Re: [tor-relays] A few questions about my setting up my first Tor relay.
I would second the Raspberry Pi as a Tor relay/bridge. Very low power consumption and no noise too boot! On Fri, Apr 18, 2014 at 5:47 AM, Chris Whittleston wrote: > Hey Robert, > > Thanks for your interest in setting up a relay! I see you've already had > some replies to your questions but let me add a slightly different > suggestion - buying a Raspberry Pi for ~£25 and running your relay from > there. This has the advantage of being extremely low in power requirements > and doesn't need you to leave one of your other machines on all the time. > > If you're curious about this option, I've written up some pretty detailed > instructions here: > > > https://docs.google.com/document/d/1bf_D_j1O-9ckTS9DY8ngIdiFwHta6Q5Uj_5dvOiavCQ/edit?usp=sharing > > Good luck! > > Chris > On 18 Apr 2014 07:21, "Robert Smith" wrote: > >> Judging by the level of your computer skills implied by the emails, those >> involved in Tor have better things to do than help a guy like me. I think >> it is important to the entire world that the internet links us together, >> and Tor may be the most crucial part of that. >> >> I have 3 machines as possible candidates for a Tor relay: >> >> A) A decent PC (around 6 years old) with Vista installed. It's been >> unused for 2 years. I am willing to do a clean re-install of Vista or even >> Linux (with help) to run it as a Tor relay, night and day. >> >> B) A MacBook Pro (4gb ram, Intel, Snow Leopard). Again, I am willing to >> wipe it, and do a clean install of the OS and use it for a Tor relay, night >> and day. >> >> C) My personal laptop an Asus G74S (12gb ram, i7 quad core 2.2ghz, Win7 >> Home Premium 64bit), which I "sleep" most nights. >> >> Modem: DSL from "Telus" (in Victoria, BC, Canada) with 4 ports (I use 1 >> cable port to my personal computer, 1 wireless port for my iPad or Android >> cell phone). >> >> Questions: >> 1) If I run a Tor relay with that modem, are there any security risks to >> the other devices? I am no technical guru. >> >> 2) If I run a Tor relay on either (or both the Vista PC and MacBook) of >> the computers mentioned above, will it be mostly a "set it and forget it" >> maintenance? I cannot devote much time (and definitely don't have much >> expertise). >> >> 3) Will I compromise the anonimity of Tor users due to my lack of >> technical skills while running a Tor relay? I don't want to do more damage >> than good. >> >> 4) Can I throttle down the bandwidth on my Tor relay(s) when I need it >> for my own personal machine? I don't want to disrupt the Tor net. >> >> 5) Can you suggest the best way to use my machine(s) to make a reliable, >> maintenance free and secure Tor relay, requiring the least amount of time? >> I am guessing it's the MacBook cabled to the DSL, running only Tor relay >> software, and running only a normal relay. >> >> 6) At this point is it worth my while, to attempt a Tor bridge or exit >> relay or am I even capable of doing it properly? I have little experience >> or expertise in networking and not much time. >> >> Thanks for spending your valuable time reading my questions. I hope to >> make it pay off, in a long term Tor relay. >> >> Rob Smith >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Irony and inconsistency
Same thing here. I had a server from day one with them and was told "Sorry you've been with us from the start. But after careful consideration, Crissic Solutions LLC has decided to ban the usage of TOR on the Crissic network." On Sun, Jan 12, 2014 at 11:29 AM, Steve Snyder wrote: > On 01/03/2014 05:46 PM, I wrote: > >> In this morning's messages - >> >> One about three relays paid for a year in advance. >> >> “Something Solutions LLC has decided to ban the usage of TOR.“ despite >> “We DO Allow Tor Relays" being in their current AUP. >> > [snip] > > I see no need to be so solicitous of the vendor's reputation. It is > Crissic Solutions ( http://crissic.net/ ) that has changed its policy. > > When I asked the reason for the policy change I was told "Few different > reasons, primarily network related." My take is that they didn't like > their users actually using all the bandwidth that they paid for. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Building on a Udoo Dual
Thanks for the reply Andy. I'll try changing the sources.list first. If that doesn't work I found the armel sources, so I can just compile them. Richard On Sat, Nov 16, 2013 at 8:51 PM, Andy Isaacson wrote: > On Sat, Nov 16, 2013 at 12:09:50PM -0500, Richard Budd wrote: > > Does anyone know if the Tor Project has sources for top that can be > > compiled on a Udoo Dual? > > It's running Ubuntu 11.10 (oneiric) on a ARMv7 processor. > > I've tried following the instructions on > > https://www.torproject.org/docs/debian, but I get an Err > > http://deb.torproject.org/torproject.org/ experimental-oneiric/main tor > > 0.2.4.17-rc-1~oneiric+1 (dsc) > > 404 Not Found [IP: 38.229.72.14 80]error when trying to run the > > "sudo apt-get source tor" command. > > The repo contains .dsc files for lucid, precise, quantal and raring. > The precise dsc should be fairly close to what's necessary for oneiric, > so if you change your sources.list entry for deb.torproject.org from > oneiric to precise and re-run "sudo apt-get update" I suspect the > "apt-get source" will succeed. > > BTW, since apt-get-source is just downloading files and verifying > checksums, you don't need to run it under sudo as long as you run it in > a directory where your regular user account has write permissions. > > Are you sure that you need to compile? From a quick survey it appears > that the armel debs might work just fine on the Udoo. > > -andy > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Building on a Udoo Dual
Does anyone know if the Tor Project has sources for top that can be compiled on a Udoo Dual? It's running Ubuntu 11.10 (oneiric) on a ARMv7 processor. I've tried following the instructions on https://www.torproject.org/docs/debian, but I get an Err http://deb.torproject.org/torproject.org/ experimental-oneiric/main tor 0.2.4.17-rc-1~oneiric+1 (dsc) 404 Not Found [IP: 38.229.72.14 80]error when trying to run the "sudo apt-get source tor" command. I had no problem compiling on a Raspberry Pi, but of course this is a different animal. Thanks, Richard ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] huge increase in relay traffic
I've been following your Pi thread, and up until yesterday I've haven't seen any problems at all on mine. Of course it's only running 2 meg bandwidth total. So I thought that might be the difference. Then last night my router (Asus Asus RT-N66U running Shibby Tomato) became very sluggish. Log showed pages of"Tomato user.warn kernel: nf_conntrack: table full, dropping packet" So I increased Max Connections and Hash Table sizes by about 50% and that has seemed to relieve the router problems. Top shows Tor using 60 to 80% CPU. But it's not doing anything else so I'll let it run till it gives up. (it's been running for over 70 days) On Sat, Aug 31, 2013 at 2:20 PM, Gordon Morehouse wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Richard Budd: > > I'm seeing the same on all 5 of my non-exit nodes, they are spread > > around the US and EU. It seems that they all are running at close > > to max bandwith for the last several days also. > > My guess is whoever is running the DDOS[1] figured out that they can > most cheaply disrupt the Tor network by creating bogus circuits (and > eventually causing relays to run out of RAM and/or CPU) rather than > sending reams of bogus data through. > > Whether that's true or not, my experiments with Raspberry Pi relays > provide sort of a 'canary in the coal mine' - enough circuits and tor > *will* consume all available RAM and be killed, as happened finally to > me sometime in the wee hours here. > > [1] I presume it's a DDOS because a) come on; b) look at the graph of > clients connecting from Vietnam. ~0 to ~5000 in a week or two? > Yeah right. > > Best, > - -Gordon M. > > > -BEGIN PGP SIGNATURE- > > iQEcBAEBCgAGBQJSIjPeAAoJED/jpRoe7/ujuUsIAKRCXz51z+/5MRywfYA48ySi > 4325YqSdjzl8mhDKmpOOohhUTMTkCPJvDsD4BC8JyoaEk4cDDdsKMOwPUx2szvAr > Vhkh7rwMqYuDR/nkH+E2w9CVPFgo8BeVbuRSuewX/vvVE4nAS1m4ULB3ffA3EYko > dC9kFN9vf1uFb8lMGu6rVAULm6f8kzWYMGZ0uaWat6qQ4x45kWLxt8Y3caHESk3U > 2tpLLAOLT7nhqGC1ALNOEm3gmox1xRFQM1vaYUdpIGb4hhkRKtHEXj+J00Mp0sPH > f4QQhPv+nUbEKamJD45MItU34Iv6zjTJVx9TP5ZkZ1qpa835YsknXaSXpjUe0Yg= > =UjmG > -END PGP SIGNATURE- > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] huge increase in relay traffic
I'm seeing the same on all 5 of my non-exit nodes, they are spread around
the US and EU.
It seems that they all are running at close to max bandwith for the last
several days also.
On Sat, Aug 31, 2013 at 1:14 PM, Jeroen Massar wrote:
> On 2013-08-30 20:39, Yoriz wrote:
> [..]
>
> > Aug 29 23:19:59.000 [warn] Received http status code 504 ("Gateway
> > Time-out") from server '154.x.x.x:80' while fetching
> > "/tor/server/d/54BDF368367470FCBF015...067.z". I'll try again soon.
> > Aug 30 00:14:52.000 [warn] http status 504 ("Gateway Time-out") reason
> > unexpected while uploading descriptor to server '154.x.x.x:80').
>
> That likely is the following ticket:
>
> https://trac.torproject.org/projects/tor/ticket/8458
>
> Greets,
> Jeroen
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Attacker IP database
If you are just talking about regular server hacking attempts, and you are using debian, tben try demyhosts and have it query the demyhosts server every hour or so. It will download a list of known attacking ips On Aug 2, 2013 3:41 PM, "Bryan Carey" wrote: > Is there any kind of compiled list of IPs that relay operators can refer > to that are known bad IPs (sources of brute force SSH attempts, etc.)? Is > there a reason to NOT block (drop) traffic from these IPs? > > Here are some that I have seen recently trying to brute force common user > accounts and root password attempts: > 198.50.197.98 > 220.161.148.178 > 223.4.217.47 > 199.187.125.250 > 175.99.95.252 > 62.64.83.38 > 125.209.110.234 > 37.235.53.172 > > Also, in general what are some good security practices to keep in mind > while running a Tor relay? > > Thanks, > Bryan > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay or Obfuscated Bridge?
I have several Tor relays running on VPS providers around the world (the 7 bucks a month kind). Most have around 5 to 6 meg a second bandwidth available. Would it be more useful for the Tor system to change a few of them over to obfuscated bridges? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running Obfsproxy on a Raspberry Pi
Saw your P.S. as I finished my reply. I've got 2gig of swap on the SD card, so even if it's slow memory maybe that helps my system. Richard On Sat, Jun 1, 2013 at 5:08 PM, Richard Budd wrote: > I've had no problems with the stock raspbian. However I've only got 720kb > going thru it as a Obs. bridge. I'm constrained by the cable upload limits > more than anything else. > As far as running it on family members connections, I would likely have it > set even lower, and I could just SSH into it to keep it up. > If you ever get a good set of optimizations please let us know. I think > anything we can do to make the Pi something close to a "Plug and Play" set > up would help to get it adopted by the average user. > > > > On Sat, Jun 1, 2013 at 4:56 PM, wrote: > >> ** >> On Sat, Jun 1, 2013, at 12:43 PM, Richard Budd wrote: >> >> Don't know how common this is but I've had a Pi running for 35 days 6 >> hours (so far). With over 80GB transferred on my half assed comcast cable >> connection. >> Not bad for $25 a credit card sized board sitting in a cardboard box in >> my broom closet. >> I think I'm going to give one to everyone of my family members >> preloaded with Tor. Plug it into their cable router and let it run. >> That would be another 4 bridges added to the total. If we could get >> another 100 people to do this it it might be a good way to add capacity >> with very little cost or power use. >> >> >> Be warned, I've found that if you run a Pi as a relay and give it enough >> bandwidth, bursts of circuit creation can cause it to crash or freeze. >> This was dedicating about 1Mbps to it. As a bridge it'd likely be just >> fine, and this was something I considered as well. If your relatives can't >> service it though you might consider rigging something that would >> powercycle it once a day in case it locks up. I use electromechanical >> timers with 15-min increments for this purpose with an ancient laser >> printer and dodgy (but free) WAP. >> >> I've found a number of optimizations to config files (mainly in kernel >> networking settings) that vastly reduce the number of lockups on a Pi >> that's relaying 1Mbps, but so far haven't eliminated them, they're mostly >> caused by huge bursts of circuit creation. Unfortunately I've had no time >> to work on this in recent weeks and am just about to travel for a week, but >> I was considering trying to write some kind of iptables "clamping" script, >> or otherwise figure out the right combination of .torrc and iptables limits >> to keep the Pi from crashing when this kind of network activity occurs. >> >> I see these circuit creation storms on my much bigger relays, too, but >> since they're running on much bigger machines, they've never caused a >> crash. The Pi is quite a bit more limited. Nobody on the list has made a >> stab at explaining this behavior yet. >> >> >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running Obfsproxy on a Raspberry Pi
I've had no problems with the stock raspbian. However I've only got 720kb going thru it as a Obs. bridge. I'm constrained by the cable upload limits more than anything else. As far as running it on family members connections, I would likely have it set even lower, and I could just SSH into it to keep it up. If you ever get a good set of optimizations please let us know. I think anything we can do to make the Pi something close to a "Plug and Play" set up would help to get it adopted by the average user. On Sat, Jun 1, 2013 at 4:56 PM, wrote: > ** > On Sat, Jun 1, 2013, at 12:43 PM, Richard Budd wrote: > > Don't know how common this is but I've had a Pi running for 35 days 6 > hours (so far). With over 80GB transferred on my half assed comcast cable > connection. > Not bad for $25 a credit card sized board sitting in a cardboard box in my > broom closet. > I think I'm going to give one to everyone of my family members preloaded > with Tor. Plug it into their cable router and let it run. > That would be another 4 bridges added to the total. If we could get > another 100 people to do this it it might be a good way to add capacity > with very little cost or power use. > > > Be warned, I've found that if you run a Pi as a relay and give it enough > bandwidth, bursts of circuit creation can cause it to crash or freeze. > This was dedicating about 1Mbps to it. As a bridge it'd likely be just > fine, and this was something I considered as well. If your relatives can't > service it though you might consider rigging something that would > powercycle it once a day in case it locks up. I use electromechanical > timers with 15-min increments for this purpose with an ancient laser > printer and dodgy (but free) WAP. > > I've found a number of optimizations to config files (mainly in kernel > networking settings) that vastly reduce the number of lockups on a Pi > that's relaying 1Mbps, but so far haven't eliminated them, they're mostly > caused by huge bursts of circuit creation. Unfortunately I've had no time > to work on this in recent weeks and am just about to travel for a week, but > I was considering trying to write some kind of iptables "clamping" script, > or otherwise figure out the right combination of .torrc and iptables limits > to keep the Pi from crashing when this kind of network activity occurs. > > I see these circuit creation storms on my much bigger relays, too, but > since they're running on much bigger machines, they've never caused a > crash. The Pi is quite a bit more limited. Nobody on the list has made a > stab at explaining this behavior yet. > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Running Obfsproxy on a Raspberry Pi
Don't know how common this is but I've had a Pi running for 35 days 6 hours (so far). With over 80GB transferred on my half assed comcast cable connection. Not bad for $25 a credit card sized board sitting in a cardboard box in my broom closet. I think I'm going to give one to everyone of my family members preloaded with Tor. Plug it into their cable router and let it run. That would be another 4 bridges added to the total. If we could get another 100 people to do this it it might be a good way to add capacity with very little cost or power use. BTW, I have nothing to do with the Pi foundation, I just like playing around with them. Richard ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is TOR using more than just OrPort and DirPort?
Tor will use many unblocked ports for outbound traffic I'm guessing. I think that dd-wrt will open any port that Tor requests if you use port triggering. On Sun, May 12, 2013 at 4:45 PM, Daniel Wu wrote: > I just started a relay (non-exit node, not running a client myself), on > Windows, using the latest Vidalia Relay Bundle. Looks like from the > configuration, given that I'm running in relay mode, there should be only > two ports used by Tor (OrPort and DirPort), right? However, when I run > "netstat -ano", I see that the Tor process is using up a lot more ports. > > There are these connections, from 127.0.0.1 back to itself. Some sort of > internal process used by Tor? Not as concerned about these, since these > are internal. But still curious. > > TCP 127.0.0.1:63417 127.0.0.1:63418 ESTABLISHED > TCP 127.0.0.1:63418 127.0.0.1:63417 ESTABLISHED > TCP 127.0.0.1:63419 127.0.0.1:63420 ESTABLISHED > > But then I see connections like these: > TCP 192.168.1.202:55049 174.136.105.86:9001 ESTABLISHED > TCP 192.168.1.202:56804 37.128.208.46:9002 ESTABLISHED > TCP 192.168.1.202:56896 171.25.193.9:80 ESTABLISHED > TCP 192.168.1.202:57113 109.232.224.74:9001 ESTABLISHED > TCP 192.168.1.202:57206 91.227.249.44:9001 ESTABLISHED > TCP 192.168.1.202:57221 67.164.46.197:9001 ESTABLISHED > TCP 192.168.1.202:57253 128.31.0.34:9101 ESTABLISHED > TCP 192.168.1.202:57259 204.124.83.132:587 ESTABLISHED > TCP 192.168.1.202:57260 128.232.18.57:9001 ESTABLISHED > TCP 192.168.1.202:57309 204.124.83.131:443 ESTABLISHED > TCP 192.168.1.202:57331 81.24.98.236:9001 ESTABLISHED > > These appear to be the actual Tor relay traffic (192.168.1.202 is my > computer). Why are these using ports in the 55000+ range, when I specified > my OrPort to be a singular value (in my case, 9031)? I would like to know > the port ranges used by Tor for relay traffic, so I can use my dd-wrt to > set the QoS by specifying these Tor port ranges. > > Thanks, > > DW > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
