Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter p...@nymity.ch wrote: On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote: 173 FreeBSD FreeBSD still seems to use globally incrementing IP IDs by default. That's an issue as it leaks fine-grained information about how many packets a relay's networking stack processes. (However, nobody investigated the exact impact on Tor relays so far, which makes this a FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD relays I tested (38%) use global IP IDs. There's a sysctl variable called net.inet.ip.random_id which makes a FreeBSD's IP ID behaviour random. FreeBSD relay operators should set this to 1. Note that this issue was already discussed earlier this year in a thread called Lots of tor relays send out sequential IP IDs; please fix that!. It's been default off since before it was a sysctl over a decade ago. Anyone know what the deal is with that? Some objection, or forgotten flag day, or oversight that really should be set to 1? https://svnweb.freebsd.org/base?view=revisionrevision=133720 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
On Fri, Nov 7, 2014 at 11:31 AM, Adrian Chadd adr...@freebsd.org wrote: ... that's .. odd. Let's poke the freebsd crypto and network stack people and ask. I can't imagine why this is a problem anymore and we should default to it being on. I don't think there's a crypto@ list, though security@ might represent. The other thing you could do is have the tor port require it be turned on before tor runs. That would not cover people who compile and use upstream Tor. Ideally, the Tor client could check for any system parameters it feels are critical before running, or simply delegate them and/or any parameters of lesser importance to platform specific guides on the Tor wiki. On 7 November 2014 00:20, grarpamp grarp...@gmail.com wrote: On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter p...@nymity.ch wrote: FreeBSD still seems to use globally incrementing IP IDs by default. That's an issue as it leaks fine-grained information about how many packets a relay's networking stack processes. (However, nobody investigated the exact impact on Tor relays so far, which makes this a FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD relays I tested (38%) use global IP IDs. There's a sysctl variable called net.inet.ip.random_id which makes a FreeBSD's IP ID behaviour random. FreeBSD relay operators should set this to 1. Note that this issue was already discussed earlier this year in a thread called Lots of tor relays send out sequential IP IDs; please fix that!. It's been default off since before it was a sysctl over a decade ago. Anyone know what the deal is with that? Some objection, or forgotten flag day, or oversight that really should be set to 1? https://svnweb.freebsd.org/base?view=revisionrevision=133720 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote: 173 FreeBSD FreeBSD still seems to use globally incrementing IP IDs by default. That's an issue as it leaks fine-grained information about how many packets a relay's networking stack processes. (However, nobody investigated the exact impact on Tor relays so far, which makes this a FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD relays I tested (38%) use global IP IDs. There's a sysctl variable called net.inet.ip.random_id which makes a FreeBSD's IP ID behaviour random. FreeBSD relay operators should set this to 1. Note that this issue was already discussed earlier this year in a thread called Lots of tor relays send out sequential IP IDs; please fix that!. Cheers, Philipp ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
