Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Hi What was OVH reaction to this? Has your account been banned from using their services etc? Utterly pathetic move by the French company - its their own fault On 20 May 2017, at 16:20, aeris wrote: >> Could you please share some more information about the incident? > > From what I know and what I can speak about : > > A big and sensible French company was infected with Wannacry this 12/05. > After infection Wannacry starts a Tor client to join it C&C behind a .onion > address. And so connect to guard nodes (possibly bridges, directory > authorities and fallback directories can be affected too, or any Tor nodes > which can be joined directly by standard Tor client). > Sys admin of the infected company just flag all unknown *OUTGOING* traffic as > evil and report corresponding IP to cops. Which seized servers of big french > providers (OVH & Online at this time) on this list the 13 and 14/05. > > Regards, > -- > Aeris > Individual crypto-terrorist group self-radicalized on the digital Internet > https://imirhil.fr/ > > Protect your privacy, encrypt your communications > GPG : EFB74277 ECE4E222 > OTR : 5769616D 2D3DAC72 > https://café-vie-privée.fr/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Fast relay dropped from use by Tor
Hi This relay processed 7TB in April for Tor and processed 12 gb yesterday but today is hardly processing any data at all? Its barely doing 1000 b/sec? Its flagged as'fast, guard' etc so why is it not being used? I also checked on Atlas and this relay is not even listed anymore? Finger: B39AD54B73A70DA68F6FC26CD0A874DE762B7825 Is this BW auth issue? Oh and I checked the available bandwidth its 100mb/s up and down Snap ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] snaptor relays: MyFamily update required
Just changed it - should be good > On 5 Apr 2017, at 15:43, nusenu wrote: > > Hi, > > please update your MyFamily: > > ++--++---+---+ > | first_seen | exit | IP | nickname | FamilyMembers | > ++--++---+---+ > | 2016-11-12 |0 | 144.217.90.138 | SnapTorCAN| 4 | > | 2016-11-26 |0 | 193.70.90.199 | SnapTorSTRAS | 4 | > | 2017-03-12 |1 | 198.50.200.137 | SnapTorExitUS | 4 | > | 2017-03-12 |0 | 144.217.94.215 | SnapTorUSA| 1 | > | 2017-03-12 |0 | 213.32.66.192 | SnapTorFR | 4 | > ++--++---+---+ > > > > thanks, > nusenu > -- > https://mastodon.social/@nusenu > https://twitter.com/nusenu_ > > > Sec INT: >> Hi >> >> Will do today >> >> Cheers >> Mark B >> Snaptor.co.uk (non commercial) >> >> >>> On 19 Dec 2016, at 09:19, nusenu wrote: >>> >>> Hi snaptorg, >>> >>> thanks for adding new relays, please do not forget to update your MyFamily. >>> >>> +-+-+---+--+ >>> | first_seen | IP | MyFamilyCount | exit | >>> +-+-+---+--+ >>> | 2016-11-12 00:00:00 | 213.32.66.192 |9. |0 | >>> | 2016-11-26 23:00:00 | 193.70.90.199 |9. |0 | >>> | 2016-11-26 23:00:00 | 128.199.108.14 |9. |0 | >>> | 2016-11-27 00:00:00 | 139.59.46.211 |9. |0 | >>> | 2016-11-28 11:00:00 | 94.156.77.41|8. |1 | >>> | 2016-11-28 14:00:00 | 142.4.206.241 |9. |1 | >>> | 2016-11-29 00:00:00 | 185.103.110.210 |9. |1 | >>> | 2016-12-03 23:00:00 | 144.217.90.138 |9. |0 | >>> | 2016-12-16 15:00:00 | 176.123.26.27 |8. |1 | >>> | 2016-12-16 23:00:00 | 193.70.22.86| NULL |0 | >>> +-+-+---+--+ >>> >>> >>> https://raw.githubusercontent.com/ornetstats/stats/master/o/potentially_dangerous_relaygroups.txt >>> >>> regards, >>> nusenu >>> -- >>> https://github.com/nusenu/ansible-relayor >>> >>> >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Aggressive abuse report
If its an exit just use the reduced reduced exit policy - I dont get any abuse complaints apart from those heroes at webiron Cheers Mark B Snaptor.co.uk (non commercial) > On 14 Mar 2017, at 14:36, Juuso Lapinlampi wrote: > >> On Tue, Mar 14, 2017 at 02:17:14PM +0100, Moritz Bartl wrote: >> about it" might not be the best argument here either: I suggest you >> block the destination IP address(es) for some weeks via ExitPolicy, let > > My concern with this is the liability on operator. In Finland (and > Europe?), the limited liability provisions have three criteria for > service/network providers (Tietoyhteiskuntakaari 7.11.2014/917, 182 § > Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa): > > 1. You're not the one initiating the network transfer; > 2. You're not selecting the recipient; and > 3. You don't select or modify the data to be transferred. > > I believe FICORA has advised blocking ports as necessary for security > reasons (e.g. port 25) is fine, but when it's being extended to > IP-address and/or port combinations, that's where it starts becoming > gray (in regards to #2). > > So far, replying to every abuse complaint and giving advice how to block > Tor using DNSBL or similar has worked for me. I can see it's probably > not what original poster's ISP would like to hear to have the issue > resolved, but it's less ambiguous on law and limited liability. Thus, I > suggested looking into other more friendly ISPs. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Replacing secret key on exit
Hi Ive been away and some of my exits dropped - I have bought a number of vps to restart my exits - is there a way that I can resurrect the previous exit that was running? I have saved the keys of the previous exit so do I just copy these over to the new exit to continue where I left off or is this not possible? Cheers Mark B Snaptor.co.uk (non commercial) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Uptime missing from Arm
Missed the important bit - its the same for ubuntu 16 and 14 - no uptime and other stats out Cheers Mark B Snaptor.co.uk (non commercial) > On 9 Jan 2017, at 11:15, Sec INT wrote: > > I just use webmin and cluster all relays - it has uptime monitors and various > alerts you can set - the cluster cron job is useful for regular updating and > clearing house plus executing one off commands on all servers e.g. Updating > myfamily row > > Vnstat for stats and graphs although cactus is a good tool also > > Easier than Zabbix... > > Cheers > Mark B > Snaptor.co.uk (non commercial) > > >> On 9 Jan 2017, at 10:08, mistral.re...@posteo.net wrote: >> >> Just to confirm - I see the same issue (Debian). So arm is only partially >> useful (not being really reliable) but I think it's not maintained anymore >> (?). I was looking into theonionbox for status reporting but that one also >> needs further development before becoming a reliable tool for monitoring... >> >> >> >> Am 09.01.2017 10:27 schrieb Norman Rieß: >>> Same on plain old Debian. >>> Norman >>>>> Am 08.01.2017 um 21:34 schrieb Alan: >>>>> Yes I have this exact problem aswell >>>>> I have a similar problem, >>>>> arm does not show uptime and the average bandwidth rate is way to high. >>>>> When I start arm I get a log entry that looks like this: >>>>> "20:37:54 [ARM_NOTICE] Read the last day of bandwidth history from the >>>>> state file (21 minutes is missing)" >>>>> The time varies, sometimes it is even negative. >>>>> The operation system is Fedora 25, with arm 1.4.5.0 >>>>> Greetings, >>>>> Simon Fischer. >>>>>> On Sun, 2017-01-08 at 10:47 -0800, Damian Johnson wrote: >>>>>> Hi Alan, what linux distribution is this with? The only platform I'm >>>>>> aware of having issues with the uptime is OpenBSD. This is because >>>>>> the >>>>>> uptime requires parsing ps output and on that sole platform they show >>>>>> it in 12-hour local time with am/pm indicators, and a format that >>>>>> shifts if over a day (ie. a true parsing pita :P). >>>>>> Cheers! -Damian >>>>>>> On 1/8/17, Alan wrote: >>>>>>> I have 3 relays running but on Arm only one shows the uptime. Also >>>>>>> the >>>>>>> Averages it keeps are way off. >>>>>>> Alan. >>>>>> ___ >>>>>> tor-relays mailing list >>>>>> tor-relays@lists.torproject.org >>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ >>>>> tor-relays mailing list >>>>> tor-relays@lists.torproject.org >>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> ___ >>>> tor-relays mailing list >>>> tor-relays@lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Uptime missing from Arm
