Re: [tor-relays] Law Enforcement Request

2017-04-26 Thread David Stainton
What was the guard discovery attack they used? Was it one of the well known published guard discovery attack or another new one? On Wed, Apr 26, 2017 at 1:58 AM, teor wrote: > Hi all, > > Last week, we were contacted by Australian law enforcement, on behalf of > German law

Re: [tor-relays] Suggestion to make Tor usage more disguised

2016-01-16 Thread David Stainton
Why would someone get into trouble for using Tor? Furthermore, have you have heard of pluggable transports for Tor? On Sat, Jan 16, 2016 at 1:31 PM, Raúl Martínez wrote: > Hi, > I am writing this message to make a simple suggestion that could help > driving more adoption to Tor by

[tor-relays] ANN: TCP injection attack detection tool - honeybadger

2015-12-07 Thread David Stainton
human rights. 3. So use my design in your software; The description of how to detect the 5 possible TCP injection attacks can serve as a part of a design document for other software projects to implement their own TCP injection attack detection. cheers from the Internet, David Stain

[tor-relays] Quantum Insert detection for everyone

2015-04-22 Thread David Stainton
a zero-day payload from a TCP attack; you should then responsibly disclose to the software vendor or contact a malware analyst to help out! Sincerely, David Stainton ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi

Re: [tor-relays] Quantum Insert detection for everyone

2015-04-22 Thread David Stainton
, Am 22.04.2015 um 20:41 schrieb David Stainton: Did you all see this Wired article about Quantum Insert detection? https://www.wired.com/2015/04/researchers-uncover-method-detect-nsa-quantum-insert-hacks proof me wrong but wouldn't the use of a HTTPS/OnionAddress render this attack usesless

Re: [tor-relays] Quantum Insert detection for everyone

2015-04-22 Thread David Stainton
TCP injection attacks are not the same as man-in-the-middle attacks... but rather are categorized as man-on-the-side. The difference is important because MoS is *much* cheaper for these various (not just NSA) entities to execute. MoS means you do not have to pwn a route endpoint at the site

Re: [tor-relays] Tor RPM packages now come with multi-instance support (since v0.2.6.4-rc) -- please test them

2015-03-11 Thread David Stainton
Excellent! Do you plan to do this for the debian package as well? On Wed, Mar 11, 2015 at 9:51 PM, Nusenu nus...@openmailbox.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Tor RPM packages (starting with version 0.2.6.4-rc) now come with multi-instance support [1]. This

Re: [tor-relays] Tor RPM packages now come with multi-instance support (since v0.2.6.4-rc) -- please test them

2015-03-11 Thread David Stainton
ah that's great! also your continuing the ansible development is great. keep up the good work! On Wed, Mar 11, 2015 at 10:10 PM, Nusenu nus...@openmailbox.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi David, Excellent! Do you plan to do this for the debian package as well?

Re: [tor-relays] new ansible-tor features: automatic instance configuration + automatic MyFamily generation (PATCH)

2015-02-16 Thread David Stainton
Hi Nusenu, Thanks for the patch. You've added quite a bit more features than 2. Would you mind telling me which 2 features are critical for your use-case and why? Can you share your ansible-tor playbook? Perhaps a redacted copy if you have sensitive information in it... I'd like for this ansible

Re: [tor-relays] new ansible-tor features: automatic instance configuration + automatic MyFamily generation (PATCH)

2015-02-16 Thread David Stainton
responding inline Would you mind telling me which 2 features are critical for your use-case and why? - - automatic instance deployment (and all the dependencies that comes with that, like ORListenAddress - without it tor0 would block tor2 from starting since they are binding on the same

Re: [tor-relays] building Tor against LibreSSL 2.1.1 fails with undefined reference to `EVP_aes_128_ctr' error

2014-11-21 Thread David Stainton
I am also very interested in hearing from people who have built tor with LibreSSL... specifically I'd love it if someone worked out all the details to do this as a static build in OpenBSD. On Fri, Nov 21, 2014 at 3:22 PM, Seth l...@sysfu.com wrote: I'm trying to build tor-0.2.5.10 from source

Re: [tor-relays] Ansible repo for setting up relays

2014-06-15 Thread David Stainton
Hi Sam, I wish we could work together so as to not duplicate efforts. I'm not sure how many people know about my Ansible Tor role... although it was linked to in a Tor Weekly News entry a few weeks ago: https://github.com/david415/ansible-tor/ Cheers, David On Sun, Jun 15, 2014 at 12:51 PM,

Re: [tor-relays] Bridge Operators - Heartbleed, Heartwarming, and Increased Help

2014-04-25 Thread David Stainton
Let us know if/when obfsproxy runs on CentOS. Why would anyone want to use CentOS? Obviously this is a rhetorical question since there isn't a good reason to use CentOS instead of say Debian... AND if someone gave me access to thousands of CentOS servers for the purpose of running tor relays I

Re: [tor-relays] Init.d script for two simultaneous Tor instances

2014-04-18 Thread David Stainton
I hope my Tor Ansible role will be useful to relay operators: https://github.com/david415/ansible-tor You can use it to write many different types of playbooks for installing/configuring tor on one or more servers. In the github readme I show several example playbooks to configure tor in various

Re: [tor-relays] Trying Trusted Tor Traceroutes

2014-02-07 Thread David Stainton
Cool project! On Fri, Feb 7, 2014 at 9:05 PM, Sebastian Urbach sebast...@urbach.org wrote: Dear list members, The Trying Trusted Tor Traceroutes project is coming closer to the next data review (03/2014). Basically every relay (except Bridges) can help to evaluate the Tor Routes. Please

Re: [tor-relays] securing a VPS [High speed exit]

2014-02-06 Thread David Stainton
No not just a hidden service but an authenticated hidden service. Also Knockknock is a port knocker... which uses cryptographic authentication. On Thu, Feb 6, 2014 at 7:04 AM, Craig C-S craigc...@gmail.com wrote: Thanks all for the advice! Things to do: - I'll be looking to run Moxie

Re: [tor-relays] What is more necessary: Bridge or Relay?

2014-02-05 Thread David Stainton
http://torproject.org/docs/faq.html.en#RelayOrBridge On Tue, Feb 4, 2014 at 10:31 PM, an.to_n...@riseup.net wrote: Hello List! Since 7/2013 I operate a small Tor Server as internal relay or as obfuscated bridge. What is more necessary: An internal relay to speed up the network, or an

Re: [tor-relays] Ubuntu is killing tor when getting low memory

2014-02-02 Thread David Stainton
in a week or two. Thanks! Geri 2014-02-01 David Stainton dstainton...@gmail.com: Hi Geri! You may adjust the Linux OOM killer's settings on a per process basis with the proc fs; see here: http://askubuntu.com/questions/60672/how-do-i-use-oom-score-adj If you have multiple numa cores

Re: [tor-relays] Ubuntu is killing tor when getting low memory

2014-02-01 Thread David Stainton
Hi Geri! You may adjust the Linux OOM killer's settings on a per process basis with the proc fs; see here: http://askubuntu.com/questions/60672/how-do-i-use-oom-score-adj If you have multiple numa cores then it also might be helpful to set the process to use numa interleaved memory instead of

Re: [tor-relays] Using syslog for monitoring bridges

2014-01-29 Thread David Stainton
Sounds like a viable plan. What specifically do you need help with? On Thu, Jan 23, 2014 at 8:34 PM, Andreas Fritzel andreasfritzel1...@yahoo.com wrote: Hey all, In two different countries I run 3 Tor bridges for a while now. For monitoring, I want to quit using the local filesystem for