Re: [tor-relays] Action relays on 188.214.30.0/24 subnet

> On 6 Dec 2017, at 15:14, x9p wrote: > > > Shouldn't an action be taken against such relays? > > https://atlas.torproject.org/#search/188.214.30 > > They are clearly being run by the same entity/person, probably in an > automated fashion, don't have family set, and are using the same > datac

[tor-relays] Action relays on 188.214.30.0/24 subnet

Shouldn't an action be taken against such relays? https://atlas.torproject.org/#search/188.214.30 They are clearly being run by the same entity/person, probably in an automated fashion, don't have family set, and are using the same datacenter. cheers. x9p _

Re: [tor-relays] DoS attacks on multiple relays

>> On 5 Dec 2017, at 22:50, x9p wrote: >> >> >> my second and third positions are similar: >> >> ... > > Please don't publicly share exact connection numbers and netblocks. > They can be used in combination with other information to de-anonymise > users. > > (For example, if an adversary know

Re: [tor-relays] DoS attacks on multiple relays

> @ x9p: > >> # netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}' | awk >> -F: '{print $1}' | awk -F. '{print $1"."$2"."$3}' | sort | uniq -c | >> sort >> | egrep -v ' 1 | 2 | 3 ' >> >> with this information in hand, double the max of it (mine was 10 >> connections fro

Re: [tor-relays] companies and organizations running relays

Simply have a look at https://torservers.net/partners.html Greetings Christian Pietsch: > Please add: > > Digital human rights activist/advocacy NGO Digitalcourage e.V., Germany / > https://digitalcourage.de / > https://atlas.torproject.org/#search/family:9EAD5B2D3DBD96DBC80DCE423B0C345E920A7

Re: [tor-relays] companies and organizations running relays

Please add: Digital human rights activist/advocacy NGO Digitalcourage e.V., Germany / https://digitalcourage.de / https://atlas.torproject.org/#search/family:9EAD5B2D3DBD96DBC80DCE423B0C345E920A758D On Tue, Dec 05, 2017 at 07:03:00PM +, Alison Macrina wrote: > I'm wondering if folks on this

Re: [tor-relays] DoS attacks on multiple relays

> On 5 Dec 2017, at 22:50, x9p wrote: > > > my second and third positions are similar: > > ... Please don't publicly share exact connection numbers and netblocks. They can be used in combination with other information to de-anonymise users. (For example, if an adversary knows that a guar

Re: [tor-relays] companies and organizations running relays

I’ve been operating an exit node in an academic setting for about four years and I would be happy to kibitz your guide. On Tue, Dec 5, 2017 at 2:03 PM Alison Macrina wrote: > Hi all, > > Phoul and I are working on a blog post/guide to encourage more relay > operators. The post will include techn

Re: [tor-relays] companies and organizations running relays

Hey, In the Netherlands there is Hart voor Internetvrijheid that runs a couple of relays. In addition to that, there's a yearly informal meeting open to potential relay operators with a lot of room for interactive discussions on operating relays. I myself work for the leading Dutch digital civ

Re: [tor-relays] So long and thanks for all the abuse complaints

> On 6 Dec 2017, at 01:35, t...@t-3.net wrote: > > Abuse complaints are how this thing goes. With your limited exit policy, you > would hardly see any complaints (relatively speaking), and what you do see > would be mostly like SQL hack complaints and such. It's usually not going to > be cases

Re: [tor-relays] DoS attacks on multiple relays

@ x9p: > # netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}' | awk > -F: '{print $1}' | awk -F. '{print $1"."$2"."$3}' | sort | uniq -c | sort > | egrep -v ' 1 | 2 | 3 ' > > with this information in hand, double the max of it (mine was 10 > connections from 188.214.30

Re: [tor-relays] So long and thanks for all the abuse complaints

On 05.12.17 20:21, r1610091651 wrote: > how can the hoster determine whether a packet is part of a port scan > or valid connection request? One common example of automatically detectable port scans for /24 IPv4 subnets are consecutive connections, in a small amount of time, to aaa.bbb.ccc.1:80

Re: [tor-relays] So long and thanks for all the abuse complaints

I think it is relevant. There are two sides to creating a connection and traffic can be filtered on both ends. On the initiator: any invalid outgoing packets can be filtered On the receiver: any not expected / invalid packets can be filtered Just a question: how can the hoster determine whether a

Re: [tor-relays] companies and organizations running relays

Original Message On 5 Dec 2017, 19:03, Alison Macrina wrote: I'm wondering if folks on this list can help me by confirming the organizations that they know of running relays. Checking in on behalf of AS28715 / BrassHornCommunications.uk / https://atlas.torproject.org/#search/fa

[tor-relays] companies and organizations running relays

Hi all, Phoul and I are working on a blog post/guide to encourage more relay operators. The post will include technical and legal information for relay operators, but also things that are in more of a "social" category, like information for starting a relay operators group on a college campus. In

Re: [tor-relays] So long and thanks for all the abuse complaints

On 05.12.17 19:24, r1610091651 wrote: > Having servers on-line and complaining about such things is just > unreasonable and laziness on the operator side: don't want scans, > then setup proper firewall rules. Done. Your comment is not applicable in this particular case; please read my other messa

Re: [tor-relays] So long and thanks for all the abuse complaints

Port scans are part of internet life in my opinion. One cannot have internet access and no (occasional) port scan, spam mails, worms, ... Having servers on-line and complaining about such things is just unreasonable and laziness on the operator side: don't want scans, then setup proper firewall rul

Re: [tor-relays] DoS attacks on multiple relays

Hi everybody > Looks scary. Interesting to see they all have high guard probabilities. :-? The reported numbers are nothing to scare about. 100 connects and more to a relay/subnet can be fine. As well to other servers like onion services. Lots of connections come with a good (temporary) position.

Re: [tor-relays] So long and thanks for all the abuse complaints

Quoting myself: > I've had an ongoing debate with a hosting service over a fresh exit > node being abused for network scans (ports 80 and 443) almost hourly > for the last few days. I had the former exit node unlocked an ran it in relay mode for a day. Today I switched back to exit mode, and a fe

Re: [tor-relays] UbuntuCore stats update

Dear Chad, The last I read from nusenu a few months ago was that you have tor is running as root, which sort of wiped it off my radar. Is that still true? I do like your idea of democratizing tor relays so normal people can run them. TIA, --torix Sent with [ProtonMail](https://protonmail.com

Re: [tor-relays] DoS attacks on multiple relays

Me, too: 4 on 178.16.208.0/24 and 10 on 217.12.223.0/24 Sent with [ProtonMail](https://protonmail.com) Secure Email. > Original Message > Subject: Re: [tor-relays] DoS attacks on multiple relays > Local Time: December 5, 2017 7:00 AM > UTC Time: December 5, 2017 12:00 PM > From

Re: [tor-relays] So long and thanks for all the abuse complaints

Abuse complaints are how this thing goes. With your limited exit policy, you would hardly see any complaints (relatively speaking), and what you do see would be mostly like SQL hack complaints and such. It's usually not going to be cases where someone got all the way into someone's machine, it'

Re: [tor-relays] DoS attacks on multiple relays

A little relay node of a consensus around 220 checking in here. I am seeing pretty much the same as others are reporting - 11 on 188.214.30.0/24 and 10 on 217.12.223.0/24. The AS is called THC Projects SRL. They seem to provide VPS hosting among other things and ipinfo.io/AS51177

Re: [tor-relays] DoS attacks on multiple relays

my second and third positions are similar: 9 217.12.223.0/24 (family and contact info set) 8 178.16.208.0/24 (family and contact info set, too) > Interesting to see. I have similar stats. 10 connections from > 188.214.30.0/24, second up 8 connections from 178.16.208.0/24. Thanks! >

Re: [tor-relays] DoS attacks on multiple relays

On Tue, Dec 5, 2017 at 5:04 PM, x9p wrote: > > Actually this also caught my attention on this 10 nodes from 188.214.30/24: > > https://atlas.torproject.org/#search/188.214.30 > > All from Romania, relays, ports 443/9030, good bandwidth 17-26MiB, uptime > almost identical, and no family member set

Re: [tor-relays] DoS attacks on multiple relays

Actually this also caught my attention on this 10 nodes from 188.214.30/24: https://atlas.torproject.org/#search/188.214.30 All from Romania, relays, ports 443/9030, good bandwidth 17-26MiB, uptime almost identical, and no family member set. One is even named CIA :) Contact is set to none also.

Re: [tor-relays] DoS attacks on multiple relays

Interesting to see. I have similar stats. 10 connections from 188.214.30.0/24, second up 8 connections from 178.16.208.0/24. Thanks! On Tue, Dec 5, 2017 at 4:27 PM, x9p wrote: > > first measure on a good day how many connection per /24 your exit/relay > have, excluding these with 1 2 or just 3 c

Re: [tor-relays] DoS attacks on multiple relays

null wrote: > We're experiencing what looks like a DoS attack on multiple relays in our > family: > > https://atlas.torproject.org/#search/family:CBEAE10CBBB86C51059246B2EF92EB2CB4E111BC > > The relays are currently running Tor 0.3.1.9 on Linux kernel 4.4.0 > (although when the problem started th

Re: [tor-relays] DoS attacks on multiple relays

ps: this was done @ debian. BSD/Solaris/other Unix flavours may need some tweak in the script. > > first measure on a good day how many connection per /24 your exit/relay > have, excluding these with 1 2 or just 3 connections: > > # netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}'

Re: [tor-relays] DoS attacks on multiple relays

first measure on a good day how many connection per /24 your exit/relay have, excluding these with 1 2 or just 3 connections: # netstat -tupan | grep ESTABLISHED | grep /tor | awk '{print $5}' | awk -F: '{print $1}' | awk -F. '{print $1"."$2"."$3}' | sort | uniq -c | sort | egrep -v ' 1 |