxes. For example, on CentOS 6 this is 4096, which
> for an exit node tends to mean ~50Mbit/s per process.
>
> A single process will not saturate 1Gbit/s. Judging by the hardware
> (AES-NI support) you will need 3 or 4 instances running simultaneously to
> max the link.
>
> Tom
>
>
>
> s7r schreef op 30/09/14 20:31:
>
>  -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> It has nothing to do with the location (US). There are fewer US exit
>> relays than other countries in Europe.
>>
>> Check the CPU usage too, usually CPU is the bottleneck on high port
>> speed servers. Tor does not know yet how to do multithreading.
>>
>> Do you have AES-NI hardware acceleration at your CPU? This is very
>> helpful too.
>>
>> Install htop (yum -y install htop) and it will tell you exactly how
>> much each core is used. Let us know. I see that you confirm CPU load
>> is not the fault, but probably you are checking it via a tool which is
>> reporting the usage for ALL CPU (all cores) - try with htop and see if
>> there is just one core @ 98% usage and others at less than 10%.
>>
>> If the CPU is not the bottleneck, there is something at your provider
>> (probably throttling Tor traffic to balance the other non-tor users in
>> the same datacenter). If you built the network infrastructure there
>> and know for sure such thing is not implemented there, don't really
>> know what to say.  CPU / RAM and Network interface is all you can test
>> to see if it is the bottleneck for Tor. If all these are off the list,
>> there is something upstream you.
>>
>> I repeat, the location is not the fault here, and I encourage adding
>> more exits in the US.
>>
>> On 9/30/2014 8:52 PM, Jon Daniels wrote:
>>
>>> Hi,
>>>
>>> My Tor node is not utilizing the bandwidth available to it. I have
>>> tried setting RelayBandwidthRate to various values with no change
>>> whatsoever in bandwidth usage.
>>>
>>> Running for 5 months with 99.77% uptime:
>>> https://globe.torproject.org/#/relay/1F6598EA09A82E7A5D3131E71A97C8
>>> 06E6FDA4A1
>>>
>>>   My node has used a maximum of about 4MB/s or about 40Mbps. I've
>>> been expecting it to use 10MB/sec to 30 MB/sec. It dropped from
>>> 4MB/sec to around 1MB/sec now.
>>>
>>> OS: CentOS 6.x 64bit latest CPU: Xeon E3 1230 MB: Supermicro X9SCL
>>> RAM: 8GB Network connection: 1000Mbps
>>>
>>> Bandwidth tests show the server can easily send or receive hundreds
>>> of Mbps. I have tweaked server settings trying to get the speed up
>>> to no avail.
>>>
>>>
>>> Tor v0.2.4.24 (git-549ec02c188842f6) running on Linux with
>>> Libevent 1.4.13-stable and OpenSSL 1.0.1e-fips.
>>>
>>> Relevant config:
>>>
>>> DirPort 9030 # what port to advertise for directory connections
>>>
>>> RelayBandwidthRate 30 MB # Throttle traffic to 100KB/s (800Kbps)
>>> RelayBandwidthBurst 30 MB # But allow bursts up to 200KB/s
>>> (1600Kbps)
>>>
>>> DisableDebuggerAttachment 0
>>>
>>> ORPort 443
>>>
>>> ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43
>>> # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 #
>>> finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept
>>> *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194
>>> # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 #
>>> LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 #
>>> kpasswd ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept
>>> *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy
>>> accept *:563 # NNTP over SSL ExitPolicy accept *:636 # LDAP over
>>> SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 #
>>> kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept
>>> *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS
>>> management for firewall ExitPolicy accept *:989-995 # FTP over SSL,
>>> Netnews Administration System, telnets, IMAP over SSL, ircs, POP3
>>> over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept
>>> *:1220 # QT Server Admin ExitP

[tor-relays] Bandwidth not being used by Tor on Gigabit dedicated server

[Jon Daniels]

Hi,

My Tor node is not utilizing the bandwidth available to it. I have tried
setting RelayBandwidthRate to various values with no change whatsoever in
bandwidth usage.

