On Mon, Jan 5, 2015 at 11:15 AM, eliaz el...@riseup.net wrote:
processes involved. Since they're private, I assume they're broadcasts
Private are RFC1918. Broadcasts are 255.255.255.255 or the
subnet based versions of same.
___
tor-relays mailing list
On Mon, Mar 9, 2015 at 7:17 AM, Sebastian Urbach sebast...@urbach.org wrote:
On March 9, 2015 7:17:20 AM oneoft...@riseup.net wrote:
Can someone point me to an overview of the different legal situations
for running tor relays in European countries? I'm especially interested
how the situation
On Mon, Mar 9, 2015 at 2:40 PM, Markus Hitter m...@jump-ing.de wrote:
Am 09.03.2015 um 16:08 schrieb Steve Snyder:
Being able to separate webmail from the parent web presence (e.g.
gmail from google.com, Yahoo Mail from yahoo.com, etc.) would be a
big step forward in curbing spam. This would
On Mon, Mar 9, 2015 at 3:41 PM, grarpamp grarp...@gmail.com wrote:
You could create a user maintained wikitable of all countries in
regard to line items of relavence to people in anonymizing networks,
crypto, retention, etc.
In fact, collaboration with researchers such as Koops to present
This is unfortunate but we will not be deterred.
I would also go chargeback if notice you now give them
does not result in satisfied action by close Sunday. You paid
for a year based on some assurance, and did not receive.
Now in the future...
You plan was long and two part, partly confusing.
On Thu, Apr 23, 2015 at 12:56 AM, CJ Barlow iamthech...@gmail.com wrote:
rm -f /var/lib/tor/keys/* 21 /home/[me]/reboot.txt
This dupes stderr to stdout first which is still your screen, -f
squelches various errors,
and rm doesn't emit any stdout unless some option like -v. So nothing is logged.
While you're busy doing all this writing and signing you need
to post the results up on the wiki, the tor relay banner page,
EFF legal info/opinion page update, etc.
___
tor-relays mailing list
tor-relays@lists.torproject.org
s/ram/encrypted ram/
for slightly better odds at resistance.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Permission issues and your shell pipeline... test it via your cli
under whatever shell is in effect.
If you want the keys gone on reboot, put them on a ramdrive.
Read up on swap memory and cold boot attacks first.
You might be able to remove them right after tor start.
Mega? A dotcom? Really people? Come on, that's soo legacy.
Use what your mama gave you... put it on a hidden service.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, May 13, 2015 at 6:51 PM, tor-server-crea...@use.startmail.com wrote:
any advice for me please?
Learn additional unix system administration, read the manuals, attend a
user group. That way you can understand and do simple stuff that works like:
shell, ps, tail, less, and vi
./tor
kill
On Thu, Jun 25, 2015 at 6:27 AM, nusenu nus...@openmailbox.org wrote:
A relay running in South America could do more bad than good, as it
would increase the average latency
I was also thinking about that.
Does improving geo-diversity negatively affect latency?
Internet imposed minimum
On Wed, Jun 24, 2015 at 8:38 PM, Mike Perry mikepe...@torproject.org wrote:
It appears that some years ago someone quietly removed port 465 and 587
from the reduced exit policy at
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
without an explanation.
these ports should
On Wed, Aug 12, 2015 at 9:16 AM, Thomas White thomaswh...@riseup.net wrote:
For relays, being able to make more use of available bandwidth would
vastly increase the network speed, furthermore make home clients see
an improvement in their daily Tor usage. It also benefits hidden
service people
On Thu, Aug 13, 2015 at 3:40 AM, Mike Perry mikepe...@torproject.org wrote:
But consider looking at average flow lifetimes on the internet. There may
be case for going longer, bundling or turfing across a range of ports to
falsely
trigger a record / bloat, packet switching and so forth.
On Wed, Aug 12, 2015 at 7:45 PM, Mike Perry mikepe...@torproject.org wrote:
At what resolution is this type of netflow data typically captured?
Routers originally exported at 100% coverage, then many of them
started supporting sampling at various rates (because routers were
choking and buggy
On Sat, Aug 22, 2015 at 1:09 AM, Mike Perry mikepe...@torproject.org wrote:
As such, I was only able to discover that its default inactive/idle
timoeut is 30s. I couldn't find a range.
What I really need now is any examples of common routers that have a
default inactive/idle timeout below
On Fri, Aug 21, 2015 at 1:40 PM, Philipp Winter p...@nymity.ch wrote:
I wonder if we wouldn't be better off with GCE remaining blocked. Cloud
platforms seem quite popular among attackers -- presumably because they
can quickly give you a large number of disposable machines.
Second, and
On Fri, Aug 21, 2015 at 12:30 AM, Mike Perry mikepe...@torproject.org wrote:
I submitted a proposal to tor-dev describing a simple defense against
this default configuration:
https://lists.torproject.org/pipermail/tor-dev/2015-August/009326.html
nProbe should be added to the router list, it's
On Wed, Jul 29, 2015 at 9:32 AM, Yawning Angel yawn...@schwanenlied.me wrote:
Like I noted in my reply to Paul S. if there was a way to
measure/quantify trust, or deal with the people's Guards just
I'd agree that randomly handing off nodes is bad.
And that there may be cases where structured
On Fri, Jul 31, 2015 at 5:41 AM, Tyler Durden vi...@enn.lu wrote:
But when it comes to spam they get, indeed, a bit upset. I recommend you to
block the mail ports as we do it. --- 25, 465, 587
As posted here last month, 25 no longer open relays mail for MUA's,
it does accept MX for its own
On Sat, Aug 8, 2015 at 2:03 AM, nusenu nus...@openmailbox.org wrote:
that implies that USU exit relays store significant amount of logs
node. I said that we had extracted and filtered the requested data,
it was 90 4 gig files (for a total of 360 gigs of log files) or
about 3.2 billion log
On Fri, Aug 7, 2015 at 5:38 PM, Damian Busby damian.bu...@gmail.com wrote:
Personally, if I had been the person in comment #2, I would have sent all
those logs anyway.
Mind telling us what relays you're operating so
we can block them in our clients?
Then they would have been compelled to
> #17297: TorCheck fails on new exit egress IP not in exit DB, confusing to user
> https://trac.torproject.org/projects/tor/ticket/17297
As said three days ago before OP...
No, I'd consider it a technique to avoid having
your exit put on braindead tor-hating consensus
scraping blacklists... a
While reducing network traffic to various accounting schemes such
as netflow may enable some attacks, look at just one field of it...
bytecounting.
Assume you've got a nice global view courtesy of your old bed buddies
ATT, Verizon, Sprint, etc and in addition to your own bumps on the
cables.
You
On Thu, Sep 3, 2015 at 2:03 AM, coderman wrote:
> there is a second limit here, which is the netflow channel capacity /
> storage limit, if you introduce simulated flows at a rate beyond this
> capacity, you may become unobservable (via loss) resulting in failure
> to
On Thu, Sep 10, 2015 at 3:54 AM, Virgil Griffith wrote:
> good locations...
> intelligence prioritizes spying on Tor relays they will simply download the
> list and tap the desired relays, regardless of where the relay is
> topographically located.
There may be situations in
As in a former thread on this, here's the cpu ranking of
what you can expect, caveat utilization of specific features...
http://cpubenchmark.net/high_end_cpus.html
http://cpubenchmark.net/singleThread.html
Keep in mind as before, the highest chart performer is not
necessarily the most effective
On Thu, Sep 10, 2015 at 1:12 AM, Virgil Griffith wrote:
> URL: http://labs.apnic.net/vizas/
>
> For Tor, this tool helps us prioritize the ASs for new relays. To maximize
> censorship resistance, we would want relays on AS numbers in the middle
> (lots of interconnections) that
> First rule is to use some firewall
No it is not, do not do this.
An exit needs to pass the traffic that its exitpolicy says it will pass.
Otherwise bad things happen with circuit construction and your exit
gets badmouthed by users possibly to the point of being banned. If
you can't provide an
On Tue, Jan 12, 2016 at 12:44 AM, Jesse V wrote:
> This is quite interesting, thanks for the report. I'm not sure why it
> would be advantageous to set up a server or network this way, but I
> guess they have their reasons.
1) They may or may not be aware of their routing,
On Wed, Jan 13, 2016 at 10:05 PM, Virgil Griffith wrote:
> In our quantifications of relay diversity, knowing the IP addresses that
> traffic exits from is important. Ways to have this information correctly
> reported would be very helpful.
Which is exactly why free to connect
On 6/26/16, pa011 wrote:
> [report]
You have reported about four multiple things.
Though they may be related, try breaking them
down into a more individual approach.
> (Compiled with 100010bf: Op$bf: OpenSSL 1.0.1k 8 Jan 2015;
> running with 1000114f: OpenSSL 1.0.1t 3 May 2016).
On Wed, Jan 27, 2016 at 12:00 AM, Virgil Griffith wrote:
> No wrong answer---just wondering what is the community's vibe on this
> issue. I can go either way.
Same IP excepting NAT is same box, kind of pointless if
they're not the same entity [1], err to caution and call it
On 4/7/16, Roger Dingledine wrote:
> Your above confusion is why nobody should ever write "b" or "B" in this
> day and age.
Re confusion... as said before with reference links to official standards...
These days, formally... "b" bit and "B" byte are well defined context.
"k" is
On 3/20/16, Tim Wilson-Brown - teor wrote:
>> On 21 Mar 2016, at 04:00, Philipp Winter wrote:
>>
>> Next, I ran the module for cloudflare.com, which does not seem to
>> whitelist Tor. 638 (75%) exit relays saw a CAPTCHA and 211 (25%)
>> didn't.
This roughly
On 3/6/16, Volker Mink wrote:
> Thats bad to lose such a fast exit.
And the diversity of an OpenBSD one at that.
Somebody could just turn off one of their Linux relays
and send this guy the monthly fee instead.
___
tor-relays
Many residential and business ISP's are the same dsl/coax/fiber company.
Many of them will provide extra IP's for some tiny fee, so primary clearnet
use can remain unaffected. Or you can route tor over vpn. Some do run
exits at home. In that case consider contact local LEAs enquiring if
they
On 4/30/16, Dr Gerard Bulger wrote:
> Once I set my outgoing connection via a UK and very fast and supposedly
> "anonymous" proxy server service, I have not heard a squeak from anyone.
> These proxy services are very cheap, no limits, and offer another level of
> difficulty
https://www.britishairways.com/
does pageload from
7DDE318DD1F93BF127C84824BBD909BC3887F39F
On 5/20/16, Thomas Braun wrote:
> Am 20.05.2016 um 13:18 schrieb Pascal Terjan:
>> I am now wondering is this is because I run a (non exit) relay. Can
>> anyone confirm if they also
First, you don't need to keep asking for hosts when you
can simply whois the consensus for them.
Second, network diversity requires that you find new hosts,
use your telephone book.
Third, there are risks to asking for referrals,
and to piling on top of non-diversity...
On 8/14/16, i3 wrote:
> My new server has 10Gb/s connection (I've observed it at 900MB/s to the drives
Depending on whether you meant MiB/s or MB/s,
you may find your network calculations off by 350Mbps,
which is a sizable tor relay's worth itself.
Standard use is
On 8/15/16, Roman Mamedov wrote:
> To me these seem to be just two loosely related facts, the latter merely
> I don't see any "network calculations" being presented.
Was an fyi for the OP, who may or may not be doing calculations,
regardless of presentation to us.
>
On 7/6/16, Green Dream wrote:
> It seems easier to say "don't worry about it, it's not really a problem"
> from that perspective.
That's a given.
> For the average Tor volunteer operator, all that comfort, protection and
> privilege is gone. _My_ ass is on the line. Or
https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html
"Many people fear that running an exit node will put them in police
crosshairs if it gets used in the commission of a crime. For the
record, Boing Boing runs a very high-capacity exit node, and though
we've received multiple
On 7/6/16, Roger Dingledine wrote:
> In this
> case we actually found these relays misbehaving (accessing onion
https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html
http://motherboard.vice.com/read/over-100-snooping-tor-nodes-have-been-spying-on-dark-web-sites
On 7/6/16, Green Dream wrote:
>> It's up to directory authority operators to deal with
>> suspicious/rogue/misconfigured relays by marking them as
>> invalid/rejected/badexit.
>
> So... what's going on in this particular case and what are the directory
> authorities going
On 8/5/16, Flipchan wrote:
> [bad netiquette]
When replying to digests...
- At minimum, change the subject to the original subject.
Optimally also include proper header threading.
Repliers should subscribe to per message distribution instead.
- Delete all content from the
On 8/16/16, teor wrote:
> Or is it safer just to log a few essential categories?
> (Can anyone recommend any?)
Once properly set up and tested, DNS just works, only
maintenance being updating root zone or keys whenever.
You might be interested in aggregated stats logs it
For those of you offering more than one service on your box,
an example among many other circumvention / overlay networks
you might like to support...
http://www.vpngate.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
Steven wrote:
> So, I've concluded that these little bursts of packet loss are really
> just some failed equipment of the backhaul carrier, and that it isn't
> fixed yet is most simply explained by incompetence.
At first all I read in your graph was the latency drop.
But yes now I see the
I agree with you here. This is a mission, a partnership
amongst all perticipants, even negotiated and discovered
as such, to good ends and via good means, amongst similar,
or amenable participants, with backbone, and with high
principles.
Yes toppost, shootme.
On Tue, Jan 17, 2017 at 2:00 AM,
On Tue, Jan 17, 2017 at 1:08 AM, Kenneth Freeman wrote:
> On 01/16/2017 11:49 AM, Olaf Grimm wrote:
>> Now I have my servers outside and at home a middle node only.
> This is best practice. And even under a proposed corporate aegis (LLC,
> you really need to be loaded for
I would support Rana's volunteer proposal as described,
and growing integration, as being a beneficial contribution.
Let us not forget, all begin as noobs to a norm, and full
normalization may be chilling to diversity.
___
tor-relays mailing list
On 8/21/16, Michael McConville wrote:
> Anything other than Tor running on the server is a liability. I'd be
> particularly concerned about things like Owncloud (not to mention web
> servers), which has a history of security vulnerabilities. I think it's
> best to restrict Tor
On 8/24/16, George wrote:
>> src/or/connection.c:1796: warning: passing argument 1 of 'TO_OR_CONN'
>> discards qualifiers from pointer target type
> I can't remember which Tor branch, but I do remember Tor at a certain
> release wouldn't run on FreeBSD 8.4.
The above warning
On 8/31/16, Green Dream <greendream...@gmail.com> wrote:
> Well said grarpamp.
>
>> there are plenty of other already existing, interesting, and
>> upcoming anonymous overlay networks for transporting IP, messaging,
>> storage and so on.
>
> Mind sharing some
> yep how right you are, I tested it but it pulled in libsystemd for some
> reason
> and the whole point of moving to devuan was to get away from that
> unneeded dependency.
>
> So I guess I have to compile it myself then!?
Most autotooled software including Tor is easy to compile,
so if whatever
On 8/31/16, Kenneth Freeman wrote:
> As for the burgeoning of anonymity networks other than Tor, it'll be
> interesting to see what level of interest law enforcement organs take in
> them, if any.
We know certain elements and entities are not at all fond
of encryped
On 8/31/16, Kenneth Freeman wrote:
> Flash proxy may be of some utility here
Being not outside the tor ecosystem it's not really something all
that different to explore (regarding topics of the other thread).
It's basically a pluggable transport with unique 'nodes as
On Sun, Sep 4, 2016 at 8:17 AM, jensm1 wrote:
> you can then configure your inbox to
> put everything containing [tor-relays] into its own folder
This is non ideal as it continues the poor notion that bloating everyone's
subject lines with, currently 13, characters of non content
On Tue, Sep 27, 2016 at 4:38 PM, Roman Mamedov wrote:
> *) Give up on listing fingerprints, instead simply list nicknames.
No. Fingerprints are what to use here. Please do not use nicknames.
Ignoring the ambiguous assertions you'd be making with nicks,
it inserts the same
On Wed, Sep 28, 2016 at 6:24 AM, Chad MILLER wrote:
> Why isn't MyFamily a family name, instead of a list of members? I see no
> downside to having an unauthenticated
Because anyone can assert the string and
shared strings can't cross certify each other.
On Wed, Sep 28, 2016 at 2:53 AM, Roman Mamedov wrote:
> Any actual rationale, other than "do as I say"? And aside from linking to the
> man page which doesn't provide one EITHER.
The ambiguity problems are long known, leading to it going away.
Feel free to search historical
It's an error being corrected, turn it back on and
recheck everything in a few hours.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Oct 27, 2016 at 11:57 PM, Markus Koch wrote:
> I tried to reject the IP
> space of funio but Tor is telling me its not allowed. Why?
Your syntax is probably wrong. Search and read the "ExitPolicy"
section in the manpage for tor(1). You probably want...
On Tue, Nov 1, 2016 at 8:31 AM, Michael Armbruster wrote:
>> Well, Tor-relay-debian says 250KBps (bytes):
>> https://www.torproject.org/docs/tor-relay-debian.html.en
>>
>> But Tor-doc-relay says 2Mbps (bits):
>> https://www.torproject.org/docs/tor-doc-relay.html.en
>
> Which is
On Thu, Nov 3, 2016 at 6:39 AM, Toralf Förster wrote:
> Not too much fun with such a lame relay I fear
He's running a relay because what he believe and it's fun
without hurting nobody.. and you bash him not running
with big dogs. Wtf bro.
Props to this guy and everybody
>> Intel ME/AMT concerns me too
> AMD Family 15h itself is safe.
No one has any proof of that for any modern cpu from any
maker, featureset irrelavant. They all accept microcode updates,
which btw are all encrypted closed binary blobs. And the
chips themselves are fully closed source containing
On Fri, Dec 9, 2016 at 4:53 AM, Roman Mamedov wrote:
> option available today, and you don't have to go back to Pentium 200 to avoid
Using such a relic as a scrub firewall might protect you from magic packets
launched by your adversaries towards one of those listening
On Sat, Dec 3, 2016 at 10:14 AM, pa011 wrote:
> [WARN] Your server (x.x.x.x.:4443) has not managed to confirm that its
> ORPort is reachable. Relays do not publish descriptors until their ORPort and
> DirPort are reachable.
https://www.freebsd.org/releases/11.0R/announce.html
For efficiency upon yourself and others...
Don't add the '$'.
Use lower case for fingerprints with no spaces (ticketed).
Use the same myfamily line including all your relays for all
your relays, no point in trying to leave announcing relay out of list.
On Thu, Jan 5, 2017 at 9:38 PM, Kurt Besig wrote:
> Ideas on best method to bind these ports to tor on startup as non-root?
It's an ancient unix security trust thing (today aka: lol).
Anything uid != 0 is denied bind to 0~1023.
So you can't without tricks.
Linux probably
On Wed, Dec 28, 2016 at 5:07 PM, diffusae wrote:
> I needed the buildworld to create a jail with ezjail.
If you break some of these down all they do is lay down
an installworld in DESTDIR and run jail on it. Too heavy
for some who tar up / and /usr and lay them down
On Fri, Dec 30, 2016 at 10:36 PM, Bill Cox wrote:
> One problem is shills. IIUC, TOR has a problem where an attacker can create
> a ton of nodes that collude.
> TOR could be > 50% shills and we would not know. Is this something that could
> be implemented effectively with
On Thu, Dec 22, 2016 at 2:07 PM, Rana wrote:
> If there is such a wiki I will be happy to submit my reports, I am not aware
> of one.
Please see and contribute to the following...
https://trac.torproject.org/projects/tor/wiki/doc/HardwarePerformanceCompendium
> Also,
On Fri, Dec 23, 2016 at 12:06 PM, Rana wrote:
> If the small relays are largely unused (eg if 10% of the relays carry 90% of
> the Tor traffic - does anyone have an exact statistics on this?) and if, in
> addition, there is no increased anonymity benefit in having a lot
On Wed, Dec 28, 2016 at 11:07 AM, diffusae wrote:
> If you try a "build world" an the RPi itself, it took more that three
> days. ;-)
Need to buildworld is rare and usually noted in UPDATING
and kernel config files. make buildkernel will be much faster,
and even faster if
On Thu, Dec 22, 2016 at 4:59 AM, Rana wrote:
> A 20 mbps Pi relay has been reported here, still under-utilized.
All these reports of this or that made in piles of random email ...
serves no one past the typical few day participant convos.
So please people... submit all
> Note that the current pfSense 2.3.3 is based on FreeBSD 10.3-RELEASE,
> when it probably makes more sense to run a fresh relay on the 11.x branch.
>
> Instead of expending effort on getting Tor running on pfSense, I'd
> recommend just running a FreeBSD relay with the sole purpose of being a
>
On Thu, Mar 9, 2017 at 8:24 AM, Sebastian Urbach wrote:
> https://www.torproject.org/eff/tor-legal-faq.html.en
> It is almost never a good idea to run an Exit@home:
"Almost" invites a wide range of interpretation and application.
If you've done your legal, technical and
Even support for >1 per /24 is questionable when facing sybil,
and it lets people be lazy piling on known hosters instead of shopping
around for new tor / crypto friendly providers and supporting that by
throwing money at them.
If you want to 'get your money worth' then also run I2P, Freenet,
> We don't know how to give users good anonymity when some relays can't
> connect to other relays. This would happen if we allowed IPv4-only relays
> and IPv6-only relays in the same network.
With "IPv6 only" relays available in the consensus the answer may be...
when their count is the same as
On Fri, Jun 30, 2017 at 3:41 AM, teor wrote:
> Tor client anonymity relies on every relay being able to connect to every
> other relay (a "clique network").
Depends on what you're up against. Assumed ability to connect to
and traffic through entire consensus isn't the same as
>> at the "cry" relay (one of top 10) - it is not marked as "Exit" as it
>
> It means that clients won't chose the relay for preemptive exit circuits.
> I think it might get some other Exit usage, but I'm not sure.
Users (various technical folks) sometimes configure traffic though
exits lacking
Misc related on freebsd...
netstat -m
netstat -nxAafinet
vmstat -fimz
sysctl -a
ulimit -a
loader.conf
sysctl.conf
config(8)
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sun, May 14, 2017 at 6:28 PM, Roger Dingledine wrote:
> "Additionally, organizations should strongly consider [buying our
> fancy proprietary "threat intelligence" tools]. Enabling this to be
> blacklisted will prevent [thing that we're trying to scare you about
> without
On Thu, Jun 8, 2017 at 12:15 AM, Arisbe wrote:
Content-Type: text/html :(
> Seems like none of us have the time to research these events or those before.
> If people can't play by written and unwritten rules regarding Tor contact
> info, family members, etc. and they 'could'
> remember that they took the relay because
> a *victim* contacted it, not because they think the "guyz behind the
> software" did.
Civil sue them for stupid thinking / false arrest confiscation,
loss of service and use, public tarnishment, bad training, etc.
>> what can be interesting for
On Mon, May 22, 2017 at 1:48 PM, Nagaev Boris wrote:
> Unfortunately rarer things happen. The ongoing case in Russia:
> https://www.theregister.co.uk/2017/04/13/tor_loses_a_node_in_russia_after_activists_arrest_in_moscow/
> "According to TASS, he’ll be held for two months
In the sense that tails is a unix flavor OS, just like Arch Linux,
FreeBSD, OpnSense, etc... it will work and is a fine idea as
any other, so long as you the unix admin are able to set it up.
___
tor-relays mailing list
tor-relays@lists.torproject.org
On Wed, Oct 4, 2017 at 1:49 AM, teor wrote:
> And most clients just send a DNS name and a set of IP version flags.
>
> For the rare cases where literal addresses are used, or there are
> IPv6-only websites over DNS, tor could be smarter.
Not as rare as vanilla websurfing
> Parenthetically, even setting up a https://littlefreelibrary.org at my
> condominium complex has been met with incomprehension and fear...
Easier for them to do that than realize the many $thousands
they paid for their education which could have been free.
Indoctrination withdrawal syndrome is
On Wed, Aug 9, 2017 at 4:08 PM, Alexander Nasonov wrote:
> m...@eugenemolotov.ru wrote:
>> After that check from which ip it was logged in. This probably
>> would be ip of the exit node.
>
> What if they "bridge" mitm-ed traffic to a different host?
>
> I saw a similar ssh
>> Or instead of router mode, try bridge mode feeding into any old pc running
Noting that even some crappy hardware will still fall over when put in its
so called "bridge" mode, which should just be some packet buffering
between the wires and their encodings, but it's obviously still looking
at
Little thought yet but related, figured if client host is dual stack,
could separate "client over WAN via IPv to reach relay"
function from traffic routed into tor's cells for carriage to pop
out other side, like a VPN for IP versions. Exits would have
to tag their support of "exit v4 and/or v6 to
> and pgpdump says:
> Dylan, you seem to have encrypted this to
Should have used throw-keyids ;)
And/or it could be a proof...
> (pgp/gpg usability ftw)
___
tor-relays mailing list
tor-relays@lists.torproject.org
> ExtraInfo documents are also one possibility for communicating
> OutboundBindAddress values, as well.
While publising OBA's may be wanted by censoring firewall pedants,
it's not productive for relay operators who wish, as is
their right, to offer tor users the chance to use exit
IP's that
>> :> what the current value of "global" is but I should hope it's well above
>> 5%...
>> :I'm curious about what you mean by "global" here, and how it relates to
>> :[potentially] malicious operators (suspicious relays of which are
>> :frequently thrown off the Tor network).
>>
>> "global" as
> Larger, faster relays help clients achieve low-latency, high bandwidth
> connections.
This may depend? Do we have a graph of actual headroom / saturation
in the network of boxes versus consensus weight versus max box speed?
Does weight back off below historically sensed saturation levels?
101 - 200 of 312 matches
Mail list logo