I just use webmin and cluster all relays - it has uptime monitors and various alerts you can set - the cluster cron job is useful for regular updating and clearing house plus executing one off commands on all servers e.g. Updating myfamily row Vnstat for stats and graphs although cactus is a good tool also Easier than Zabbix... Cheers Mark B Snaptor.co.uk (non commercial) > On 9 Jan 2017, at 10:08, mistral.re...@posteo.net wrote: > > Just to confirm - I see the same issue (Debian). So arm is only partially > useful (not being really reliable) but I think it's not maintained anymore > (?). I was looking into theonionbox for status reporting but that one also > needs further development before becoming a reliable tool for monitoring... > > > > Am 09.01.2017 10:27 schrieb Norman Rieß: >> Same on plain old Debian. >> Norman >>> Am 08.01.2017 um 21:34 schrieb Alan: >>> Yes I have this exact problem aswell I have a similar problem, arm does not show uptime and the average bandwidth rate is way to high. When I start arm I get a log entry that looks like this: "20:37:54 [ARM_NOTICE] Read the last day of bandwidth history from the state file (21 minutes is missing)" The time varies, sometimes it is even negative. The operation system is Fedora 25, with arm 1.4.5.0 Greetings, Simon Fischer. > On Sun, 2017-01-08 at 10:47 -0800, Damian Johnson wrote: > Hi Alan, what linux distribution is this with? The only platform I'm > aware of having issues with the uptime is OpenBSD. This is because > the > uptime requires parsing ps output and on that sole platform they show > it in 12-hour local time with am/pm indicators, and a format that > shifts if over a day (ie. a true parsing pita :P). > Cheers! -Damian >> On 1/8/17, Alan wrote: >> I have 3 relays running but on Arm only one shows the uptime. Also >> the >> Averages it keeps are way off. >> Alan. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running a relay with low transfer limits
I had a limit on one exit of 1000 gb per month - Ive set the speed as 5mbps which works for that limit (only measured on tx) so divide by 10 and youre looking at 0.5mbps on your torrc file setting - you can also set accountingmax so you dontgo over this. Also if its a new relay then the bandwidth will not get fully used for a couple of weeks giving a bit of leeway. You can also use vnstat via sendmail to ping you when you reach a certain usuage. Cheers Mark B Snaptor.co.uk (non commercial) > On 4 Jan 2017, at 20:21, Random Mirror / Tor Node Operator > wrote: > > RelayBandwidthRate 400 KBytes > BandwidthRate 400 KBytes > > there are running other services too. > > > > > Random Mirror / Tor Node Operator >> Am 04.01.2017 um 21:18 schrieb ike: >> I apreciate I'm not going to keep a relay running 24 hours on this server >> but I'd like to know if there was a guide >> for balancing uptime vs bandwidth or if this is even something tor itself >> would handle. >> >> If tor used all the available bandwidth I'd hit my target in just 100 >> seconds uptime every 24 hours. >> >> On Wed, Jan 04, 2017 at 09:00:53PM +0100, Random Mirror / Tor Node Operator >> wrote: >>> there is no speed limit? I am the opinion that I have read something about >>> 250 kb / s! >>> >>> >>> >>> Random Mirror / Tor Node Operator >>> >>> Am 04.01.2017 um 20:55 schrieb Toralf F??rster: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/04/2017 07:54 PM, ike wrote: > say less than 100GB each way per month? $> echo "scale=2.0; 100 * 1024^3 / 31 / 24 / 60 / 60 / 1024" | bc 39.14 So you're asking, if 40 KB/sec would be the better choice ? - -- Toralf PGP: C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iHYEAREIAB4FAlhtU0oXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2 6U7BHAD9Expva3Yg4NCd3tfONN+vD/uAMLZz1arzbNBES9Z1ec8A/jIGI920S7+k UhHpWBW2TXfb9nm5qEqOb+20CtYOy2lz =7wx5 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] High conntrack session count
Its a limit that many vps suppliers set > 3 gets you a warning - I'll set the limit to 29k tonight - its only an issue on shared resources like vps Cheers Mark B Snaptor.co.uk (non commercial) > On 4 Jan 2017, at 13:16, Zack Weinberg wrote: > >> On Wed, Jan 4, 2017 at 8:05 AM, Sec INT wrote: >> >> Just had an issue on a 60mbps exit where conntrack sessions went over the >> usual 3 limit - is this possible for a normal operating exit relay? Is >> there any default limit set on this or indeed is there a setting intorrc to >> control the number of sessions? > > Yes, it is perfectly normal for an exit to have tens of thousands of > active TCP sessions. > > An exit doesn't get a lot of use out of a firewall. Your only sockets > listening to the public network (netstat -lnt) should be Tor, SSH, and > the "this is an exit" page on port 80. fail2ban-type protection for > the ssh port *may* be worth it, but I don't see what you would need > conntrack for. > > zw > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] High conntrack session count
Hi Just had an issue on a 60mbps exit where conntrack sessions went over the usual 3 limit - is this possible for a normal operating exit relay? Is there any default limit set on this or indeed is there a setting intorrc to control the number of sessions? Cheers Mark B Snaptor.co.uk (non commercial) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] how to generate relay keys manually (before actually running the relay)
Thanks - will do Cheers Mark B Snaptor.co.uk (non commercial) On 3 Jan 2017, at 16:24, nusenu wrote: >>> Tipp: If you are planing to grow beyond your 31 relays I recommend >>> you preemptively generate the keys for your upcoming relays so you >>> don't have to touch all other relays everytime you add a single >>> relay (to the MyFamily line). > > >> How do you pregenerate keys? Id be interested as Im spinning up >> quite a few soon > > create a folder per tor instance: > > mkdir future-relay1 future-relay2 ... > > > then invoke tor manually (this will just generate keys and exit after that): > > tor --PublishServerDescriptor 0 --orport auto --list-fingerprint > --datadirectory future-relay1 --Log "err stdout" > > > tor --PublishServerDescriptor 0 --orport auto --list-fingerprint > --datadirectory future-relay2 --Log "err stdout" > > ... > > In these folders you will then find the fingerprint that you can use in > MyFamily, so you don't have to touch your existing relays anymore once > you actually use these generated keys on new relays. > > Make sure you take care of filesystem permissions when using these keys > on the actual relay. > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] zwieb...@online.de relays: MyFamily update required (new relay added)
Hi How do you pregenerate keys? Id be interested as Im spinning up quite a few soon Cheers Mark B Snaptor.co.uk (non commercial) > On 3 Jan 2017, at 00:43, nusenu wrote: > > Hi zwiebeln, > > thanks for adding your 31. relay nicknamed 'hecker' ! > > Please do not forget to update your MyFamily on all relays. > > Tipp: > If you are planing to grow beyond your 31 relays I recommend you > preemptively generate the keys for your upcoming relays so you don't > have to touch all other relays everytime you add a single relay (to the > MyFamily line). > > > ++--+-++ > | first_seen | nickname | IP | eMyFamilyCount | > ++--+-++ > | 2016-04-11 | chisinau2onion | 178.17.170.179 |30. | > | 2016-05-14 | rigaonion| 195.123.209.184 |30. | > | 2016-07-03 | chisinau2onion2 | 178.17.170.179 |30. | > | 2016-08-28 | budweisonion4| 37.157.193.161 |30. | > | 2016-09-10 | budweisonionb4 | 37.157.193.161 |30. | > | 2016-09-16 | budweisonion5| 89.221.209.100 |30. | > | 2016-09-18 | budweisonion | 37.157.196.97 |30. | > | 2016-09-27 | budweisonionb| 37.157.196.97 |30. | > | 2016-09-27 | budweisonion5b | 89.221.209.100 |30. | > | 2016-11-12 | montrealonion| 144.217.60.211 |30. | > | 2016-11-12 | strasbourgonion | 213.32.55.239 |30. | > | 2016-11-14 | alsaceonion | 149.202.238.204 |30. | > | 2016-11-15 | milanoonion | 158.58.170.150 |30. | > | 2016-11-15 | quebeconion | 144.217.60.239 |30. | > | 2016-11-28 | goetheb | 178.17.170.212 |30. | > | 2016-11-28 | schiller | 178.17.170.27 |30. | > | 2016-11-28 | goethe | 178.17.170.212 |30. | > | 2016-11-28 | schillerb| 178.17.170.27 |30. | > | 2016-12-05 | heine| 51.15.53.83 |30. | > | 2016-12-05 | bsdonion | 46.182.18.214 |30. | > | 2016-12-05 | thueronionb | 46.182.18.29|30. | > | 2016-12-05 | thueronion | 46.182.18.29|30. | > | 2016-12-05 | heineb | 51.15.53.83 |30. | > | 2016-12-16 | budapestonion| 88.151.99.224 |30. | > | 2016-12-18 | milanoonionb | 158.58.170.150 |30. | > | 2016-12-18 | humboldt | 185.14.29.129 |30. | > | 2016-12-18 | quebeconionb | 144.217.60.239 |30. | > | 2016-12-18 | strasbourgonionb | 213.32.55.239 |30. | > | 2016-12-18 | montrealonionb | 144.217.60.211 |30. | > | 2016-12-18 | alsaceonionb | 149.202.238.204 |30. | > | 2017-01-02 | hecker | 46.182.19.219 | NULL | > ++--+-++ > 31 rows > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Container tor relay
Had a search but cant find much info on running tor relays in containers specifically by proxmox lxc containers - I have a free server atm but dont really want to spinup a load of vms when I could do containers instead - its a load test for me but would mean quite a few relays running with gbps network card (all their own ip's) Anyone tried this yet? Cheers Mark B Snaptor.co.uk (non commercial) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] The Onion Box v3.2: Web Interface for your Tor relay
Sounds good - I didnt know about this before so I'll have a look tonight Cheers Mark B Snaptor.co.uk (non commercial) > On 3 Jan 2017, at 13:26, theonion...@gmx.com wrote: > > Hello friends! > > First of all I'd like to send you my greetings for 2017 wishing you and the > whole Tor community all the best and great success on the journey to support > the freedom of the internet. > > There is a RC for v3.2 of The Onion Box available at GitHub. The changes > happened mostly in the background as preparation for the Box to monitor local > as well as remote relays. The first result of this endeavor is the new > section Family Performance that displays Onionoo network (bandwidth) data for > all relays within the family of the local relay. > > Therefore I would like to ask especially those of you who run a number of > relays to give this version a try. I would be very happy to receive some > feedback (good or bad) or even some feature requests if you're interested in > a dedicated functionality. > > The new release partially answers this request of nusenu. > > Thank's for using The Onion Box! > Have fun! > > Best regards, > > Ralph > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] snaptor relays: MyFamily update required
Np - it was an issue with my update script ;-) Cheers Mark B Snaptor.co.uk (non commercial) > On 22 Dec 2016, at 23:03, nusenu wrote: > > thanks for fixing it! > > +---+---+ > | nickname | MyFamilyCount | > +---+---+ > | SnapExitBULG | 10. | > | SnapExitMOLD | 10. | > | SnapExitUS| 10. | > | SnapTorBANG | 10. | > | SnapTorCAN| 10. | > | SnapTorFr | 10. | > | SnapTorRelay1 | 10. | > | SnapTorSNPR | 10. | > | SnapTorSTRAS | 10. | > +---+---+ > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reset torrc file
Hi Im using webmin but have done for a number of upgrades and this hasnt happened before but I agree seems more likely to be a package manager issue - just very odd that all torrc were renamed and new default torrc were generated... Cheers Mark B Snaptor.co.uk (non commercial) > On 21 Dec 2016, at 22:13, Ivan Markin wrote: > > Sec INT: >> I upgraded all relays and exits to 0.2.9.8 but the torrc file was >> then renamed on all of them when the daemon restarted automatically - >> this meant the torrc file was then recreated as defaut losing all my >> settings and all relays exits were not working - this hasnt happened >> in all other upgrades to new versions but was pretty inconvenient >> when having to go back and replace all torrc files - is this normal? > > This should not happen, actually*. It solely depends on your package > manager (this is who rewrites your torrc files), so consult its > documentation how to deal with config updates. > Please drop a hint here if you succeeded! > > * This never happened to me on many systems as they have some sort of > config management. > > -- > Ivan Markin > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Reset torrc file
Hi I upgraded all relays and exits to 0.2.9.8 but the torrc file was then renamed on all of them when the daemon restarted automatically - this meant the torrc file was then recreated as defaut losing all my settings and all relays exits were not working - this hasnt happened in all other upgrades to new versions but was pretty inconvenient when having to go back and replace all torrc files - is this normal? Cheers Mark B Snaptor.co.uk (non commercial) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] snaptor relays: MyFamily update required
Hi Will do today Cheers Mark B Snaptor.co.uk (non commercial) > On 19 Dec 2016, at 09:19, nusenu wrote: > > Hi snaptorg, > > thanks for adding new relays, please do not forget to update your MyFamily. > > +-+-+---+--+ > | first_seen | IP | MyFamilyCount | exit | > +-+-+---+--+ > | 2016-11-12 00:00:00 | 213.32.66.192 |9. |0 | > | 2016-11-26 23:00:00 | 193.70.90.199 |9. |0 | > | 2016-11-26 23:00:00 | 128.199.108.14 |9. |0 | > | 2016-11-27 00:00:00 | 139.59.46.211 |9. |0 | > | 2016-11-28 11:00:00 | 94.156.77.41|8. |1 | > | 2016-11-28 14:00:00 | 142.4.206.241 |9. |1 | > | 2016-11-29 00:00:00 | 185.103.110.210 |9. |1 | > | 2016-12-03 23:00:00 | 144.217.90.138 |9. |0 | > | 2016-12-16 15:00:00 | 176.123.26.27 |8. |1 | > | 2016-12-16 23:00:00 | 193.70.22.86| NULL |0 | > +-+-+---+--+ > > > https://raw.githubusercontent.com/ornetstats/stats/master/o/potentially_dangerous_relaygroups.txt > > regards, > nusenu > -- > https://github.com/nusenu/ansible-relayor > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit Node Geographical Location
Good work Chris - not sure if you know yet but what sort of price per month and is it vps or dedicated? Cheers Mark B > On 9 Dec 2016, at 14:17, Michael Armbruster wrote: > >> On 2016-12-09 at 15:09, Chris Adams wrote: >> Okay, >> >> So I've found a ISP in Kenya that says they're happy to host a tor exit >> node. The ping is 270ms from a Canadian ISP, 16 hops. 183ms from >> Germany, 13 hops. >> >> Ultimately, am I making the tor network better or worse, if I were to >> set up some tor nodes here? >> >> - Chris > > Hi Chris, > > If it is affordable, it sounds like a great addition. 183ms ping from > Germany isn't that bad at all. Sometimes I have pings to Canada or USA > at 200ms, depending on the exact route. > > If they are happy to host a Tor exit node, you could add them to the ISP > list in the wiki (though the spam filter has problems right now), or at > least mention them here if you want to :) > > Best, > Michael > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Creanova hosting Finland
Just to update list - the vps came back up after 11 hours downtime - no word at all from Creanova but at least its back up regards Mark B > On 8 Dec 2016, at 10:00, Sec INT wrote: > > Hi Chris - I already tried as did others but we keep getting errors - > sonething to do with the anti spam settings - I'll keep trying though > > regards > > Mark B > > >> On 8 Dec 2016, at 09:55, Chris Adams wrote: >> >> Mark, >> >> Would you be able to update the wiki GoodBadISPs? >> https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs >> >> C >> >>> On Thu, Dec 8, 2016 at 9:52 AM, Sec INT wrote: >>> Hi >>> >>> Please dont use this group if you are planning to - although they >>> apparently support Tor they dont. I was running a reduced reduced exit >>> policy with spamhaus listings and only got 2 complaints from security bots >>> but they suspended the vps both times with no warning - now its offline >>> altogether with no warning or email at all. >>> >>> Not to mention they are rude and over reactedto the most minor abuse >>> reports (no dmca etc due to reduced exit policy) >>> >>> Support person emails like he used to be in the NKVD >>> >>> Cheers >>> >>> Mark B >>> >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> >> >> -- >> Chris Adams >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit Node Geographical Location
Exit nodes with equal bandwidth may well do. Unfortunately that one is now a Guard do throughput will probably go down. US just has alot of people trying to exit there - so its always busy - I find Tor follows the money mostly - high concentration in W.Europe and US but drops sharply anywhere else - - availability of cheap vps and bandwidth - open selling no censored or overwatched registration - decent home bandwidth and internet availability so lots of users - education - alot of people in censored countries are not always aware or bothered (Take the UK - most of my friends not interested in privacy or snooping at all they dont even realise that ISPs block websites en masse) Attacks via Tor are mostly from poorer countries to richer countries Eastern Europe is mostly out connections - US mostly inbound for instance As for diversity people want us to geo diverse but the payoff in terms of usuage is low so its up to you My relay in Canada is practically melting so usuage seems high - although nodal choice should be random it does seem to select based on the relative location of desired exit ( might not be true but seems like it) therefore US ,Canada ,France are really busy but Africa / Eastern Europe / Far East less so Location doesnt matter it depends where you are based - if your server is in Panama but youre in the UK and unless your are operating a company there then you are liable if they ever decide to pursue exit operators ( doubtful but possible) - as regards prosecution they would have to prove intent which under Tor is pretty impossible to do If you are wortied about that relays are the safe bet or do a reduced reduced exit policy which stops most of the 'economic' abuse they are really bothered about regards Mark B > On 8 Dec 2016, at 10:32, Chris Adams wrote: > > Interesting... > > Don't exit nodes with equal bandwidth have equal chance of being utilised on > a circuit? Why is your US exit being utilised more? > > Looking at the map, I thought Canada could do with a few more exits? > > Should geo diversity be related to numbers of internet users in that country? > Ie, Canada, ~1/2 population of UK, so should run approximately 1/2 as many > exits at least? Or am I overthinking this? > > Are there other legal advantages to running an exit node in another country? > Such as choosing a country with which your own country has no extradition > laws? In case something really bad happened. > > Regards, > > C > >> On Thu, Dec 8, 2016 at 10:06 AM, Sec INT wrote: >> Ive got exits in the US, France ,Finland (dead) and Bulgaria but its v >> difficult to find any exit providers in the Far East - I have relays in >> Bangalore and Singapore (which gets hit pretty hard) but if you do find a >> provider out East let us know >> >> P.s Bangalore is under utilised - 60mb/s but has barely used up 1Gb in 2 >> weeks a as oppsed to US exit which is doing 1TB a day now at 60mb/s with a >> 1000 connections most of the time >> >> We are supposed to go for geo diversity but usuage remains low for me in >> more isolated areas e.g Bangalore,Africa >> >> regards >> >> Mark B >> >> >> > On 8 Dec 2016, at 09:53, Chris Adams wrote: >> > >> > Hello, >> > >> > I want to start up another exit node. I have a few choices for which >> > country it's in. I currently live in a country with quite a high exit >> > node/population density. >> > >> > Are there any advantages to distributing nodes around the globe in terms >> > of performance/privacy? >> > >> > Are there some countries where you definitely shouldn't run exit nodes? >> > (Censored internet is an obvious example) >> > >> > C >> > ___ >> > tor-relays mailing list >> > tor-relays@lists.torproject.org >> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > -- > Chris Adams > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit Node Geographical Location
Ive got exits in the US, France ,Finland (dead) and Bulgaria but its v difficult to find any exit providers in the Far East - I have relays in Bangalore and Singapore (which gets hit pretty hard) but if you do find a provider out East let us know P.s Bangalore is under utilised - 60mb/s but has barely used up 1Gb in 2 weeks a as oppsed to US exit which is doing 1TB a day now at 60mb/s with a 1000 connections most of the time We are supposed to go for geo diversity but usuage remains low for me in more isolated areas e.g Bangalore,Africa regards Mark B > On 8 Dec 2016, at 09:53, Chris Adams wrote: > > Hello, > > I want to start up another exit node. I have a few choices for which country > it's in. I currently live in a country with quite a high exit node/population > density. > > Are there any advantages to distributing nodes around the globe in terms of > performance/privacy? > > Are there some countries where you definitely shouldn't run exit nodes? > (Censored internet is an obvious example) > > C > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Creanova hosting Finland
Hi Chris - I already tried as did others but we keep getting errors - sonething to do with the anti spam settings - I'll keep trying though regards Mark B > On 8 Dec 2016, at 09:55, Chris Adams wrote: > > Mark, > > Would you be able to update the wiki GoodBadISPs? > https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs > > C > >> On Thu, Dec 8, 2016 at 9:52 AM, Sec INT wrote: >> Hi >> >> Please dont use this group if you are planning to - although they apparently >> support Tor they dont. I was running a reduced reduced exit policy with >> spamhaus listings and only got 2 complaints from security bots but they >> suspended the vps both times with no warning - now its offline altogether >> with no warning or email at all. >> >> Not to mention they are rude and over reactedto the most minor abuse reports >> (no dmca etc due to reduced exit policy) >> >> Support person emails like he used to be in the NKVD >> >> Cheers >> >> Mark B >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > -- > Chris Adams > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Creanova hosting Finland
Hi Please dont use this group if you are planning to - although they apparently support Tor they dont. I was running a reduced reduced exit policy with spamhaus listings and only got 2 complaints from security bots but they suspended the vps both times with no warning - now its offline altogether with no warning or email at all. Not to mention they are rude and over reactedto the most minor abuse reports (no dmca etc due to reduced exit policy) Support person emails like he used to be in the NKVD Cheers Mark B ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is my exit affected by a botnet?
I get abuse reports like that - my exit is not yet officially recognised as an exit so is curretly seen as the source of the attack - its unlikely your server is infected its just the traffic from your exit - especially as you using port 443 - just send standard abuse template to them if its a problem for the isp U could always install clamav and do a quick check on your server if u think its necessary regards Mark B > On 7 Dec 2016, at 14:09, Volker Mink wrote: > > hey folks. > > i got an abuse-information from my provider, please see details attached. > could this propably be caused by some malware on my tor exit? > > Any ideas on this? > > Best, > volker > > > > > https://unity.abusehq.net/share/gFraliWxA_A-0uCFJvSxAkPRxYn536JoReAkl2MNUuCq3TNWJ8f4uXJVypwWAnVa > > > > > > MAC Address IP > > f07959d25289 109.90.11.123 > > > > Date: > > 06.12.2016 11:16 > > > > Type: > > bot-infection > > > > Reporter: > > secur...@libertyglobal.com > > > > IP address: > > 109.90.11.123 > > > > Incident part: > > - malware family: virut > > - destination ip: 148.81.111.121 > > - destination port: 80 > > - feeder: team cymru > > - description: This host is most likely infected with malware. > > > > Date: > > 05.12.2016 10:00 > > > > Type: > > malware > > > > Reporter: > > repo...@reports.cert-bund.de > > > > IP address: > > 109.90.11.123 > > > > Incident part: > > - malware: urlzone > > - destination ip: 64.71.166.50 > > - destination port: 443 > > - destination hostname: didnadinka.net > > - asn: 6830 > > > > Date: > > 02.12.2016 19:16 > > > > Type: > > bot-infection > > > > Reporter: > > secur...@libertyglobal.com > > > > IP address: > > 109.90.11.123 > > > > Incident part: > > - malware family: zeus > > - destination ip: 87.106.18.112 > > - http request: /config > > - destination port: 80 > > - destination domain name: mabqg.com > > - feeder: shadowserver > > - report type: botnet_drone > > - description: This host is most likely infected with malware. > > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Updating wiki - good bad isps
Same here - i'll submit a ticket Submission rejected as potential spam Content contained these blacklisted patterns: 'http:', '(?i)business' Hopefully they can fix it as I could update quite alot of stuff on there regards Mark B > On 6 Dec 2016, at 10:42, teor wrote: > > >> On 6 Dec. 2016, at 21:40, heartsucker wrote: >> >> If you attempt to edit the wiki, this error shows up: >> >> Submission rejected as potential spam >> >> Content contained these blacklisted patterns: 'http:', >> '(?i)(call|customer|technical).?support' >> >> Since these patters already exist in the wiki, I can't make updates. >> >> -h > > Oh dear. Someone has supercharged the trac spam filter again. > > You can open a ticket on https://trac.torproject.org/projects/tor for both > issues, > Or you can report the changed ISP details here and someone will fix it. > >>> On 12/06/2016 11:33 AM, teor wrote: >>> >>>> On 6 Dec. 2016, at 21:15, Sec INT wrote: >>>> >>>> Hi >>>> >>>> Does anyone know a contact for updating the wiki page for good bad isps - >>>> im using five of them and one is not doing what is advertised - i.e. >>>> Shutting off an exit node each time a spam abuse emailer asks them to >>>> despite there being little evidence to back up their claims >>>> >>>> regards >>>> >>>> Mark B >>> >>> Feel free to make an account and update the wiki yourself. >>> Or you can open a ticket on https://trac.torproject.org/projects/tor >>> Or you can report the details here and someone will fix it. >>> >>> T >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > T > > -- > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmpp: teor at torproject dot org > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Updating wiki - good bad isps
Hi Does anyone know a contact for updating the wiki page for good bad isps - im using five of them and one is not doing what is advertised - i.e. Shutting off an exit node each time a spam abuse emailer asks them to despite there being little evidence to back up their claims regards Mark B ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
No all good just add them as you are tor adds a $ if you dont its not an issue Cheers Mark B > On 4 Dec 2016, at 20:47, Alan wrote: > > Thanks for that, I've made changes to both torrc files. > I've added MyFamily with each others finger print like so: > MyFamily E856ABA2020AA9C483CC2D9B4C878D8D948B0887 > > Then sighup'd both relays through arm. > > Do you know how long it takes Atlas to show the changes? > > Alan > >> Hi Alan, >> >> Family indicates they're all operated by the same person. as you run both >> TheCosmos and MilkyWay, they are in the same family. >> >> Please declare so in the .torrc. >> >> Thanks! >> >> >> On 4 Dec 2016 8:07 PM, "Alan" wrote: >> >> In the UK it depends what ISP your on. Virgin Media gives out static ip's >> as far as i know. BT (what i'm using) is dynamic, the ip changes every >> time the router reboots. It reboots when it detects a fault which is >> normally between 2-4 weeks on average. >> >> These are my relays: >> >> TheCosmos (running on home ip (raspberry pi)) >> https://atlas.torproject.org/#details/38B330302F1FB79ED11A468FC9DEA8 >> 960B842B57 >> >> MilkyWay (running on Digital Ocean) >> https://atlas.torproject.org/#details/E856ABA2020AA9C483CC2D9B4C878D >> 8D948B0887 >> >> Does anyone know what the 'Family Members' does and should my relays have >> this set? >> >>> In Germany, it's quite usual that you have a dynamic IP and unusual that >>> you have static IP. Not just a few relays are located in Germany.Ã >>> It's >>> not just a question of frustration of owners of dynamic IP relay, but >>> also >>> a matter of bandwith waste. If Tor cannot handle dynamic IPs properly a >>> lot of bandwith is not used. And bandwith is something that the Tor >>> network can not get enough of. >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
Good question some of mine are not but then I thought the fingerprint had to be prefixed with a $ sign? I dont see any errors in the log when I use $ or without a $ sign? Looking at Atlas the myfamily fingerprints seem to have a $ in front of them? But in man pages it just says 'fingerprint' with no syntax Anyway Atlas can take awhile to update - hours rather than days > On 4 Dec 2016, at 20:47, Alan wrote: > > Thanks for that, I've made changes to both torrc files. > I've added MyFamily with each others finger print like so: > MyFamily E856ABA2020AA9C483CC2D9B4C878D8D948B0887 > > Then sighup'd both relays through arm. > > Do you know how long it takes Atlas to show the changes? > > Alan > >> Hi Alan, >> >> Family indicates they're all operated by the same person. as you run both >> TheCosmos and MilkyWay, they are in the same family. >> >> Please declare so in the .torrc. >> >> Thanks! >> >> >> On 4 Dec 2016 8:07 PM, "Alan" wrote: >> >> In the UK it depends what ISP your on. Virgin Media gives out static ip's >> as far as i know. BT (what i'm using) is dynamic, the ip changes every >> time the router reboots. It reboots when it detects a fault which is >> normally between 2-4 weeks on average. >> >> These are my relays: >> >> TheCosmos (running on home ip (raspberry pi)) >> https://atlas.torproject.org/#details/38B330302F1FB79ED11A468FC9DEA8 >> 960B842B57 >> >> MilkyWay (running on Digital Ocean) >> https://atlas.torproject.org/#details/E856ABA2020AA9C483CC2D9B4C878D >> 8D948B0887 >> >> Does anyone know what the 'Family Members' does and should my relays have >> this set? >> >>> In Germany, it's quite usual that you have a dynamic IP and unusual that >>> you have static IP. Not just a few relays are located in Germany.Ã >>> It's >>> not just a question of frustration of owners of dynamic IP relay, but >>> also >>> a matter of bandwith waste. If Tor cannot handle dynamic IPs properly a >>> lot of bandwith is not used. And bandwith is something that the Tor >>> network can not get enough of. >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Dir port not showing
Ahh ok thanks Roger - I do have accounting max set Cheers Mark B > On 4 Dec 2016, at 20:22, Roger Dingledine wrote: > >> On Sun, Dec 04, 2016 at 06:06:40PM +0000, Sec INT wrote: >> On all my relays and Exits I set Dirport as 80 but when I look at Atlas or >> https://torstatus.blutmagie.de all of them bar one are showing 'none' as >> Dirport > > Most likely your relay opted not to advertise its DirPort, for > example because you have AccountingMax set. > > Look for a "notice" level log line on startup that says something like > "Not advertising DirPort (Reason: ...)" > > If so, this is fine and normal -- your relay is saving its bandwidth > for the more important uses. > > --Roger > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
Hi Alan If you have more than one relay you add the fingerprint of any other relay you run to your torrc file - if say I ran 10 relays and exits there may be a chance that you would route through just my servers thus you would not be anonymous as I could follow you through from entry to exit. In short if you have more than one relay or exit add the fingerprint of the other relays exits to your torrc file Cheers Snap > On 4 Dec 2016, at 19:58, Alan wrote: > > In the UK it depends what ISP your on. Virgin Media gives out static ip's > as far as i know. BT (what i'm using) is dynamic, the ip changes every > time the router reboots. It reboots when it detects a fault which is > normally between 2-4 weeks on average. > > These are my relays: > > TheCosmos (running on home ip (raspberry pi)) > https://atlas.torproject.org/#details/38B330302F1FB79ED11A468FC9DEA8960B842B57 > > MilkyWay (running on Digital Ocean) > https://atlas.torproject.org/#details/E856ABA2020AA9C483CC2D9B4C878D8D948B0887 > > Does anyone know what the 'Family Members' does and should my relays have > this set? > >> In Germany, it's quite usual that you have a dynamic IP and unusual that >> you have static IP. Not just a few relays are located in Germany. It's >> not just a question of frustration of owners of dynamic IP relay, but also >> a matter of bandwith waste. If Tor cannot handle dynamic IPs properly a >> lot of bandwith is not used. And bandwith is something that the Tor >> network can not get enough of. >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Dir port not showing
Hi On all my relays and Exits I set Dirport as 80 but when I look at Atlas or https://torstatus.blutmagie.de all of them bar one are showing 'none' as Dirport - also the one that does show Dirport 80 also has the V2Dir flag - does this have something to fo with it? If I look at the connections on arm I can see port 80 being used by a number of relays and exits but why is this showing none and have I got a setting wrong somewhere? Cheers Snap ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Assigning new IP adrees to current relay
Hi Not sure if my reply worked yesterday so thanks for this - adding 'port' worked and Ive now got two fully working exits ;-) thanks for the help Cheers Mark > On 29 Nov 2016, at 10:32, Peter Palfrader wrote: > >> On Tue, 29 Nov 2016, Sec INT wrote: >>> On Tue, Nov 29, 2016 at 10:14 AM, Peter Palfrader >>> wrote: >>>> On Tue, 29 Nov 2016, Sec INT wrote: >>>> Nov 29 09:52:55.000 [warn] Failed to parse/validate config: Unknown option >>>> 'DirFrontPage'. Failing. >>> What is DirFrontPage supposed to be? The manpage only mentions a >>> DirPortFrontPage. > >> Its on a number of setup guides for an exit relay whereby if someone looks >> up your ip and port 80 they will see this webpage - its designed to reduce >> DMCA notices and accusations against someone running an exit - I've >> attached the actual page >> >> https://blog.torproject.org/running-exit-node >> https://tor-relay.co/ >> >> Perhaps this option no longer exists as I use the most up to date versions >> of tor (0.2.8.9) at the moment - I run on ports 443 and 80 > > Please read what I wrote, and read your error message. > > -- >| .''`. ** Debian ** > Peter Palfrader | : :' : The universal > https://www.palfrader.org/ | `. `' Operating System >| `-https://www.debian.org/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Assigning new IP adrees to current relay
Got it - sorry was distracted by Nagios install ;-) all working - I've added a comment to the site I was using cheers Mark On Tue, Nov 29, 2016 at 10:32 AM, Peter Palfrader wrote: > On Tue, 29 Nov 2016, Sec INT wrote: > > On Tue, Nov 29, 2016 at 10:14 AM, Peter Palfrader > wrote: > > > On Tue, 29 Nov 2016, Sec INT wrote: > > > > Nov 29 09:52:55.000 [warn] Failed to parse/validate config: Unknown > option 'DirFrontPage'. Failing. > > > What is DirFrontPage supposed to be? The manpage only mentions a > > > DirPortFrontPage. > > > Its on a number of setup guides for an exit relay whereby if someone > looks > > up your ip and port 80 they will see this webpage - its designed to > reduce > > DMCA notices and accusations against someone running an exit - I've > > attached the actual page > > > > https://blog.torproject.org/running-exit-node > > https://tor-relay.co/ > > > > Perhaps this option no longer exists as I use the most up to date > versions > > of tor (0.2.8.9) at the moment - I run on ports 443 and 80 > > Please read what I wrote, and read your error message. > > -- > | .''`. ** Debian ** > Peter Palfrader | : :' : The universal > https://www.palfrader.org/ | `. `' Operating System > | `-https://www.debian.org/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Assigning new IP adrees to current relay
Hi Its on a number of setup guides for an exit relay whereby if someone looks up your ip and port 80 they will see this webpage - its designed to reduce DMCA notices and accusations against someone running an exit - I've attached the actual page https://blog.torproject.org/running-exit-node https://tor-relay.co/ Perhaps this option no longer exists as I use the most up to date versions of tor (0.2.8.9) at the moment - I run on ports 443 and 80 cheers Mark On Tue, Nov 29, 2016 at 10:14 AM, Peter Palfrader wrote: > On Tue, 29 Nov 2016, Sec INT wrote: > > > Hi > > > > Thanks ;-) As for the 'DirFrontPAge' the error is below > > > > Nov 29 09:52:55.000 [warn] Failed to parse/validate config: Unknown > option > > 'DirFrontPage'. Failing. > > What is DirFrontPage supposed to be? The manpage only mentions a > DirPortFrontPage. > > -- > | .''`. ** Debian ** > Peter Palfrader | : :' : The universal > https://www.palfrader.org/ | `. `' Operating System > | `-https://www.debian.org/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > Title: This is a Tor Exit Router This is a Tor Exit Router Most likely you are accessing this website because you had some issue with the traffic coming from this IP. This router is part of the Tor Anonymity Network, which is dedicated to providing privacy to people who need it most: average computer users. This router IP should be generating no other traffic, unless it has been compromised. Tor sees use by many important segments of the population, including whistle blowers, journalists, Chinese dissidents skirting the Great Firewall and oppressive censorship, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. While Tor is not designed for malicious computer users, it is true that they can use the network for malicious ends. In reality however, the actual amount of abuse is quite low. This is largely because criminals and hackers have significantly better access to privacy and anonymity than do the regular users whom they prey upon. Criminals can and do build, sell, and trade far larger and more powerful networks than Tor on a daily basis. Thus, in the mind of this operator, the social need for easily accessible censorship-resistant private, anonymous communication trumps the risk of unskilled bad actors, who are almost always more easily uncovered by traditional police work than by extensive monitoring and surveillance anyway. In terms of applicable law, the best way to understand Tor is to consider it a network of routers operating as common carriers, much like the Internet backbone. However, unlike the Internet backbone routers, Tor routers explicitly do not contain identifiable routing information about the source of a packet, and no single Tor node can determine both the origin and destination of a given transmission. As such, there is little the operator of this router can do to help you track the connection further. This router maintains no logs of any of the Tor traffic, so there is little that can be done to trace either legitimate or illegitimate traffic (or to filter one from the other). Attempts to seize this router will accomplish nothing. If you are a representative of a company who feels that this router is being used to violate the DMCA, please be aware that this machine does not host or contain any illegal content. Also be aware that network infrastructure maintainers are not liable for the type of content that passes over their equipment, in accordance with DMCA "safe harbor" provisions. In other words, you will have just as much luck sending a takedown notice to the Internet backbone providers. Please consult EFF's prepared response for more information on this matter. For more information, please consult the following documentation: Tor Overview Tor Abuse FAQ Tor Legal FAQ That being said, if you still have a complaint about the router, you may email the maintainer. If complaints are related to a particular service that is being abused, I will consider removing that service from my exit policy, which would prevent my router from allowing that traffic to exit through it. I can only do this on an IP+destination port basis, however. Common P2P ports are already blocked. You also have the option of blocking this IP address and others on the Tor network if you so desire. The Tor project provides a web service to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a specified IP:port combination, and an official DNSRBL is also available to determine if a given IP address is actually a Tor exit server. Ple
Re: [tor-relays] Assigning new IP adrees to current relay
Hi
Thanks ;-) As for the 'DirFrontPAge' the error is below
Nov 29 09:52:55.000 [warn] Failed to parse/validate config: Unknown option
'DirFrontPage'. Failing.
Nov 29 09:52:55.000 [err] Reading config failed--see warnings above. For
usage, try -h.
Nov 29 09:52:55.000 [warn] Restart failed (config error?). Exiting.
the setting is
DirPort 80
DirFrontPage /etc/tor/tor-exit-notice.html
ExitPolicy accept *:20-21 # FTP - File Transfer Protocol (data /
control)
etc
the html page is working fine so its not that - it looks like DirFrontPAge
is an unknown option?
any thoughts?
cheers
Mark
On Mon, Nov 28, 2016 at 11:43 PM, Roger Dingledine wrote:
> On Mon, Nov 28, 2016 at 11:25:29PM +, Sec INT wrote:
> > Hi Thanks for the reply - exit node is all up and running along with 6
> relays so all happy here - I decided just to keep the main IP
>
> Thanks for running relays!
>
> > One thing I did have was the DirFrontpage parameter in the torrc file
> >was badly formed so I commented it out but was wondering if anyone else
> >had that issue? It looks fine to me from what i can see in the sample file
>
> Can you clarify what you mean by badly formed?
>
> Basically that option takes a file and serves it out of the DirPort
> when people ask for the root ("/").
>
> So if the file that gets served is badly formed in your browser, then
> consider fixing the file. Whereas if it can't find the file, then
> consider pointing it at a file that really exists. :)
>
> Hope that helps,
> --Roger
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Assigning new IP adrees to current relay
Hi Thanks for the reply - exit node is all up and running along with 6 relays so all happy here - I decided just to keep the main IP One thing I did have was the DirFrontpage parameter in the torrc file was badly formed so I commented it out but was wondering if anyone else had that issue? It looks fine to me from what i can see in the sample file Cheers > On 28 Nov 2016, at 21:41, Roger Dingledine wrote: > >> On Mon, Nov 28, 2016 at 08:31:39PM +0000, Sec INT wrote: >> - this did seem to work and tor detectedthe new address and started to use >> it but then I got a number of warnings like >> 'Remote server sent bogus reason code' >> >> The relay does seem to be working but with these errors im not sure > > Those warnings are scary-sounding but not dangerous: > https://trac.torproject.org/projects/tor/ticket/20307 > >> - is the method above how you should assign a particular IP address to a Tor >> relay? > > It depends what you're trying to do. If your server has one primary IP > address but you want to be running your Tor relay on a different one, > then you probably want to set both Address and OutboundBindAddress. You > may also wish to specify an IP address in your ORPort line, to bind your > listeners to one or some but not all of your IP addresses -- but if you > don't care there's no need to do that. > > --Roger > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Assigning new IP adrees to current relay
Hi I have more than one ip address in a server - I want to assign a new ip to a current relay that I am running. The new ip is correctly setup on my ubuntu server so i know thats ok In order to make the relay use the new ip I added Address to the torrc file and restarted tor - this did seem to work and tor detectedthe new address and started to use it but then I got a number of warnings like 'Remote server sent bogus reason code' The relay does seem to be working but with these errors im not sure - is the method above how you should assign a particular IP address to a Tor relay? Thanks for any advice Snap ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay questions
Hi Thanks for the replies - stack exchange is very useful! Cheers Snap > On 23 Nov 2016, at 19:58, Matthias Fetzer wrote: > > Hi, > >> On 11/23/2016 07:16 PM, Sec INT wrote: >> - for server monitoring Im using nagios but it is very difficult to set this >> up to monitor bandwidth use does anyone know of a tool to do this? (Im using >> webmin to record bandwidth use but it doesnt have any alerting on it) > > I am using Munin to monitor relay bandwidth. Do you want to monitor it, > to just get some information, or is it about bandwidth limits? > > You can limit your relays by bandwidth and traffic. See the FAQ about > this: https://www.torproject.org/docs/faq.html.en#LimitTotalBandwidth > >> - on atlas i dont seem to have any bandwidth showing? > > Give it some time. Eventually it will show it correctly. > >> - what is HSDir and V2dir on atlas flags mean? > > See the following page: > https://tor.stackexchange.com/questions/423/what-are-good-explanations-for-relay-flags > > But i bet you can easily find the answers on the official pages aswell. > >> - ive seen the good/bad isp page but this seems quite old is there anywhere >> to get more up to date information on good isps? > > On non-exit nodes I tend to just try it. About exit nodes, I suggest > that you ask the ISPs before. To contribute to network diversity I > strongly suggest, that you set up some relays at some more exotic > ISPs/Countries. > > Soem stats about relay ASNs: > > https://metrics.torproject.org/bubbles.html#as > > Cheers, > > Matthias > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor relay questions
Hi Ive been running a relay as a test for a broader rollout including an exit but Im not sure of a few things and am finding it difficult to get further information so here goes - my relay is running at the moment but on atlas it has a line through the uptime? Is this something with 'Accounting' soft? - for server monitoring Im using nagios but it is very difficult to set this up to monitor bandwidth use does anyone know of a tool to do this? (Im using webmin to record bandwidth use but it doesnt have any alerting on it) - on atlas i dont seem to have any bandwidth showing? - what is HSDir and V2dir on atlas flags mean? - ive seen the good/bad isp page but this seems quite old is there anywhere to get more up to date information on good isps? Im looking at implementing 4-5 relays any suggestions about where and any isps that may allow tor in these regions? Thanks for any help Snap ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