Running for 5 months with 99.77% uptime:
https://globe.torproject.org/#/relay/1F6598EA09A82E7A5D3131E71A97C806E6FDA4A1

My node has used a maximum of about 4MB/s or about 40Mbps. I've been
expecting it to use 10MB/sec to 30 MB/sec. It dropped from 4MB/sec to
around 1MB/sec now.

OS: CentOS 6.x 64bit latest
CPU: Xeon E3 1230
MB: Supermicro X9SCL
RAM: 8GB
Network connection: 1000Mbps

Bandwidth tests show the server can easily send or receive hundreds of
Mbps. I have tweaked server settings trying to get the speed up to no avail.


Tor v0.2.4.24 (git-549ec02c188842f6) running on Linux with Libevent
1.4.13-stable and OpenSSL 1.0.1e-fips.

Relevant config:

DirPort 9030 # what port to advertise for directory connections

RelayBandwidthRate 30 MB # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 30 MB # But allow bursts up to 200KB/s (1600Kbps)

DisableDebuggerAttachment 0

ORPort 443

ExitPolicy accept *:20-23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System,
telnets, IMAP over SSL, ircs, POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # BitCoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *: # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *: # distinct
ExitPolicy accept *:1 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:12350 # Skype
ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:23456 # Skype
ExitPolicy accept *:33033 # Skype
ExitPolicy accept *:64738 # Mumble
ExitPolicy reject *:*

In addition, there's another Tor node running at the same ISP (but by a
different person), on completely different hardware and a different router,
that exhibits the same issue:

https://globe.torproject.org/#/relay/50F37822AFA257B24B3343D9BBFB0442E900FB4C

For background, I built and manage the network both servers are hosted on
and have been doing so for 20 years. I also built both servers. The network
is at less than 15% capacity, 99% of the time.

CPU load is always at 0.00. Based in the USA, west coast.

Ideas?  Is there simply less demand for tor traffic in the US?

Cheers,
Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit policies pointing to IP blocks not appearing on Globe

[Jon Gardner]

On Jun 9, 2014, at 11:26 AM, Mendelson Gusmão  wrote:

> Hi! I just setup a tor relay, encouraged by EFF's Tor Challenge. All I have 
> is a domestic connection. I've read my TOS and my ISP seems to be very 
> friendly to this case. Although I have a little suspicion about traffic 
> shaping, my exit node seems to be running very well!
> 
> I'm worried about one thing, though. I remember that a while ago, when I 
> tried to access Facebook using a tor client, I saw a message telling that I 
> was blocked for using the network. To avoid the other users of my network to 
> be blocked due to the traffic in my exit node, I managed to add exit policies 
> rejecting every IP block that belongs to Facebook. However, these exit 
> policies don't appear in neither globe.torproject.com nor any site that 
> provides information about nodes.
> 
> Are these addresses being scrubbed? How do I make sure that these policies 
> being applied?
> 
> Thanks!


Anything that shares an IP with a Tor relay will be blocked from many common 
services, like Facebook, Skype, Hulu, etc.

This may or may not be possible, depending on your arrangement with your ISP, 
but if you're running an exit relay, it would be optimal to run it on its own 
public IP, so all of the exit traffic is completely separated from any other 
traffic on the host (or your NATted public IP). You can use the 
OutboundBindAddress tag in torrc to force Tor to use the alternate IP. 

Jon

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Mac OSX 10.6, re-installed, TBB downloaded, installed?, terminal window....what now?

[Jon Gardner]

On May 7, 2014, at 3:10 PM, Robert Smith  wrote:

> 
> If someone could post a link where I could download and install software for 
> running a Tor relay or bridge, I'd appreciate it.
> 


The TBB is for browsing, it's not set up to run as a bridge or relay. On the 
Mac, if you want to run a bridge or relay, the easiest method is probably to 
use MacPorts or Homebrew, as documented here:

https://www.torproject.org/docs/tor-doc-osx.html.en

FWIW, I've been running a Tor exit relay on Mac OS X 10.6.8 for many years.

