Re: [tor-relays] Running tor in VPS - keep away snooping eyes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/2/2014 9:50 AM, Kali Tor wrote: All, Are there anything special that needs to be done to make sure that Tor nodes running inside VMs (VPS) is protected from snooping eyes? Since there is hardly any data at rest I am assuming not, but then, what do I know!:) -kali- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Kali I don't understand what exactly you mean, snooping eyes.Anyone can see at anytime that the VPS in questions is a Tor relay. 1 method is by seeing the traffic it generates and second is the consensus data in the Tor network, where all relays IP addresses are listed. This should not be a problem whatsoever, Tor is not designed to hide the fact that you use it or that you run a Tor relay. It is designed to offer anonymity and privacy in activity, not if you use it or not. If you are asking how to secure your box better, indeed the public IP address list of relays is often scanned and brute forced. That is why I recommend: - - if you run only Tor on that box is best, if not make sure your apps are properly secured (mysql not listening on public IP if it's not a remote mysql server, strong passwords for mysql, ftp, etc.). - - make sure only ports used by Tor are open. There is no need for anything else. - - if you use ssh for administration that is fine, just change the port from 22 in /etc/ssh/sshd_config to some custom port, anything, like 2988 or whatever. - - permanently disabled plain password authentication or rhost authentication in sshd_config and only allow key-based authentication for better security and protection against weak password probing. - - do not allow any other users for SSH access. Let me know if you have any other questions. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTs+YiAAoJEIN/pSyBJlsRqwwH/1yYOsjM/7eVB4S6BjkEVbdZ cNXeYB2wyFQdKWiGXTfEyXBdTWUMiXl2YJNol1K8L0bDhv3H90lRBzhGpxUGbIjr BPZqwUYvR8FnzildmmUTRlzntq0mfbMQ9E7jXWhepS95QA5JxH2D4Bl2qCb7//uq HXlB76YIdDS3D57wKlF8r2JGFYlIbg38gEtvnY2X4755KpJrxlFUPkqVsLAl4j5c z9PQzR0qw5mdEnMGWFdkve4Qlq1FL9lYx0+UmO0VCGcpiHcHMLhtVTMX6Ieq/zGP apTJ8L5EmUaIdrCUilU4thkouBbVjnPKS3R65HXy2AjujuxtR+fuTkXyNbeAp1k= =Wk0Y -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running tor in VPS - keep away snooping eyes
Hi, If you are asking how to secure your box better, indeed the public IP address list of relays is often scanned and brute forced. That is why I recommend: - - if you run only Tor on that box is best, if not make sure your apps are properly secured (mysql not listening on public IP if it's not a remote mysql server, strong passwords for mysql, ftp, etc.). - - make sure only ports used by Tor are open. There is no need for anything else. - - if you use ssh for administration that is fine, just change the port from 22 in /etc/ssh/sshd_config to some custom port, anything, like 2988 or whatever. - - permanently disabled plain password authentication or rhost authentication in sshd_config and only allow key-based authentication for better security and protection against weak password probing. - - do not allow any other users for SSH access. Let me know if you have any other questions. I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful? -kali- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bandwidth usage for an established relay node
(rx / tx / total / avg. rate) - tor only: Jun '14179.69 TiB | 188.55 TiB | 368.24 TiB |1.18 Gbit/s Limited by CPU (Core i5-3570 /w AES-NI), multithreaded tor relay software would help to improve bandwidth utilization. Am 01.07.2014 23:24, schrieb Tom van der Woerdt: Hi Kali, It depends on your network speed. Expect it to use roughly 80% of your maximum speed on average, so if you have a 50Mbit/s up/down connection you will be uploading 13TB and downloading 13TB. For high speed relays this might differ a bit if your bottleneck becomes the CPU. Tom Kali Tor schreef op 01/07/14 23:16: Hi all, Curious as to how much bandwidth a stable, well established relay node will chew through in a month on an average? Anyone has any figures? -kali- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running tor in VPS - keep away snooping eyes
On Wed, Jul 2, 2014 at 7:46 AM, Kali Tor kalito...@yahoo.com wrote: I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful? The private keys for the node are sensitive, and even the .tor/state file for the guard nodes could be if the attacker does not already have that info, same for any non default node selection stuff in torrc. Tor presumably validates the disk consensus files against its static keys on startup so that's probably ok yet all easily under .tor anyway. There was a thread on this some time ago you can find. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running tor in VPS - keep away snooping eyes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/2/2014 2:46 PM, Kali Tor wrote: Hi, If you are asking how to secure your box better, indeed the public IP address list of relays is often scanned and brute forced. That is why I recommend: - - if you run only Tor on that box is best, if not make sure your apps are properly secured (mysql not listening on public IP if it's not a remote mysql server, strong passwords for mysql, ftp, etc.). - - make sure only ports used by Tor are open. There is no need for anything else. - - if you use ssh for administration that is fine, just change the port from 22 in /etc/ssh/sshd_config to some custom port, anything, like 2988 or whatever. - - permanently disabled plain password authentication or rhost authentication in sshd_config and only allow key-based authentication for better security and protection against weak password probing. - - do not allow any other users for SSH access. Let me know if you have any other questions. I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful? -kali- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Full disk encryption on a Tor relay, if it's just a Tor relay it's overkill. It will just increase the HDD I/O rate and resource consumption. Also, most important, if you use full disk encryption and your vm gets somehow rebooted (migrated to another cluster by your provider, update to the host OS or hardware, etc.) and you are not around to enter the passphrase for full disk encryption your operating system will not boot and cause you long downtime, until you are available to manually enter the passphrase. this can cause you to lose flags in the consensus, because of extended downtime. Important to say that Tor does not have any files which need to encrypted. Tor, by design protects each relay by not knowing both the original source and the final destination of the traffic. It just has some cache of the consensus data, which anyone can publicly get from the Tor network without needing to break your box or hack your full disk encryption. Only things which are secret are your onion keys, which give your relay's fingerprint. Make sure you back those up, in case you need to re-install this relay. If you use that vm for something else too and you have some sensitive data there, it is always a good idea to encrypt everything... but in your scenario full disk encryption will not help since you are exposed to physical attacks (e.g. someone caching your files while your virtual machine is RUNNING, making full disk encryption useless). - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTtCldAAoJEIN/pSyBJlsRIYEIAJ6aN9MLeDhhssA6SR8fV8JS Vmn8mJ4rbazE8JFkIqxf6sDHHPCHOyhHwc1xCe/PqIuIncNqC4G2sXNtoaFo7sMt dTLa4RvII5JJl0hk4n+F7yoj8QJLEFsdZrPaDs2vyoeK92Hrt+fSLTHmK1bkd0Bn /AKAcSNlwL4Ls3WrYrigwHFCsNKcpBIpsdukZ/mit4uDnDarPpT4j3Sy5Wm11pYI Pd3I7TXIh78kUJcjgmrVEEO5a7+SaHvFaCpZwImEb73MdCH+UhyVWnqKV8wbVWGx ZnXRJ5/d/kevnfiQLIU9/VaWut2lHpwCNgLsQzqYBa8XXPwBjmOzDx2RZrtnxZo= =VsE4 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FYI: Tor-Ops Meeting in Vienna
What a pity, that i have heard so late from the meeting. I would really love to attend but im not sure if i can make it tomorrow. As im operating a few guards this is in very high interest of me. I also had some conversations with some guys regarding an austrian tor organisation which i would love to contribute. Hopefully i get my calender fixed so that im able to attend. Cheers from Vienna! 2014-07-02 16:57 GMT+02:00 MacLemon t...@maclemon.at: Hoi! Yes, this is a crosspost of tor-talk, please be gentle. There will be a Tor-ops meeting on Thursday, 2014-07-03, 19:00 at the Metalab[0] in Vienna/Austria. The meeting was planned way before the recent rulings in Austria became known but they will be discussed for certain. The actual purpose of the meeting shall be to finally found a Torservers.at organisation (German word: Verein) in Austria that works on running nodes in the public interest as well as exchange know-how and best practice on running relays, bridges and exits. So in case you're in Vienna, please join! Best regards MacLemon [0]: http://metalab.at/wiki/Lage How to get to Metalab ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FYI: Tor-Ops Meeting in Vienna
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Same from here. If I would have known earlier, I would have booked me a Ticket! But I got the fqdn! Is there a funding also to participate? On 02. Juli 2014 19:24:38 MESZ, Geri toxir...@gmail.com wrote: What a pity, that i have heard so late from the meeting. I would really love to attend but im not sure if i can make it tomorrow. As im operating a few guards this is in very high interest of me. I also had some conversations with some guys regarding an austrian tor organisation which i would love to contribute. Hopefully i get my calender fixed so that im able to attend. Cheers from Vienna! 2014-07-02 16:57 GMT+02:00 MacLemon t...@maclemon.at: Hoi! Yes, this is a crosspost of tor-talk, please be gentle. There will be a Tor-ops meeting on Thursday, 2014-07-03, 19:00 at the Metalab[0] in Vienna/Austria. The meeting was planned way before the recent rulings in Austria became known but they will be discussed for certain. The actual purpose of the meeting shall be to finally found a Torservers.at organisation (German word: Verein) in Austria that works on running nodes in the public interest as well as exchange know-how and best practice on running relays, bridges and exits. So in case you're in Vienna, please join! Best regards MacLemon [0]: http://metalab.at/wiki/Lage How to get to Metalab ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays - -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elri...@elrippoisland.net Encrypted messages are welcome. 0x84DF1F7E6AE03644 - -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN
Re: [tor-relays] FYI: Tor-Ops Meeting in Vienna
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Provide me your PGP key, than we can talk :) On 02. Juli 2014 21:27:49 MESZ, Martin Kepplinger mart...@posteo.de wrote: Am 2014-07-02 21:06, schrieb Elrippo: Same from here. If I would have known earlier, I would have booked me a Ticket! But I got the fqdn! Is there a funding also to participate? If there'll be too many people, it'll mainly be get-to-know people. It'll most likely be off-topic discussion as well. If you're really interested in doing boring work for free, write me your phone number and when you have time to talk and I can send you the slides and the date of a gründungstreffen when we make one. On 02. Juli 2014 19:24:38 MESZ, Geri toxir...@gmail.com wrote: What a pity, that i have heard so late from the meeting. I would really love to attend but im not sure if i can make it tomorrow. As im operating a few guards this is in very high interest of me. I also had some conversations with some guys regarding an austrian tor organisation which i would love to contribute. Hopefully i get my calender fixed so that im able to attend. Cheers from Vienna! 2014-07-02 16:57 GMT+02:00 MacLemon t...@maclemon.at: Hoi! Yes, this is a crosspost of tor-talk, please be gentle. There will be a Tor-ops meeting on Thursday, 2014-07-03, 19:00 at the Metalab[0] in Vienna/Austria. The meeting was planned way before the recent rulings in Austria became known but they will be discussed for certain. The actual purpose of the meeting shall be to finally found a Torservers.at organisation (German word: Verein) in Austria that works on running nodes in the public interest as well as exchange know-how and best practice on running relays, bridges and exits. So in case you're in Vienna, please join! Best regards MacLemon [0]: http://metalab.at/wiki/Lage How to get to Metalab ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays - -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elri...@elrippoisland.net Encrypted messages are welcome. 0x84DF1F7E6AE03644 - -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN
Re: [tor-relays] Why is UFW bllocking allowed TOR traffic?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jeff On 06/22/2014 12:43 PM, Jeff Odell wrote: I was monitoring UFW today and noticed that it was periodically blocking allowed TOR traffic. any ideas why from those with more experience than I? toradmin@IrvineTorExit:~$ sudo ufw status Status: active To Action From -- -- 22 ALLOW Anywhere 9001/tcp ALLOW Anywhere 9030/tcp ALLOW Anywhere 80 ALLOW Anywhere 22 (v6)ALLOW Anywhere (v6) 9001/tcp (v6) ALLOW Anywhere (v6) 9030/tcp (v6) ALLOW Anywhere (v6) 80 (v6)ALLOW Anywhere (v6) toradmin@IrvineTorExit:~$ sudo tail -f /var/log/syslog | grep DPT=9001 Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246977] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00 SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=10392 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0 Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246988] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00 SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=10396 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0 Regards, Jeff ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays I see a considerable amount of these in my logs (Ubuntu 14.04 server, UFW). Some time ago I asked about this on IRC with no resolve. I'm afraid of it affecting Tor users (I don't know if it is), and I'm afraid of these logs being created and stored on my exit relay. Because I have received no answer, yet need to protect my relay with a manageable firewall, I took the advice of someone on IRC and disabled my UFW logs (my exit relay isn't used for anything else, and UFW will keep doing it's job, while protecting the privacy of Tor users). You can do this too via: sudo ufw logging off By the way, you may wish to limit port 22 instead, to prevent SSH brute force attacks. sudo ufw limit 22/tcp (I don't allow 22/udp) hope this helps a little. - -- Christopher Sheats yawn...@gmail.com GnuPG: 8397 7B9F D8BA 3EE5 71EF FDF3 C761 02B0 A531 D73D -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTtJnGAAoJEMdhArClMdc9eSUP/2XrazjtRQm1Z9rZrGOnWwe1 pJpVuLcsVq34yFIz9xonRnV6DohF+p4Ra1Umq/hnxxJU9X2LOcF44sekhVxguwIO +LJ/hIE+FGuR1U0nlJiILiLO8vrwYUdfNcZ4EpOO4ZgSe1lG2gC2efeFdYZbXREO xqmdunUv6bAHpOoWYrWPwG7R0dTQU9Zzf9HbJrjjY+ubQepHr9Wj+FDNp0iRXZYw V+VFhdGk2FWODQrpbPfX0G7+uf2itM4ONBf76DNbyudefA5E091YjuTUiQhuIal1 Kdb59YsUME0Nxc8apl0WTUbOW0DmCJtIsYKgPlyNoz9/6R7Bi9VTqLWcsrz8xRGa Z09j1/bzpQ8Cp6HWG92RpfCQfA3KUYKN2jUh/IeQRZfZtIc+viCHNys76PRv209T hHgjLiNfzWv2PYKoko/ZrB5ZH8OvG8fWtIY2cinc/1rSBobAD88/oWn39EIVeUHu JfYXBmc3WhYghGPbl4y4bczuKtdcItldLH8RAABTDZ8bFpxqgA1vRbT7oyFOuU+V iZtbY3EB7CUkN9X8E7DbQoLQxMDXEE36RJ5hnJLe68VE5wMQx8vGwFzoOG125d23 xB8CYIkp+VB5bUDaTD5JHghEmeKH+RKGLpX+ICBy+Bp6/AK4WjXg9I4zERrLAQWL KdYf6bA/ZUwLrFCZYI6o =04+T -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] rejected hit from China
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Today my router blocked two hits from Chinese server 218.77.79.43:59762 to my 68.66.154.214:21. I don't listen to port 21. I don't listen to 21. Should I take some action? Is this normal or academic or...? glowworm -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTtMqbAAoJEGtidykNvjCmS+AH/353bFiZs8tJ+3iUwCPARUOj 9stR4/Hhq+vCk9NCnaYYJ/rQn3d0ZQW8SaZXmxzaqsTe+8eioy9n8sAELLEe9xMe VMenA5tYMkjIl08V7PW3v05S7Ap631BtTuO2TXeCickmz0frcDnEHVHAbfklFNLZ h67U/uAN2OYp1iu6++IBBoZOTpU6dAsDpRUGZofS9gWpNdqWB5En3hzaoCS2hEXT sG6N/mkExMBbmQri3pp02KIakOx8OzYi3Nl+ByxDHIqtmLEmu+3+clEEpYlSI6yN 3je75ek+e42HLVSepvLXhfA8rDQabl3TjGOq+VXdDZNwPWntBfpnfkwBhp+TnQk= =/PSG -END PGP SIGNATURE- 0x0DBE30A6.asc Description: application/pgp-keys 0x0DBE30A6.asc.sig Description: Binary data ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] rejected hit from China
Sounds like fairly typical background noise to me. Null route the IP if you're concerned but it's probably a zombie in someone's botnet or a chinese user trying his luck. If your IP is listed publicly on tor, expect to be probed every now and then. On 3 July 2014 04:14, Larry Brandt lbra...@cni.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Today my router blocked two hits from Chinese server 218.77.79.43:59762 to my 68.66.154.214:21. I don't listen to port 21. I don't listen to 21. Should I take some action? Is this normal or academic or...? glowworm -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTtMqbAAoJEGtidykNvjCmS+AH/353bFiZs8tJ+3iUwCPARUOj 9stR4/Hhq+vCk9NCnaYYJ/rQn3d0ZQW8SaZXmxzaqsTe+8eioy9n8sAELLEe9xMe VMenA5tYMkjIl08V7PW3v05S7Ap631BtTuO2TXeCickmz0frcDnEHVHAbfklFNLZ h67U/uAN2OYp1iu6++IBBoZOTpU6dAsDpRUGZofS9gWpNdqWB5En3hzaoCS2hEXT sG6N/mkExMBbmQri3pp02KIakOx8OzYi3Nl+ByxDHIqtmLEmu+3+clEEpYlSI6yN 3je75ek+e42HLVSepvLXhfA8rDQabl3TjGOq+VXdDZNwPWntBfpnfkwBhp+TnQk= =/PSG -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays