tions are not a lot. I used to have a
symmetric 20 megabytes/second line and the router provided by my ISP would
reboot when reaching around 3600 connections. Happily, they provided FTTH so I
was able to put a linux box instead of said router and reach 13k conns.
--
David Serrano
PGP: 1BCC1A1F28
(network wise) from such locations. This has been explained
a couple of times recently (which is why I remember it :^)).
Please don't top post.
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
___
tor-rela
On 2016-10-26 08:44:00 (+), LluĂs wrote:
>
> I'm very sad Jazztel is the one that turns out to be
> **really** unstable for me.
You mentioned "VDSL" in the OP, however I'm talking about fiber. Maybe by
switching technologies you could get an improved servi
,
6667" they didn't have the Exit flag, therefore I'm not sure to what extent
the exit capabilities were actually used.
If Jazztel is an option for you, I'd definitely recommend it.
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
instead of keeping it to myself: what about
modifying the form to ask also for the destination port? So the investigator
would enter source IP, dest port and date. Can be somewhat confusing due to
the source/dest mix, but the "Exit" column in this case would be pretty clear
be
gt; is only configured as an exit for part of the time, that's a potentially
> important part of the historic record.
Thanks. I didn't consider the possibility of relays switching between
exit/non-exit at some point.
--
David Serrano
PGP: 1BCC1A1F280A0
Maybe a link to a "Technical details" could still be kept for the most weirdos
among us :), containing some more details. Not the full gore we have now, but
something like platform, bandwidth, exit policy... things that could be
explained to your sister in 5 minutes.
Just my 2sat,
router so, barring a blackout, that
is hardly going to happen. And if you get an UPS as I did, you may be in the
middle of a blackout but still be connected to the net :^).
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
_
On 2015-04-08 00:22:08 (+0200), Bandie Kojote wrote:
>
> Dear list admins,
>
> I didn't subscribe to the tor-relay mailing list to receive spam.
Just my 2 cents: I've been subscribed to this list for 1.5 years and these are
the first two instances of spam I've seen
n
a --verify-config in the first place, because tor might die if there's
something in the configuration that it doesn't like! I learnt that lesson
the hard way :^).
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
_
On 2015-03-05 19:31:40 (-0500), Dedalo wrote:
>
> "expect an update on that soon. Relays will be back soon if limited to 5
> Mbps ..."
Allowing a full exit (bar smtp), even with the limitation of 5 mbps, would be
really nice...
--
David Serrano
PGP: 1BCC1A1F280A0
o
is teach the IRC client to connect through it.
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
that you're running an /exit/ relay. I just verified that I'm
able to connect to freenode from the IP associated with my non-exit relay
without issues.
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
___
se freenode, you will
have to [block ports]. Alternatively, you can allow any ports in your exit
policy, and always connect to freenode using the hidden service".
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
_
ccording to them some new law here in
> Spain forbids Tor relays.
Then it would be interesting if they were so kind to point to that alleged new
law that was put in place. And if indeed no tor relays are allowed, you could
update the GoodBadISPs.
--
David Serrano
PGP: 1BCC1A1F280A01F9
s
y,
grabbed from onionoo.tpo/details.
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
n relays having the exit flag:
93.62% 4459816582 Linux
4.51% 214639363 FreeBSD
1.25% 59672066 Windows
0.25% 11754598 Darwin
0.17%7896687 Bitrig
0.15%6964863 OpenBSD
0.06%3091495 SunOS
--
David Serrano
PGP: 1BCC1A1F280A01F9
signature.asc
Description: Di
On 2014-05-24 06:36:41 (-0700), Contra Band wrote:
> Date: Sat, 24 May 2014 06:36:41 -0700 (PDT)
>
> That is a great piece of advice David.
No it isn't. Please see Roman's followup to my post.
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description
3
49 8080
35 9090
34 80
27 9002
25 8443
25 22
23 8001
22 110
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https:
gt; relevant is this issue?
From what I gather, you're only affected if you're not the only user in the
box. If you run a system dedicated only to tor, you should be safe.
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
u'll earn the BadExit flag. Read about it in [1] or elsewhere.
[1] https://trac.torproject.org/projects/tor/wiki/doc/badRelays
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-re
On 2014-04-19 09:19:26 (-0700), kbesig wrote:
>
> OSError: [Errno 13] Permission denied: '/home/user/.arm/'
> Any ideas??
Delete /home/user/.arm. It will be created again. Did you run it as root
first? That would explain this problem.
--
David Serrano
GnuPG id: 280A0
On 2014-04-08 09:20:28 (-0700), ecart...@riseup.net wrote:
>
> Update: I now have Running, Unnamed, V2Dir and Valid flags after 90
> minutes of uptime. So I guess all is well.
So do I. I guess Named will be the toughest of them all :).
--
David Serrano
GnuPG id: 280A01F9
sign
tually "exit probability to 80/443/6667 destinations".
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
ode despite not having the flag. Try
waiting some days to see if there's some traffic on port 8333. FWIW I check
outgoing connections using netstat instead of arm :).
HTH,
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
_
rned that I was in
fact being an exit for some of the ports I had enabled. The reason I wasn't
getting the Exit flag was because I didn't open two ports among 80, 443 and
6667. A couple of hours ago I opened 443 and 6667 (it was planned anyway) and
soon after my relay got the Exit flag.
hence me asking.
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
few days and this number will increase on its own.
https://blog.torproject.org/blog/lifecycle-of-a-new-relay
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.or
org/relay-search.html and enter
your IP address to figure that out.
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
astly, this may give additional ideas:
http://thiemonagel.de/2006/02/preventing-brute-force-attacks-using-iptables-recent-matching/
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
u can drop packets in the SYN_THROTTLE chain instead of rejecting them,
without fail2ban. Or you can accept them until a threshold is reached, then
log/reject them up to a second threshold, then silently drop them.
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signat
rcuits. It all depends on what rules it inserts into
its chain.
However, do you need fail2ban now that you are throttling SYNs without
affecting circuits?
--
David Serrano
GnuPG id: 280A01F9
signature.asc
Description: Digital signature
___
tor-rela
You don't need '-m state --state NEW' in lines 17 and 18 because all packets in
that chain are already known to be new.
I recommend to use always --log-prefix for easy future grepping.
--
David Serrano
GnuPG id: 280A01F9
signature
t match
this rule and will traverse the rest of the ruleset unaffected.
Since I run a new node and discovering this new world I'm somewhat concerned
that once I gain the Stable flag I'll be SYN flooded too so I'll pay attention
to this too.
--
David Serrano
Gnu
34 matches
Mail list logo