Jon

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trusted Tor Traceroute Scoreboard Link Modified

[Jon Gardner]

On Feb 4, 2014, at 8:05 PM, Anupam Das  wrote:

> Hi Relay Operators,
>  We have made some modifications to the way we 
> are running our live scoreboard script. Previously we were running into some 
> problems with handling multiple simultaneous web requests, as the server 
> started a heavy script for each incoming request. Now we are updating a 
> static HTML files every 10 minutes.
> 
> The link of our scoreboard has changed. Now the scoreboard is available at-
> 
> http://datarepo.cs.illinois.edu/relay_scoreboard.html
> 
> Sorry for the inconveniences.
> 
> Thanks
> 
> Anupam


I had noticed that it was well nigh impossible to access that page, thanks for 
the fix.

I've had your traceroutes.sh script running on my exit relay for almost two 
weeks now, using scamper from MacPorts on Mac OS X Server 10.6.8, and it's 
still running. I can't tell that it's doing anything, and the exit's IP doesn't 
appear in your stats. Not sure what's wrong. Do I need to restart it in debug 
mode?

Jon

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] (no subject)

[Jon Hernandez]

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] exit and skype

[Jon Gardner]

On Nov 5, 2013, at 1:00 PM, Jan Hendrik den Besten  wrote:

> Boy, now I am in trouble...
> 
> I run an exit node from my home address for a few weeks now, but my gf
> starts complaining she cannot use Skype anymore to chat with her mum.
> 
> I understand Microsoft blocks all tor exits from accessing Skype. Is there
> anything I can do except converting the exit into a relay?


As others mentioned, Jitsi is a great alternative, but to your question: If you 
want a happy gf, you'll need Skype, and the only sure fix is to convert to a 
non-exit. The Skype problems will magically disappear after a few days. Using a 
VPN *might* work, but Microsoft blocks access from many of those too.

Complaining to Microsoft, especially if you're a paying Skype customer, might 
not help, but it can't hurt.

Jon

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Admin panel compromised

[Jon]

Yoriz,

I also concur with the previous reply at the way you are handling the
situation. I hope you get back up and running soon.

Thanks for running an exit.

Jon


On Fri, Oct 4, 2013 at 2:21 AM, Yoriz  wrote:

> For your info:
>
> I am the operator of the "privshield" exit. I just got notice from my
> hoster (5gbps.com) that their backoffice admin panel was compromised.
> Indeed my firstname and password to the admin panel have been changed.
> Fortunately, I have SSH on my VPS configured to only accept public
> key-based logins, and see no signs of entry of the VPS.
>
> As the backoffice panel provides direct console access, there is a slight
> chance they logged in directly by a safe-mode boot, but my uptime is a
> month, and I see no dip in the tor bandwidth:
> https://atlas.torproject.org/#details/DA3F7BD5428F88C79C9C7006B791982DA0115411
>
> However, as a precaution I have shut down my tor exit. I will request a
> clean Ubuntu image and reinstall my tor exit this weekend. I will generate
> new server keys just to be sure. My mail is hosted on the same system, I
> won't have access to this email address for a few days.
>
> // Yoriz
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relays

[Jon Gardner]

On Aug 28, 2013, at 5:09 PM, Roger Dingledine  wrote:

> On Tue, Aug 27, 2013 at 11:12:01PM +0200, Tor Exit wrote:
>> Why is it so bad if a Tor exit operator tries to match the use of
>> their node with their own moral beliefs?
> 
> I really would like to support this if I could.

I appreciate your kind and well-reasoned response, Roger.

For those others who, through (unkind, often poorly spelled, and logically 
flawed) mockery and name-calling, hypocritically demanded censorship of the 
very idea that individual liberty necessarily involves individual moral 
responsibility, I have composed a poem.

A few puerile punks would use Tor
To browse for big boobs, nothing more
"Rights of humanity"
Was just false piety
So bit by bit all the web closed the door.

If you want to use Tor for immoral things, go ahead--it will obviously 
accommodate you--but please stop pretending to speak for those of us who run 
Tor nodes because we actually care about human rights and liberty, and aren't 
just using those nice catch-phrases as a cover for licentiousness and mindless 
self-gratification. You're a large part of the reason that Tor is "technology 
non grata" in so many places, to so many people that would otherwise fully 
support its mission.

Hugs,
Jon




signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relays

[Jon Gardner]

On Aug 22, 2013, at 11:56 AM, mick  wrote:

>> The other thing that I am weighing is just a moral question regarding 
>> misuse of the Tor network for despicable things like child porn. I 
>> understand that of all the traffic it is a small percentage and that 
>> ISPs essentially face the same dilemma, but I wonder if more can be
>> done to make Tor resistant to evil usage.
>> 
> Tor is neutral. You and I may agree that certain usage is unwelcome,
> even abhorrent, but we cannot dictate how others may use an anonymising
> service we agree to provide. If you have a problem with that, you
> probably should not be running a tor node.

Then why have exit policies? Exit nodes regularly block "unwelcome" traffic 
like bittorrent, and there's only a slight functional difference between that 
and using a filter in front of the node to block things like porn (which, come 
to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't 
have to be just a moral question). If someone has a problem with exit nodes 
blocking things like porn (or bittorrent, or...), then they probably should not 
be using Tor.

The very idea of Tor is based on moral convictions (e.g., that personal privacy 
is a good thing, that human rights violations and abuse of power are bad 
things, etc.). So Tor is most definitely not neutral, nor can it be--because, 
if it is to exist and flourish, those moral convictions must remain at its 
foundation. One cannot on the one hand claim that human rights violations are 
"wrong" while on the other hand claiming that pornography (especially child 
porn) is "right." If one wants further proof that Tor has a moral component, 
one has only to visit http://www.torproject.org, click the "About Tor" link, 
and notice the discussion points. I doubt that anyone could convince the Tor 
team to add "...for unfettered access to pornography..." as a bullet point 
under "Why we need Tor."

The Tor devs go to great lengths to try to keep "evil" governments from using 
Tor against itself. Why not devote some effort toward keeping "evil" traffic 
off of Tor? Given the fact that "we need more relays" is the common mantra, it 
seems to me that if the Tor community could come up with a technical answer to 
address at least some of the most egregious abuses of Tor--things like child 
porn, or even porn in general, that either have nothing to do with Tor's 
foundational mission, or (like child porn) are antithetical to it--the result 
would be greater public support for the technology, and a wider deployment base.

It's worth discussion.

Jon

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Increase of number of new relays and exit nodes

[Jon]

On Thu, Aug 22, 2013 at 6:55 AM, Moritz Bartl  wrote:

> Hi Jon,
>
> On 18.08.2013 20:34, Jon wrote:
> > I have noticed over the past several months that the amount my exit
> > relay was being used has drastically dropped as the new relays and new
> > exits have come online.  Is this normal to see my usage drop noticeably?
>
> I don't see that with our relays. ( https://www.torservers.net/munin/ )
>
> Also, are there really more exit relays? From
> https://metrics.torproject.org/relayflags.png , it looks like there are
> indeed more non-exit relays, but not exit relays.
>
> --
> Moritz Bartl
> https://www.torservers.net/
> ___
>
>


Moritz,

I was making an assumption that there were more exit relays. I probably
should have done a bit more research on the specific. I was just going off
the number count of the relays listed.

However, i have noticed a dramatic decrease in my exit server over the past
several months, even back to last year. The only thing I could come up with
that would be related was the increase in relays. ( both exit and non-exit
).

I have done some changes in the past couple of days as in fine tuning and
cleaning the putr box, thinking that may have been part of my issue. At
this point to early to tell, but I am not expected much if any increase at
this point.

I also wonder with some of the changes in the Tor software adding more
entry guards, maybe when one hits the entry guard status, the server usage
drops?

Seems to me I had read that in one of the posts that more entry guards were
needed and the authority software for the authority servers had been
upgraded to add more entry guards. But I may be confused there.

If I go back the past 3 yrs, I can see a difference from what it was
running then, to where I am running now, which is a major drop in usage
with no changes, prior to the past couple of days.

Thanks,

Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Increase of number of new relays and exit nodes

[Jon]

I am wondering with the increase of number of new relays and exit nodes how
this might be affecting the other ( non- new ) relays and exits?

I have noticed over the past several months that the amount my exit relay
was being used has drastically dropped as the new relays and new exits have
come online.  Is this normal to see my usage drop noticeably?

Is this going to be a continuing trend as new relays and exits join with
what we already have, that some relays / exits will see a lower usage from
their nodes?

Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Local problem or Authority problem?

[Jon]

On Tue, Mar 12, 2013 at 12:38 PM, Steve Snyder wrote:

> This is the 2nd time I've seen the message below in the last few days.  Is
> this a local problem, or is this Authority server having network problems?
>
> -
>
> Mar 12 16:13:57.000 [warn] Received http status code 504 ("Gateway
> Time-out") from server '154.35.32.5:80' while fetching consensus
> directory.
> Mar 12 16:13:57.000 [warn] Received http status code 504 ("Gateway
> Time-out") from server '154.35.32.5:80' while fetching "/tor/server/d/
>

shorten original -

 I have also gotten the same message ' Warning '  past 3 days, " while
fetching "/tor/server/authorityz " I'll try again soon.

Though it is a different server IP Address.

Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Possible bug on Tor 0.2.4.8-alpha and 0.2.4.9-alpha

[Jon]

I started the Tor alpha yesterday, and now have numerous instances of "

" Bug/Attack: unexpected sendme cell from client. Closing circ."

Anything to be concened about


Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Min. Bandwidth for Bridge Relay?

[Jon]

On Thu, Sep 20, 2012 at 8:11 AM, cmeclax wrote:

>
>
> How often does your IP address change? A bridge's address should change
> every
> few weeks so that censors making lists of bridge addresses can't keep up
> with
> it. My address changes once every few years (the last time was because
> someone
> broke the cable digging up a pipe), so I run a middle relay. Don't run an
> exit
> relay from a home connection; you'll be banned from editing Wikipedia,
> talking
> on IRC, etc.
>
> cmeclax
> ___
>
>

Why not run an exit relay from home? I have done it for 4 yrs, also i have
no problems getting on IRC with tor, thought it does depend on which
network.

It is just a matter of what one wants to pay/donate to the Tor Project. One
does not have to use a standered home connection, but can use a business
connection, all from home, which also will increase their available
bandwidth.

Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Call for discussion: turning funding into more exit relays

[Jon]

 I am impressed with the amount of good discussion so far, in stead of the
' mine is better than yours ' syndrome or ' i know more than you ' .

Along with what has been discussed and beginning proposals so far, in the
infancy here, What about finding a way, if not to much of a headache,
trying to utilize some of the exit relays we already have that their
allocated bandwidth is not being used now.

I know their are some factor that need to be considered, and the latest is
the balancing that was recently incorporated into the Tor system, which
was  brought up in earlier threads.

It would be nice for those people that already have a server running, that
have the sources to be able to use more of their bandwidth.

I can only speak for my self here, but I know that I had hoped that when I
started a exit relay, that more of my bandwidth would be used. Which at the
present on a dedicated server is at very minimal usage..

Just food for thought  :)

Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How to Run Torservers.net

[Jon]

 First of all, thanks Moritz for beginning the thread and the info you
passed on. It has given me some good info.  :)


In my case, I have been running a full exit relay now for just over 2 1/2
years. When I first began, I would get reports from my ISP about abuses.
They just called me on the phone and told me about it. I asked them what
port it was and specifically what the problem issue was. They advised they
had several reports about copyright infringement issues on music and a
couple on movies. I took the info and and blocked that specific port.

That solved the problem. I went several months before I got called again
for the same thing, but from a different complainer. I did again block the
new port and everything was solved. I went for over a year with out any
complaints and this year got called again. It was about my IP addy doing
some mass mailing spam. I advised them ( my ISP ) that I did not do this. I
asked what port was used and who the complaint came from. I was told both
and I resolved that issue after we hung up.

In all of my complaints, it was done by phone from my ISP, and I was able
to put a fix right away. From reading other Tor Op's reports about the
complaints, I had expeted more and was worried how I was going to handle
it. I have been greatly surprised that it has been as few as it is.

In my case I would say no more than total of 10-15 complaints in 2 1/2
years in running a full exit relay.


Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] too many abuse reports

[Jon]

On Tue, May 22, 2012 at 11:18 PM, Mike Perry wrote:

> Thus spake Jon (torance...@gmail.com):
>
> > On Tue, May 22, 2012 at 3:17 PM, Mike Perry  >wrote:
> >
> > > > On Tue, 22 May 2012 13:29:54 -0500
> > > > Jon  allegedly wrote:
> > > >
> > > > > Yep same here, got notice today from ISP on a report of the 20th
> for
> > > > > alledged hacking with someone using sqlmap. the reporting ip was a
> > > > > brazilian gov ip address.
> > > > >
> > > > > I just blocked the port and kept on serving
> > >
> > > As of yet, no one has mentioned the port. Out of curiosity, is it
> > > included in the Reduced Exit Policy?
> > > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
> > >
> > >  The port was 57734 - of course that doesn't mean another port could be
> > used
>
> Are you sure that's not the source port (which is randomized) for the
> incident? This is a weird destination port.
>
> If so, simply switching to the Reduced Exit Policy (or adding a reject
> line for *:57734) would prevent the attack from using your exit. No need
> to stop exiting entirely.
>
>
> --
> Mike Perry
>
> __
>
> Yes, that was the source port that was used thru my machine. ( you are
correct, Mike )

The destination port was 80. The Host: 200.189.123.184

COSED [CSG-GOP-009] SCAN Sqlmap SQL Injection Scan = The Alert  that
started the alleged hack attempt


 I have had similar incidents in the past and all I did was block the port
that was used and never had any more issues of the type that was reported.

This particular issue is the 1st for me. Time will tell if it did work or
not. At this point, I am still running a Exit relay.


Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] too many abuse reports

[Jon]

On Tue, May 22, 2012 at 3:17 PM, Mike Perry wrote:

> Thus spake mick (m...@rlogin.net):
>
> > On Tue, 22 May 2012 13:29:54 -0500
> > Jon  allegedly wrote:
> >
> > > Yep same here, got notice today from ISP on a report of the 20th for
> > > alledged hacking with someone using sqlmap. the reporting ip was a
> > > brazilian gov ip address.
> > >
> > > I just blocked the port and kept on serving
>
> As of yet, no one has mentioned the port. Out of curiosity, is it
> included in the Reduced Exit Policy?
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
>
> Mike Perry
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
  The port was 57734 - of course that doesn't mean another port could be
used
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] too many abuse reports

[Jon]

On Tue, May 22, 2012 at 10:37 AM, Fosforo  wrote:

> same here. someone using sqlmap
>
> --
> []s Fosforo
> -
> "Only the wisest and stupidest of men never change."
> -Confusio
> -
>
>
> On Tue, May 22, 2012 at 8:18 AM, mick  wrote:
> > Hi
> >
> > I have today, reluctantly, switched my node
> > torofotheworld.aibohphobia.org from an exit node to relay only. My ISP
> > has stayed faithful over several abuse reports in the past, but this
> > week following two more in quick sucession (from brazilian government
> > services by the look of it) they have asked that I shut down the exit
> > policy. Rather than lose the node entirely, I have agreed.
> >
> > Some bozo has been using sqlmap to scan servers through tor.
> >
> > Mick
> >
> > -
> > blog: baldric.net
> > fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423
> > -
> >
> >
>

Yep same here, got notice today from ISP on a report of the 20th for
alledged hacking with someone using sqlmap. the reporting ip was a
brazilian gov ip address.

I just blocked the port and kept on serving

Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bandwidth Authority PID Feedback Experiment #2 Starting

[Jon]

On Mon, Dec 12, 2011 at 6:52 PM, Mike Perry  wrote:
> Thus spake Jon (torance...@gmail.com):
>
>>  In adding further info on the topic, I have noticed and looked back
>> over the past couple of weeks and have seen a drop of of usage of
>> about 43% s of today. I am not in the higher bracket as others, but I
>> have been in the 3 bars bracket only up till recently.
>>
>> Don't know if this will help, but if it does, add it to the rest of
>> the info you have already received.
>
> What helps more is your node nick and/or idhex string. If you're not
> comfortable talking about that publicly, knowing if you are Guard,
> Exit, Guard+Exit, or just Stable (Middle) node helps.
>
> I actually do expect that this system may cause some slower nodes
> (especially those with capacities close to or below the network stream
> average of ~70Kbytes/sec) to experience less traffic. This does not
> mean the nodes are useless. It just means that we should try to use
> them infrequently enough such that when they are used, they can
> provide enough capacity to not be a bottleneck in a circuit.
>
> We are still waiting for the effects of the Guard bug to fully
> dissipate. I am cautiously optimistic that things are getting better,
> but we'll need to keep an eye on things for a bit longer to be sure, I
> suspect.
>
>
> --
> Mike Perry

 Mike,

 looking at the network status for my node nick today, it is showing
that at last senses check, it was shown at 260 KBs with status as a
guard
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bandwidth Authority PID Feedback Experiment #2 Starting

[Jon]

 In adding further info on the topic, I have noticed and looked back
over the past couple of weeks and have seen a drop of of usage of
about 43% s of today. I am not in the higher bracket as others, but I
have been in the 3 bars bracket only up till recently.

Don't know if this will help, but if it does, add it to the rest of
the info you have already received.

PS: I am also running Win7 with everything up to date and just started
running the latest alpha version for windows actually as far as I can
tell, appears to be more stable at this time than the last stable
version. ( I like it when the alpha doesn't appear to have any bugs )
Good work guys and gals!!


Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Logs full of "eventdns: All nameservers have failed"

[Jon]

On Sat, Dec 3, 2011 at 4:09 AM, Moritz Bartl  wrote:
> Yes, I see them, and grown accustomed to them. Not that often though.
>
> On 03.12.2011 07:38, Klaus Layer wrote:
>> Hi,
>>
>> my logs are full of these messages:
>>
>> 05:54:07 [NOTICE] eventdns: Nameserver 127.0.0.1 is back up
>> 05:54:07 [WARN] eventdns: All nameservers have failed
>>
>> At first I thought that the DNS of my ISP sucks, so I changed to Google 
>> Public
>> DNS. But the warnings are still there.
>>
>
> --
> Moritz Bartl
> https://www.torservers.net/
>
>
> ___

I also get them, tho not as frequent from the latest stable than I did
on previous ones. However, I do not pay any attention to them anymore
also as it does not appear to make any difference on the way tor works
either for server or for regular usage. I might be more concerned if
the time lapse was several minutes or more than 100th's of a second

Jon
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] max / burst speed

[Jon]

On Tue, Sep 27, 2011 at 11:01 AM, Andreas Reich  wrote:
> well, i dont know exactly but since there are more middle then exit nodes
> maybe there is no need for larger bandwiths ...
>
> My middle node has a maxbandwith of 250 KBytes and isnt under full load
> either.
>
> So far i dont have any ideas why your node dont use the full bandwith ...
> sorry
>
> greetings
> Andreas
>
> Am 27.09.2011 16:07, schrieb Sebastian Urbach:
>
> Am Tue, 27 Sep 2011 15:48:10 +0200
> schrieb Andreas Reich :
>
> Hi Andreas,
>
> do you have Accounting enabled in your torrc file?
> Although even with AccountingMax your relay should run with its
> Bandwith settings, until the Accounting Options are met.
>
> No, i dont.
>
> Is your relay a middle or exit node?
>
> Middle node.
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


I can't speak for others, those with large amounts of BW usage or even
those with lower BW usage, but I know I never in the past 2 years have
never come close to using my available bandwidth.

I maybe wrong in this assumption, but I am thinking , at least now,
that there are certain nodes that dont get a large amount of traffic
like they used to, that the BW is more distributed among those nodes
that are available.

Hopefully someone will jump in and clarify this better.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays