Re: [tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

2016-10-27 Thread Markus Koch 
Okay, Its 6am and I need more coffee. Sorry, my bad!
Thank you very much!

Markus

2016-10-28 6:05 GMT+02:00 grarpamp :
> On Thu, Oct 27, 2016 at 11:57 PM, Markus Koch  
> wrote:
>> I tried to reject the IP
>> space of funio but Tor is telling me its not allowed. Why?
>
> Your syntax is probably wrong. Search and read the "ExitPolicy"
> section in the manpage for tor(1). You probably want...
>
> ExitPolicy reject 184.107.0.0/16:*
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

2016-10-27 Thread Markus Koch 
You cant, Tor will give out a error msg:

Oct 28 07:07:32.653 [warn] Malformed mask on address range
"184.107.0.0/16*"; rejecting.
Oct 28 07:07:32.654 [warn] Couldn't parse line "184.107.0.0/16*". Dropping
Oct 28 07:07:32.654 [warn] Malformed policy 'reject 184.107.0.0/16*'.
Discarding entire policy list.
Oct 28 07:07:32.654 [warn] Failed to parse/validate config: Error in
ExitPolicy entry.
Oct 28 07:07:32.654 [err] Reading config failed--see warnings above.

WTF?


2016-10-28 5:59 GMT+02:00 John Ricketts :
> I am getting them as well.  I haven't blocked yet, are you suggesting we 
> should?
>
>> On Oct 27, 2016, at 22:58, Markus Koch  wrote:
>>
>> Getting abuse mass mails on nearly all exist in the last hours:
>>
>> The following intrusion attempts were detected:
>>
>> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400]
>> "GET / HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
>> Gecko/20100101 Firefox/7.0.1"
>> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400]
>> "GET /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
>> HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
>> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:30
>> -0400] "GET / HTTP/1.1" 200 26737 "-" "Mozilla/5.0 (Windows NT 5.1;
>> rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:31
>> -0400] "GET /search-listing.php?list_search_box==Search&
>> HTTP/1.1" 200 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT
>> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400] "GET /
>> HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
>> Gecko/20100101 Firefox/7.0.1"
>> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400] "GET
>> /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
>> HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
>> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
>> [27/Oct/2016:00:30:30 -0400] "GET / HTTP/1.1" 200 26737 "-"
>> "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
>> [27/Oct/2016:00:30:31 -0400] "GET
>> /search-listing.php?list_search_box==Search& HTTP/1.1" 200
>> 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
>> Gecko/20100101 Firefox/7.0.1"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [26/Oct/2016:23:41:12 -0400] "GET
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
>> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
>> Firefox/38.0"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [26/Oct/2016:23:41:16 -0400] "POST
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 116
>> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
>> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:00:02:49 -0400] "GET
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
>> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
>> Firefox/38.0"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:00:02:51 -0400] "POST
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 116
>> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
>> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:10:32:33 -0400] "GET
>> /index.php?option=com_user=activate=e36afd6ab6a066e3485fcd4aedbc74ac
>> HTTP/1.1" 200 11230 "-" ""
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:10:32:34 -0400] "GET
>> /index.php?option=com_user=login HTTP/1.1" 200 12349 "-"
>> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:10:32:36 -0400] "POST
>> /index.php?option=com_user=login HTTP/1.1" 200 116
>> "http://hq-hospitality.com/index.php?option=com_user=login;
>> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:10:32:38 -0400] "GET
>> /index.php?option=com_user=user=edit HTTP/1.1" 200 25720 "-"
>> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:12:55:40 -0400] "GET
>> /index.php?option=com_user=activate=72ca806c4be186be71e7a5e0316e8681
>> HTTP/1.1" 200 11230 "-" ""
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>>

Re: [tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

2016-10-27 Thread grarpamp 
On Thu, Oct 27, 2016 at 11:57 PM, Markus Koch  wrote:
> I tried to reject the IP
> space of funio but Tor is telling me its not allowed. Why?

Your syntax is probably wrong. Search and read the "ExitPolicy"
section in the manpage for tor(1). You probably want...

ExitPolicy reject 184.107.0.0/16:*
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

2016-10-27 Thread John Ricketts 
I am getting them as well.  I haven't blocked yet, are you suggesting we should?

> On Oct 27, 2016, at 22:58, Markus Koch  wrote:
> 
> Getting abuse mass mails on nearly all exist in the last hours:
> 
> The following intrusion attempts were detected:
> 
> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400]
> "GET / HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
> Gecko/20100101 Firefox/7.0.1"
> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400]
> "GET /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
> HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:30
> -0400] "GET / HTTP/1.1" 200 26737 "-" "Mozilla/5.0 (Windows NT 5.1;
> rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:31
> -0400] "GET /search-listing.php?list_search_box==Search&
> HTTP/1.1" 200 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400] "GET /
> HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
> Gecko/20100101 Firefox/7.0.1"
> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400] "GET
> /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
> HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
> [27/Oct/2016:00:30:30 -0400] "GET / HTTP/1.1" 200 26737 "-"
> "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
> [27/Oct/2016:00:30:31 -0400] "GET
> /search-listing.php?list_search_box==Search& HTTP/1.1" 200
> 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
> Gecko/20100101 Firefox/7.0.1"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:12 -0400] "GET
> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:16 -0400] "POST
> /index.php?option=com_user=register=2 HTTP/1.1" 200 116
> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:00:02:49 -0400] "GET
> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:00:02:51 -0400] "POST
> /index.php?option=com_user=register=2 HTTP/1.1" 200 116
> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:33 -0400] "GET
> /index.php?option=com_user=activate=e36afd6ab6a066e3485fcd4aedbc74ac
> HTTP/1.1" 200 11230 "-" ""
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:34 -0400] "GET
> /index.php?option=com_user=login HTTP/1.1" 200 12349 "-"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:36 -0400] "POST
> /index.php?option=com_user=login HTTP/1.1" 200 116
> "http://hq-hospitality.com/index.php?option=com_user=login;
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:10:32:38 -0400] "GET
> /index.php?option=com_user=user=edit HTTP/1.1" 200 25720 "-"
> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:12:55:40 -0400] "GET
> /index.php?option=com_user=activate=72ca806c4be186be71e7a5e0316e8681
> HTTP/1.1" 200 11230 "-" ""
> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
> [27/Oct/2016:19:28:56 -0400] "GET
> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:12 -0400] "GET
> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
> Firefox/38.0"
> ./hqhospitality.hansen-quao.com:188.166.63.113 - -
> [26/Oct/2016:23:41:16 -0400] "POST
> /index.php?option=com_user=register=2 HTTP/1.1" 200 116
> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64)

[tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

2016-10-27 Thread Markus Koch 
Getting abuse mass mails on nearly all exist in the last hours:

The following intrusion attempts were detected:

./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400]
"GET / HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400]
"GET /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:30
-0400] "GET / HTTP/1.1" 200 26737 "-" "Mozilla/5.0 (Windows NT 5.1;
rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:31
-0400] "GET /search-listing.php?list_search_box==Search&
HTTP/1.1" 200 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400] "GET /
HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400] "GET
/?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
[27/Oct/2016:00:30:30 -0400] "GET / HTTP/1.1" 200 26737 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
[27/Oct/2016:00:30:31 -0400] "GET
/search-listing.php?list_search_box==Search& HTTP/1.1" 200
9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:12 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:16 -0400] "POST
/index.php?option=com_user=register=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:49 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:51 -0400] "POST
/index.php?option=com_user=register=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:33 -0400] "GET
/index.php?option=com_user=activate=e36afd6ab6a066e3485fcd4aedbc74ac
HTTP/1.1" 200 11230 "-" ""
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:34 -0400] "GET
/index.php?option=com_user=login HTTP/1.1" 200 12349 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:36 -0400] "POST
/index.php?option=com_user=login HTTP/1.1" 200 116
"http://hq-hospitality.com/index.php?option=com_user=login;
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:38 -0400] "GET
/index.php?option=com_user=user=edit HTTP/1.1" 200 25720 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:12:55:40 -0400] "GET
/index.php?option=com_user=activate=72ca806c4be186be71e7a5e0316e8681
HTTP/1.1" 200 11230 "-" ""
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:19:28:56 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:12 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:16 -0400] "POST
/index.php?option=com_user=register=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:49 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -

Re: [tor-relays] LLC vis-à-vis Nonprofit

2016-10-27 Thread Kenneth Freeman 


On 10/26/2016 06:58 PM, Nicholas Merrill wrote:

> Hi Kenneth
> 
> I am with a New York state non-profit organization that runs a number of
> exits.  I am not a lawyer, but I have surely spent years discussing
> these and other related issues with many lawyers.

Good to know. Keeps me and my cohorts from reinventing the wheel.

> I could be wrong, but I think LLC was only mentioned as an example of a
> type of legal entity in that article.  It's not that you couldn't use a
> classic "C corporation" just the same.   The central point was to have a
> separate legal entity - a corporation ( even an incorporated association
> or club might work.)  A non-profit is generally formed as a corporation
> anyway.

I figured as much, on both counts, but I wanted to nail it down. That a
Tor exit node is best run under the aegis of some sort of corporate
set-up is a given; *which* set-up doesn't particularly matter. Is this a
fair assessment?

> So probably that Idaho nonprofit would be fine.  I'd be happy to talk to
> them if it's helpful, and/or provide referrals to others.

Much appreciated! Come to think of it, there's another nonprofit venue
with which I am involved which may be suitable for Tor. Stay tuned.




0xDD79757F.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Abuses: Suspicious botnet ramnit attack

2016-10-27 Thread Markus Koch 
No. Thats my problem too, around 90% of my abuse mails are bot related
and you cant do anything about it.

Markus


2016-10-27 20:24 GMT+02:00 pa011 :
> Hi,
>
> got the abuse below on three different exits. Anybody having any idea what to 
> do and how to possibly to stop this in the future?
> Thanks Paul
>
>
> CERT-EU has received information regarding an infected IP belonging to your
> network, which may have security problems. The information regarding the 
> problems
> is also included as attachments in both CSV and XML formats. All timestamps 
> are in
> UTC.
> At this time we do not have any more information.
>
> Where:
> - ASN: is the Autonomous System Number;
> - IP:  the Internet Protocol address associated with this activity;
> - TIME: discovery time of the malicious activity;
> - PTR/DNAME: PTR/DNAME record
> - CC: ISO 3166-1 alpha-2 two-letter country code;
> - TYPE: type of the security problem or threat;
>
> - INFO: provides any additional information, if 
> available.asn|ip|time|ptr|cc|type|info|info2
>
> ASx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: 
> Ramnit botnet victim connection to sinkhole details, Timestamp : 
> 1477397409.72, City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last 
> Seen: 25-10-2016
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Abuses: Suspicious botnet ramnit attack

2016-10-27 Thread pa011 
Hi,

got the abuse below on three different exits. Anybody having any idea what to 
do and how to possibly to stop this in the future?
Thanks Paul


CERT-EU has received information regarding an infected IP belonging to your
network, which may have security problems. The information regarding the 
problems
is also included as attachments in both CSV and XML formats. All timestamps are 
in
UTC.
At this time we do not have any more information.

Where:
- ASN: is the Autonomous System Number;
- IP:  the Internet Protocol address associated with this activity;
- TIME: discovery time of the malicious activity;
- PTR/DNAME: PTR/DNAME record
- CC: ISO 3166-1 alpha-2 two-letter country code;
- TYPE: type of the security problem or threat;

- INFO: provides any additional information, if 
available.asn|ip|time|ptr|cc|type|info|info2

ASx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: 
Ramnit botnet victim connection to sinkhole details, Timestamp : 1477397409.72, 
City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last Seen: 25-10-2016
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Really bad ISP

2016-10-27 Thread Lluís 
Thanks everyone for your assistance.

I'm looking out for an ISP **and** putting all this information
into practice ASAP.

I'll be glad to share notes, whenever, again.

Lluís

Julien ROBIN:
> Hi,
> 
> You can check if there is no physical problem on your line, just in case
> ! Connect to your modem integrated web ui and check ATM statistics of
> your DSL line.
> Of course the first step is to watch the "DSL" signal light when you are
> disconnected. If it's a loss of DSL signal then it's a physical/local
> problem ! After some checks you can ask your ISP for maintenance on your
> line. Or try another ISP if this one is unable to find and repair your
> line (hoping that the next one will be able to do it fine).
> 
> But if the DSL connection is running fine when you cannot access
> anything anymore, then it's your provider's network that is down (then
> you must probably find another one !).
> 
> Some useful information :
> SNR margin should be, for an optimized bandwidth/stability, 6dB (it
> means that the useful signal is 4 times stronger (in milliwatts) than
> the noise on your line); it can be moving to 4 to 8 between hours but
> it's generally supposed to be smooth along hours. Some providers
> settings are different (10dB target margin, with a small loss of
> bandwidth).
> 
> When connected, check your upload/download ATM Speed and the SNR Margin
> for both upload and download. In electronics 3dB is a good minimal
> standard, but for telecommunication lines, the standard value is
> multiplied by two because of environments induced noise that is moving
> along the day. If the Margin is going under 3dB and is still going down,
> you're probably going to be disconnected soon, and then reconnected with
> a lower bandwidth (and may be a new IP address).
> 
> If SNR margin is moving up and down (like 11db, 2db, 7dB, 9dB, 3dB, and
> disconnected for example) and a very different bandwidth at each
> connection, then you have a problem on your physical line !
> 
> Useful tip for reparation : a line is not just a conductor, it's a very
> long conductor like an antenna, capacitor and lot of things. Then
> "injecting" signal into it needs a certain amount of milliwatts. At the
> other side of the line, "reading" the signal doesn't really need to
> consume current.
> So, when there is a defective contact near your home, your download
> bandwidth is quite clean. But your upload bandwith is low and changing
> between each new connection. In that case, check all your connections
> and cable.
> 
> At the opposite, when the is a weak contact into the ISP equipments,
> your upload bandwidth is generally fine and stable, but not your
> download bandwidth / SNR Margin. Then in that case, it's very easy for
> your ISP to fix it.
> 
> Sometimes, it's one of the modem at one side that is defective.
> 
> Also, if connection problems are occurring at particular events
> (switching on some device for example) you can try to find what :
> sometimes there is devices (set top boxes or anything else) that are
> defective and doing a lot of electronic high frequency noise into cables
> and electric wires, it's a frequent case that can make your line (and
> your neighbors lines !) to stop working fine. If so, change/repair the
> device or his power supply unit ! If it's your neighbors, only an
> official technician can do the job to find who and what.
> 
> Good luck ;)
> 
> Best regards,
> Julien ROBIN
> 
> 
> Le 26/10/2016 à 10:11, Lluís a écrit :
>> Hello,
>>
>> I am a relay operator in Spain (or at least I try to).
>>
>> I am just desperate with my ISP, he is just leaving the
>> VDSL2 connection down several times a day, taking the relay with it.
>>
>> Does anyone know a much more stable, tor-friendly, ISP for an
>> Spanish user ?
>>
>> The following record of assigned IPs in a **single** day shows
>> the dimension of the drama:
>>
>> 95.23.157.152 - Tue Oct 25 01:00:02 CEST 2016
>> 95.23.156.52 - Tue Oct 25 07:00:02 CEST 2016
>> 95.23.157.180 - Tue Oct 25 11:54:06 CEST 2016
>> 188.79.227.152 - Tue Oct 25 12:20:52 CEST 2016
>> 95.23.155.112 - Tue Oct 25 13:12:30 CEST 2016
>> 95.23.144.75 - Tue Oct 25 13:15:19 CEST 2016
>> 188.77.208.15 - Tue Oct 25 13:29:02 CEST 2016
>> 95.23.159.249 - Tue Oct 25 14:00:06 CEST 2016
>> 95.23.146.89 - Tue Oct 25 14:12:12 CEST 2016
>> 95.23.159.163 - Tue Oct 25 14:19:21 CEST 2016
>> 188.79.238.188 - Tue Oct 25 14:34:55 CEST 2016
>> 188.79.237.90 - Tue Oct 25 14:36:05 CEST 2016
>> 188.79.229.164 - Tue Oct 25 14:57:30 CEST 2016
>> 95.23.149.124 - Tue Oct 25 15:08:51 CEST 2016
>> 188.79.237.0 - Tue Oct 25 15:10:12 CEST 2016
>> 188.77.213.199 - Tue Oct 25 16:28:47 CEST 2016
>> 95.23.153.98 - Tue Oct 25 16:32:50 CEST 2016
>> 95.23.146.46 - Tue Oct 25 16:49:03 CEST 2016
>> 188.79.235.239 - Tue Oct 25 17:10:03 CEST 2016
>> 188.77.215.232 - Tue Oct 25 17:20:03 CEST 2016
>> 95.23.146.36 - Tue Oct 25 17:30:03 CEST 2016
>> 95.23.148.238 - Tue Oct 25 18:10:03 CEST 2016
>> 95.23.149.136 - Tue Oct 25 18:20:03

Re: [tor-relays] LLC vis-à-vis Nonprofit

2016-10-27 Thread Moritz Bartl 
On 10/27/2016 02:22 AM, Kenneth Freeman wrote:
> An Idaho nonprofit has expressed guarded interest in Tor. Ideally I'd
> like them to run an exit node without fuss or bother, but the Tor
> Project's Tips on Running an Exit Node only covers limited liability
> corporations (LLCs) 

Which guide is that? You might like
https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines . It
does not mention LLCs, but instead mentions non-profits. :-)

And what Nick said. :-)

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

2016-10-27 Thread Peter Palfrader 
On Wed, 26 Oct 2016, Zack Weinberg wrote:

> On Wed, Oct 26, 2016 at 5:54 AM, Peter Palfrader  
> wrote:
> > On Wed, 26 Oct 2016, Alan wrote:
> >> 0.2.5.12 is the latest version from the repo. Im assuming I should pull
> >> down the source and compile it.
> >
> > Depends on the repo.  If you provided a little more information we'd be
> > able to sy more.
> 
> If you're using Debian jessie, you can get an 0.2.8.9 package from
> either backports or the torproject.org repository.

Or one could stay with stable, which has also fixed this bug.

-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays