[tor-relays] ntpd problems explanation
Could this be related to the ntp/time sync peculiarities in relays?http://www.cs.bu.edu/~goldbe/NTPattack.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntpRobert ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] webiron requesting to block several /24 subnet
> On 21 Oct 2015, at 07:41, Josef Stautner wrote: > > I also ask my hoster for the mail addresses of the abuse reporter and > write a little statement why he got attacked and what tor is and why I > running a relay. Mostly the abuse reports from WebIron reports about > WordPress login bruteforce attacks. I then try to explain how the > "victim" can prevent such attacks by setting up allow/deny rules in > their webserver software and a pre-setted basic authentication. I mostly > get positives responses. Josef, Would you mind putting the statement on the wiki or posting it to this list? It might help other exit operators to respond to these kind of abuse reports. Tim ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Optimizing TOR Relay
> On 22 Oct 2015, at 01:42, 12xBTM <12x...@gmail.com> wrote: > > Here's your problem: > >> On 21.10.15 8:20, Volker Mink wrote: >> Upstream 5 MBps Tor bandwidth usage is more or less symmetric upstream / downstream. So you'll only ever get 5Mbps or less of tor traffic out of this connection. Tim ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] webiron requesting to block several /24 subnet
>Some people out there apparently are of the opinion that it is a >reasonable choice to use the ugly crutch that is "fail2ban" instead of >deprecating password based authentication for ssh. You're technically correct (the best kind) but I wanted to point out that Fail2Ban is a really useful tool for a lot of login protocols which are NOT SSH and which are still subject to frequent brute-force attempts. HTTP BASIC and IMAP(s) both come to mind as something I configure fail2ban to watch for me, neither of which have a strong key-based auth system to configure and disable passwords. Still, configuring fail2ban to email people is really stupid. So I'll give you that with no argument. On 2015-10-21 04:21, t...@as250.net wrote: > Dear yl, > > just a few words from the abuse helpdesk of a larger tor-exit-node... > > TL;DR: we ignore those requests. they don't even reach a human. > > While we do handle most genuine/honest/helpful and especially all > non-automated abuse reports very diligently. Pointless nagging > services like webiron however are automatically rejected before they > reach our abuse inbox. It seems that we are not the only ones who deem > their mass mailings as spam, as evident from the spamhaus listing below: > > Oct 20 03:34:54 mail smtpd: NOQUEUE: reject: RCPT from > abuse-reporting.webiron.com[23.91.17.162]: 554 5.7.1 Service unavailable; > Client host [23.91.17.162] blocked using sbl.spamhaus.org; > http://www.spamhaus.org/sbl/query/SBLCSS [1]; > from=<###@abuse-reporting.webiron.com> to= proto=ESMTP > helo= > Oct 20 03:34:54 mail smtpd: disconnect from > abuse-reporting.webiron.com[23.91.17.162] > Oct 20 19:49:51 mail postfix/smtpd: NOQUEUE: reject: RCPT from > unknown[23.239.20.29]: 554 5.7.1 <###@abuse-reporting.webiron.com>: Sender > address rejected: Access denied; from=<###@abuse-reporting.webiron.com> > to= proto=ESMTP helo= > > We had similar problems with rep...@redsnitch.net and most > notably with clean-mx.de which seems to be a confused single individual > (Mr. Recher) sending out not very helpful mass mailings. Repeated > contact attempts by mail and on his apparently 24/7 reachable mobile > number (included in every of his mails) did not convince him to stop. > If you also get these and are annoyed with that, try to give him a call, > he seems to like feedback and was ok with getting a call at an odd time. > > Also on our inbound-deny-list is a regex match for /^(.*)fail2ban(.*)$/ > to a rather recent phenomenon. > Some people out there apparently are of the opinion that it is a > reasonable choice to use the ugly crutch that is "fail2ban" instead of > deprecating password based authentication for ssh. To make things > worse, these days this ill-conceived piece of software includes > an option to advertise itself to other people. automatedly. via mail. > *sigh* > > Cheers > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [2] Links: -- [1] http://www.spamhaus.org/sbl/query/SBLCSS [2] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Optimizing TOR Relay
Here's your problem: On 21.10.15 8:20, Volker Mink wrote: > Upstream 5 MBps ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Optimizing TOR Relay
On Wed, 21 Oct 2015 14:20:06 +0200 "Volker Mink" wrote: > RelayBandwidthRate 1 KB # Throttle traffic to 1000KB/s (800Kbps) > RelayBandwidthBurst 2 KB # But allow bursts up to 2000KB/s (1600Kbps) > MaxAdvertisedBandwidth 1 KB > (anything to change here?) Change or remove comments so that they are not straight up lying/misleading. -- With respect, Roman signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Optimizing TOR Relay
Its a Pi1, model B with 512MB RAM. RelayBandwidthRate 1 KB # Throttle traffic to 1000KB/s (800Kbps) RelayBandwidthBurst 2 KB # But allow bursts up to 2000KB/s (1600Kbps) MaxAdvertisedBandwidth 1 KB (anything to change here?) I have a 60MBit Internet Connection at home with a static IP-Adress. Downstream about 65MBps, Upstream 5 MBps. Message: 1 Date: Tue, 20 Oct 2015 20:10:44 -0400 From: 12xBTM <12x...@gmail.com> To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Optimizing TOR Relay Message-ID: <5626d804.7070...@gmail.com> Content-Type: text/plain; charset=windows-1252 If this is a raspberry pi 2, set in Torrc: "NumCPUs 4" What is your advertised bandwidth? I can personally say that a RPi2 has no trouble moving 20Mbps, which would run you a ~50Mbps connection to get that kind of utilization. If you're talking about a RPi1, you don't have enough bandwidth dedicated to get the usage you want. On 20.10.15 8:08, Volker Mink wrote: > -now without HTML- > > Hi Folks. > > Some Stats: > fingerprint: E20FF09A9A800B16C1C7C16E8C0DF95F46F649B0 > cpu: 0.0% tor, 12.3% arm mem: 149 MB (34.4%) pid: 2200 > cpu: 20.0% tor, 10.2% arm mem: 149 MB (34.4%) pid: 2200 > > load average: 0,30, 0,36, 0,33 > %Cpu(s): 18,0 us, 3,1 sy, 0,0 ni, 75,3 id, 0,2 wa, 0,0 hi, 3,5 si, 0,0 st > KiB Mem: 445044 total, 349348 used, 95696 free, 79872 buffers > KiB Swap: 102396 total, 0 used, 102396 free, 119044 cached > > 2200 debian-t 20 0 168m 149m 42m R 23,4 34,5 940:35.09 tor > > This looks like my raspberry is more on idle than serving the TOR network. > How can i improve this? > Bandwith limit is more than my internet connection can cover. > > Starting another tor-process? How to manage this? > Editing some Lines in the torrc-file to speed it up? > > Help is appreciated. > Kind regards, > volker > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] webiron requesting to block several /24 subnet
Dear yl, just a few words from the abuse helpdesk of a larger tor-exit-node... TL;DR: we ignore those requests. they don't even reach a human. While we do handle most genuine/honest/helpful and especially all non-automated abuse reports very diligently. Pointless nagging services like webiron however are automatically rejected before they reach our abuse inbox. It seems that we are not the only ones who deem their mass mailings as spam, as evident from the spamhaus listing below: Oct 20 03:34:54 mail smtpd: NOQUEUE: reject: RCPT from abuse-reporting.webiron.com[23.91.17.162]: 554 5.7.1 Service unavailable; Client host [23.91.17.162] blocked using sbl.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS; from=<###@abuse-reporting.webiron.com> to= proto=ESMTP helo= Oct 20 03:34:54 mail smtpd: disconnect from abuse-reporting.webiron.com[23.91.17.162] Oct 20 19:49:51 mail postfix/smtpd: NOQUEUE: reject: RCPT from unknown[23.239.20.29]: 554 5.7.1 <###@abuse-reporting.webiron.com>: Sender address rejected: Access denied; from=<###@abuse-reporting.webiron.com> to= proto=ESMTP helo= We had similar problems with rep...@redsnitch.net and most notably with clean-mx.de which seems to be a confused single individual (Mr. Recher) sending out not very helpful mass mailings. Repeated contact attempts by mail and on his apparently 24/7 reachable mobile number (included in every of his mails) did not convince him to stop. If you also get these and are annoyed with that, try to give him a call, he seems to like feedback and was ok with getting a call at an odd time. Also on our inbound-deny-list is a regex match for /^(.*)fail2ban(.*)$/ to a rather recent phenomenon. Some people out there apparently are of the opinion that it is a reasonable choice to use the ugly crutch that is "fail2ban" instead of deprecating password based authentication for ssh. To make things worse, these days this ill-conceived piece of software includes an option to advertise itself to other people. automatedly. via mail. *sigh* Cheers ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] webiron requesting to block several /24 subnet
++ 20/10/15 13:57 -0700 - AMuse: >The TOR directory of exit nodes is readily available for ISP's and >website operators to apply in their filters. I don't see why them >putting the onus on tens of thousands of exit operators to exit-block >THEIR addresses is in any way reasonable. I do agree with the gist of your message. However, I wish you could say there are 'tens of thousands of exit operators'. :) -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF Signal0507 A41B F4D6 5DB4 937D E8A1 29B6 AAA6 524F B68B 93D4 4C6E 8BAB 7C9E 17C9 FB28 03 signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
