Re: [tor-relays] manual vs. automated updates

2016-11-01 Thread Greg 
Thanks, Teor and SuperSluether.
That's just what I needed, that TorProject:trusty syntax. Looks like it's
working.

-Greg

On Tue, Nov 1, 2016 at 5:34 AM, SuperSluether 
wrote:

> For Debian-based systems, on the top of 
> "/etc/apt/apt.conf.d/50unattended-upgrades"
> my file looks like this:
>
> Unattended-Upgrade::Allowed-Origins {
> "${distro_id}:${distro_codename}-security";
> "${distro_id}:${distro_codename}-updates";
> //"${distro_id}:${distro_codename}-proposed";
> "${distro_id}:${distro_codename}-backports";
> "TorProject:trusty";
> };
>
> The first 4 allowed origins are for official Ubuntu software for the
> version I'm running, and the last entry says to use the 'trusty' dist from
> the TorProject source.
>
> Here's the original thread where I learned the trick:
> https://ubuntuforums.org/showthread.php?t=1401845=10070689#post10070689
>
>
> On 11/01/2016 12:44 AM, Greg wrote:
>
> Hi,
> I'm very interested in setting up unattended upgrades for tor. I tried
> searching for instructions on how to do it. But the only instructions I
> could really find didn't work (on the Library Freedom git project).
> How do I write the config so that the tor repo (or whatever it's called)
> is updated by unattended upgrades?
> Thanks.
>
>
> On Oct 26, 2016 1:23 AM, "nusenu"  wrote:
>
> > 32 relays updated (Debian + Tor compiled to latest version)
> >
> > I am getting too old for this without a server management system 
>
> not all relays with your contactinfo seem to be updated properly
> doing it manually is slow and error prone.
> Maybe consider using the 'unattended-upgrades' package?
>
> (only found 28 relays)
>
> +-+-++
> | version | nickname| restarted  |
> +-+-++
> | 0.2.8.7 | niftychipmunk   | 2016-10-26 |
> | 0.2.8.7 | niftymouse  | 2016-10-26 |
> | 0.2.8.7 | niftygerbil | 2016-10-26 |
> | 0.2.8.7 | niftyquokka | 2016-10-26 |
> | 0.2.8.9 | testnode2   | 2016-10-23 |
> | 0.2.8.9 | DOESaDEworkWITHtor1 | 2016-10-20 |
> | 0.2.8.9 | niftypedetes| 2016-10-26 |
> | 0.2.8.9 | niftyeuropeanrabbit | 2016-10-26 |
> | 0.2.8.9 | niftychinchilla | 2016-10-26 |
> | 0.2.8.9 | 2ndTRYdeEXIT| 2016-10-20 |
> | 0.2.8.9 | niftysugarglider| 2016-10-26 |
> | 0.2.8.9 | niftyvolcanorabbit  | 2016-10-26 |
> | 0.2.8.9 | niftyrat| 2016-10-26 |
> | 0.2.8.9 | niftypatagonianmara | 2016-10-25 |
> | 0.2.8.9 | niftywoodmouse  | 2016-10-25 |
> | 0.2.8.9 | niftysquirrel   | 2016-10-25 |
> | 0.2.8.9 | mullahspinymouse| 2016-10-26 |
> | 0.2.8.9 | niftybankvole   | 2016-10-25 |
> | 0.2.8.9 | capespinymouse  | 2016-10-26 |
> | 0.2.8.9 | niftyhedgehog   | 2016-10-25 |
> | 0.2.8.9 | niftycapybara   | 2016-10-26 |
> | 0.2.8.9 | testnode| 2016-10-23 |
> | 0.2.8.9 | cairospinymouse | 2016-10-26 |
> | 0.2.8.9 | niftykangaroorat| 2016-10-25 |
> | 0.2.8.9 | niftypika   | 2016-10-26 |
> | 0.2.8.9 | niftyjerboa | 2016-10-26 |
> | 0.2.8.9 | niftyguineapig  | 2016-10-26 |
> | 0.2.8.9 | niftycottontail | 2016-10-26 |
> +-+-++
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
>
> ___
> tor-relays mailing 
> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] assign_to_cpuworker failed. Ignoring.

2016-11-01 Thread Vinícius Zavam 
2016-11-01 12:03 GMT-03:00, teor :
>
>> On 2 Nov. 2016, at 01:56, Felix  wrote:
>> ...
>>
>> My log says:
>> Oct 19 01:04:52.527 [notice] Read configuration file
>> "/usr/local/etc/tor/torrc".
>> Oct 19 01:04:52.566 [notice] Opening OR listener on 0.0.0.0:1234
>> for
>> ORPort 443 NoListen
>> ORPort 1234 NoAdvertise
>> My Tor finds 0.0.0.0 and looks further out ...
>>
>> I see yours telling:
>> Oct 31 22:48:44.752 [notice] Opening OR listener on a.b.c.d:9021
>>
>> Hm. Can you please share your torrc line for the "ORPort
>> [address:]PORT|auto [flags]" directive? Can you give an example which is
>> your a.b.c.d, is it the external or a local (lo#) and how do you set
>> NoListen/NoAdvertise ? I want to avoid Tor guessing the ip.
>
> To set the public IPv4 address in your descriptor, use Address:
> Address IPv4
> Otherwise, Tor will guess your address.
>
> To set the public IPv6 address in your descriptor, use the first IPv6
> ORPort:
> ORPort [IPv6]:Port
> Otherwise, Tor will not advertise your IPv6 address.
>
> To set an ORPort on an address that's on the host, use:
> ORPort IP:Port
>
> To set a public ORPort on an address that's on a middlebox, use:
> ORPort IP:Port NoListen
>
> To set a private ORPort on an address that's not public, use:
> ORPort IP:Port NoAdvertise
>

hey felix,
teor was faster than me and I think he was able to clarify your needs.

I would like to add just small notes ...

use "OutboundBindAddress". it can be configured twice, one time for
your v4 address, and the other one for your v6 (if you need/have it).
the tor(1) manpage can give you more details about it.

you can also use "ORPort" and "DirPort" to: 1) pass IPv4Only and/or
IPv6Only to these options too. DirPort only supports v4, so don't
bother forcing it there, and 2) if you want to run Tor with
unprivileged user and use low (well know) ports, like 21, 80, 22, 110,
443, usw.

it might not be related to your issue, but looks to be a good
practice: as you told that you run around 7 relays, please list your
relays' fingerprints on "MyFamily". good to see you are not running
your ports with default values too! :>

I hope that we could give you hints on how to solve your issue, and
will be happy to hear that you was able to close your ticket. for your
next issues related to any BSD system, please CC the torbsd ml too
(http://lists.nycbug.org/mailman/listinfo/tor-bsd)... but do not stop
posting to the official tor-dev@, or tor-relay@ ml and using Tor's
trac.

PS: the relay keeps running w/o any unexpected warning msg...

# grep -i -E '(warn|jump|cpu)' /var/log/tor/notice.log_r0289
Oct 31 22:48:44.633 [notice] Tor can't help you if you use it wrong!
Learn how to be safe at
https://www.torproject.org/download/download#warning

# tail -n3 /var/log/tor/notice.log_r0289
Nov 01 13:51:24.000 [notice] Heartbeat: Tor's uptime is 15:00 hours,
with 18 circuits open. I've sent 252.31 MB and received 262.24 MB.
Nov 01 13:51:24.000 [notice] Circuit handshake stats since last time:
41/41 TAP, 193/193 NTor.
Nov 01 13:51:24.000 [notice] Since startup, we have initiated 0 v1
connections, 0 v2 connections, 0 v3 connections, and 2163 v4
connections; and received 0 v1 connections, 113 v2 connections, 102 v3
connections, and 3438 v4 connections.


MFG,

-- 
Vinícius Zavam
keybase.io/egypcio/key.asc
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread teor 

> On 2 Nov. 2016, at 02:01, Tristan  wrote:
> 
> So what mask would I use then? I've been trying to wrap my head around it, 
> but I just don't understand what /24 means, or how it's different from /27 or 
> any other number.

You have a list in IP-IP (IP range) format, and you want to convert it into
IP/Mask (CIDR) format. Here is a tool that will do that:
http://ipaddressguide.com/cidr

If you want to learn more, or check the tool's work:
https://en.wikipedia.org/wiki/CIDR_notation

> On 2 Nov. 2016, at 02:06, Tristan  wrote:
> 
> Wow this is confusing. If I'm understanding this correctly, 0.0.0.0/24 would 
> mean any address from 0.0.0.0 to 0.0.0.255, correct?

Yes.

Imagine each of the numbers in an IPv4 address is a byte.
Put them together, you have 32 bits.
Count each bit starting from 1, and when you reach the mask number,
the IP range is all the possible combinations of all the remaining bits.

Tim

> On Nov 1, 2016 9:58 AM, "teor"  wrote:
> 
> > On 2 Nov. 2016, at 01:54, SuperSluether  wrote:
> >
> > So, I tried putting the IPs into my exit policy like this:
> >
> > xx.xx.xx.xx-xx.xx.xx:*
> >
> > But Tor doesn't like that syntax. What's the correct way to block address 
> > ranges in the exit policy?
> 
> The man page is your friend:
> 
>ExitPolicy policy,policy,...
>Set an exit policy for this server. Each policy is of the form
>"accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted then
>this policy just applies to the host given.
> 
>PORT can be a single port number, an
>interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted,
>that means "*".
> 
> --
> >
> > On 11/01/2016 07:32 AM, Ralph Seichter wrote:
> >> On 01.11.2016 12:56, hwertiout695 wrote:
> >>
> >>> https://whois.arin.net/rest/org/PANEL-2/nets [...]
> >> This appears to be the most comprehensive list of assigned networks
> >> I have seen so far for panelboxmanager.com; thank you.
> >>
> >> -Ralph
> >> ___
> >> tor-relays mailing list
> >> tor-relays@lists.torproject.org
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> T
> 
> --
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> --
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread Tristan 
Wow this is confusing. If I'm understanding this correctly, 0.0.0.0/24
would mean any address from 0.0.0.0 to 0.0.0.255, correct?

On Nov 1, 2016 10:01 AM, "Tristan"  wrote:

> So what mask would I use then? I've been trying to wrap my head around it,
> but I just don't understand what /24 means, or how it's different from /27
> or any other number.
>
> On Nov 1, 2016 9:58 AM, "teor"  wrote:
>
>>
>> > On 2 Nov. 2016, at 01:54, SuperSluether 
>> wrote:
>> >
>> > So, I tried putting the IPs into my exit policy like this:
>> >
>> > xx.xx.xx.xx-xx.xx.xx:*
>> >
>> > But Tor doesn't like that syntax. What's the correct way to block
>> address ranges in the exit policy?
>>
>> The man page is your friend:
>>
>>ExitPolicy policy,policy,...
>>Set an exit policy for this server. Each policy is of the form
>>"accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted
>> then
>>this policy just applies to the host given.
>>
>>PORT can be a single port number, an
>>interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is
>> omitted,
>>that means "*".
>>
>> --
>> >
>> > On 11/01/2016 07:32 AM, Ralph Seichter wrote:
>> >> On 01.11.2016 12:56, hwertiout695 wrote:
>> >>
>> >>> https://whois.arin.net/rest/org/PANEL-2/nets [...]
>> >> This appears to be the most comprehensive list of assigned networks
>> >> I have seen so far for panelboxmanager.com; thank you.
>> >>
>> >> -Ralph
>> >> ___
>> >> tor-relays mailing list
>> >> tor-relays@lists.torproject.org
>> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> T
>>
>> --
>> Tim Wilson-Brown (teor)
>>
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmpp: teor at torproject dot org
>> 
>> --
>>
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread Tristan 
So what mask would I use then? I've been trying to wrap my head around it,
but I just don't understand what /24 means, or how it's different from /27
or any other number.

On Nov 1, 2016 9:58 AM, "teor"  wrote:

>
> > On 2 Nov. 2016, at 01:54, SuperSluether  wrote:
> >
> > So, I tried putting the IPs into my exit policy like this:
> >
> > xx.xx.xx.xx-xx.xx.xx:*
> >
> > But Tor doesn't like that syntax. What's the correct way to block
> address ranges in the exit policy?
>
> The man page is your friend:
>
>ExitPolicy policy,policy,...
>Set an exit policy for this server. Each policy is of the form
>"accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted
> then
>this policy just applies to the host given.
>
>PORT can be a single port number, an
>interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is
> omitted,
>that means "*".
>
> --
> >
> > On 11/01/2016 07:32 AM, Ralph Seichter wrote:
> >> On 01.11.2016 12:56, hwertiout695 wrote:
> >>
> >>> https://whois.arin.net/rest/org/PANEL-2/nets [...]
> >> This appears to be the most comprehensive list of assigned networks
> >> I have seen so far for panelboxmanager.com; thank you.
> >>
> >> -Ralph
> >> ___
> >> tor-relays mailing list
> >> tor-relays@lists.torproject.org
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> 
> --
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread teor 

> On 2 Nov. 2016, at 01:54, SuperSluether  wrote:
> 
> So, I tried putting the IPs into my exit policy like this:
> 
> xx.xx.xx.xx-xx.xx.xx:*
> 
> But Tor doesn't like that syntax. What's the correct way to block address 
> ranges in the exit policy?

The man page is your friend:

   ExitPolicy policy,policy,...
   Set an exit policy for this server. Each policy is of the form
   "accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted then
   this policy just applies to the host given.

   PORT can be a single port number, an
   interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted,
   that means "*".

--
> 
> On 11/01/2016 07:32 AM, Ralph Seichter wrote:
>> On 01.11.2016 12:56, hwertiout695 wrote:
>> 
>>> https://whois.arin.net/rest/org/PANEL-2/nets [...]
>> This appears to be the most comprehensive list of assigned networks
>> I have seen so far for panelboxmanager.com; thank you.
>> 
>> -Ralph
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] assign_to_cpuworker failed. Ignoring.

2016-11-01 Thread Felix 



Am 01.11.2016 um 13:19 schrieb Vinícius Zavam:

2016-10-31 20:22 GMT-03:00, Felix :



Am 31.10.2016 um 23:40 schrieb Vinícius Zavam:

2016-10-19 2:30 GMT-03:00, teor :



On 19 Oct. 2016, at 16:25, Felix  wrote:

Hi everybody

May be someone can help with this warning:

The security update (Tor v0.2.8.9 running on FreeBSD with Libevent
2.0.22-stable, OpenSSL LibreSSL 2.4.3 and Zlib 1.2.8.) shows the
following
log entry each hour:

Oct 19 02:51:07.000 [warn] Your system clock just jumped 136 seconds
forward; assuming established circuits no longer work.
Oct 19 02:51:07.000 [warn] assign_to_cpuworker failed. Ignoring.
...
Oct 19 02:51:07.000 [warn] assign_to_cpuworker failed. Ignoring.
Oct 19 02:51:15.000 [notice] Tor has successfully opened a circuit.
Looks
like client functionality is working.
...
Oct 19 03:51:10.000 [warn] Your system clock just jumped 138 seconds
forward; assuming established circuits no longer work.
Oct 19 03:51:11.000 [warn] assign_to_cpuworker failed. Ignoring.
...
Oct 19 04:50:37.000 [warn] Your system clock just jumped 105 seconds
forward; assuming established circuits no longer work.
Oct 19 04:50:37.000 [warn] assign_to_cpuworker failed. Ignoring.
...
Oct 19 05:51:14.000 [warn] Your system clock just jumped 142 seconds
forward; assuming established circuits no longer work.
Oct 19 05:51:15.000 [warn] assign_to_cpuworker failed. Ignoring.
...

The warning first appeared on 2.8.7 after update on September 13th (Tor
v0.2.8.7 running on FreeBSD with Libevent 2.0.22-stable, OpenSSL
LibreSSL
2.4.2 and Zlib 1.2.8.). That time I switched back (Tor v0.2.7.6 running
on
FreeBSD with Libevent 2.0.22-stable, OpenSSL LibreSSL 2.4.2 and Zlib
1.2.8.) and the warning disappeared.

What can I do?

The warning is reproted in tor-talk:
https://
lists.torproject.org/pipermail/tor-talk/2016-October/042425.html


Thanks for reporting this issue - you could open a bug on our bug
tracker
under Core Tor/Tor:
https://trac.torproject.org/projects/tor/newticket

It would help us to know if it's just FreeBSD, or just LibreSSL.

Maybe mention the bug number on tor-talk, so that poster can provide
more details?

Tim



--
Best regards, Felix


T

--
Tim Wilson-Brown (teor)


felix,

that might not be related to Tor, but to your host's clock setup
and/or your jail's setup.

# tor --version
Tor version 0.2.9.4-alpha (git-8b0755c9bb296ae2).
# uname -ai
FreeBSD cq110a 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11
18:37:29 UTC 2016
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
GENERIC
# grep -i jump /var/log/tor/notice.log | wc -l
 0
# sysctl security.jail.jailed
security.jail.jailed: 1
# uptime
   7:32PM  up 18 days,  4:44, 1 user, load averages: 0.21, 0.21, 0.17



Good to see Tor in a jail runs for you. For me it did until 0.2.8.
You want to take a look at https://
trac.torproject.org/projects/tor/ticket/20423 ?

--
Cheers, Felix



thanks for pointing out the ticket.
how long should we wait to see the warning?

# git branch
   maint-0.2.9
   master
* release-0.2.8

# tor --version
Tor version 0.2.8.9-dev (git-badc444f7adce748).

# head /var/log/tor/notice.log_r0289
Oct 31 22:48:44.000 [notice] Tor 0.2.8.9-dev (git-badc444f7adce748)
opening new log file.
Oct 31 22:48:44.632 [notice] Tor v0.2.8.9-dev (git-badc444f7adce748)
running on FreeBSD with Libevent 2.0.22-stable, OpenSSL LibreSSL 2.5.0
and Zlib 1.2.8.
Oct 31 22:48:44.633 [notice] Tor can't help you if you use it wrong!
Learn how to be safe at
https://www.torproject.org/download/download#warning
Oct 31 22:48:44.633 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Oct 31 22:48:44.742 [notice] Opening OR listener on [:xxxy:xxxz::abcd]:9021
Oct 31 22:48:44.752 [notice] Opening OR listener on a.b.c.d:9021
Oct 31 22:48:44.752 [notice] Opening Extended OR listener on 127.0.0.1:0
Oct 31 22:48:44.752 [notice] Extended OR listener listening on port 29790.
Oct 31 22:48:44.752 [notice] Opening Directory listener on a.b.c.d:9000
Oct 31 22:48:44.000 [notice] Parsing GEOIP IPv4 file /usr/local/share/tor/geoip.

# uname -ai
FreeBSD cq110a 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11
18:37:29 UTC 2016
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
GENERIC

# tail -n3 /var/log/tor/notice.log_r0289
Nov 01 08:51:24.000 [notice] Heartbeat: Tor's uptime is 10:00 hours,
with 19 circuits open. I've sent 167.56 MB and received 175.42 MB.
Nov 01 08:51:24.000 [notice] Circuit handshake stats since last time:
44/44 TAP, 187/187 NTor.
Nov 01 08:51:24.000 [notice] Since startup, we have initiated 0 v1
connections, 0 v2 connections, 0 v3 connections, and 1357 v4
connections; and received 0 v1 connections, 59 v2 connections, 52 v3
connections, an

# grep -i jump /var/log/tor/notice.log_r0289 | wc -l
0



I see warnings with about more than 500 circuits.

My log says:
Oct 19 01:04:52.527 [notice] Read configuration file

Re: [tor-relays] Blocking Domains

2016-11-01 Thread SuperSluether 

So, I tried putting the IPs into my exit policy like this:

xx.xx.xx.xx-xx.xx.xx:*

But Tor doesn't like that syntax. What's the correct way to block 
address ranges in the exit policy?


On 11/01/2016 07:32 AM, Ralph Seichter wrote:

On 01.11.2016 12:56, hwertiout695 wrote:


https://whois.arin.net/rest/org/PANEL-2/nets [...]

This appears to be the most comprehensive list of assigned networks
I have seen so far for panelboxmanager.com; thank you.

-Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] manual vs. automated updates

2016-11-01 Thread SuperSluether 
For Debian-based systems, on the top of 
"/etc/apt/apt.conf.d/50unattended-upgrades" my file looks like this:


Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
//"${distro_id}:${distro_codename}-proposed";
"${distro_id}:${distro_codename}-backports";
"TorProject:trusty";
};

The first 4 allowed origins are for official Ubuntu software for the 
version I'm running, and the last entry says to use the 'trusty' dist 
from the TorProject source.


Here's the original thread where I learned the trick: 
https://ubuntuforums.org/showthread.php?t=1401845=10070689#post10070689



On 11/01/2016 12:44 AM, Greg wrote:

Hi,
I'm very interested in setting up unattended upgrades for tor. I tried 
searching for instructions on how to do it. But the only instructions 
I could really find didn't work (on the Library Freedom git project).
How do I write the config so that the tor repo (or whatever it's 
called) is updated by unattended upgrades?

Thanks.


On Oct 26, 2016 1:23 AM, "nusenu" > wrote:


> 32 relays updated (Debian + Tor compiled to latest version)
>
> I am getting too old for this without a server management system


not all relays with your contactinfo seem to be updated properly
doing it manually is slow and error prone.
Maybe consider using the 'unattended-upgrades' package?

(only found 28 relays)

+-+-++
| version | nickname| restarted  |
+-+-++
| 0.2.8.7 | niftychipmunk   | 2016-10-26 |
| 0.2.8.7 | niftymouse  | 2016-10-26 |
| 0.2.8.7 | niftygerbil | 2016-10-26 |
| 0.2.8.7 | niftyquokka | 2016-10-26 |
| 0.2.8.9 | testnode2   | 2016-10-23 |
| 0.2.8.9 | DOESaDEworkWITHtor1 | 2016-10-20 |
| 0.2.8.9 | niftypedetes| 2016-10-26 |
| 0.2.8.9 | niftyeuropeanrabbit | 2016-10-26 |
| 0.2.8.9 | niftychinchilla | 2016-10-26 |
| 0.2.8.9 | 2ndTRYdeEXIT| 2016-10-20 |
| 0.2.8.9 | niftysugarglider| 2016-10-26 |
| 0.2.8.9 | niftyvolcanorabbit  | 2016-10-26 |
| 0.2.8.9 | niftyrat| 2016-10-26 |
| 0.2.8.9 | niftypatagonianmara | 2016-10-25 |
| 0.2.8.9 | niftywoodmouse  | 2016-10-25 |
| 0.2.8.9 | niftysquirrel   | 2016-10-25 |
| 0.2.8.9 | mullahspinymouse| 2016-10-26 |
| 0.2.8.9 | niftybankvole   | 2016-10-25 |
| 0.2.8.9 | capespinymouse  | 2016-10-26 |
| 0.2.8.9 | niftyhedgehog   | 2016-10-25 |
| 0.2.8.9 | niftycapybara   | 2016-10-26 |
| 0.2.8.9 | testnode| 2016-10-23 |
| 0.2.8.9 | cairospinymouse | 2016-10-26 |
| 0.2.8.9 | niftykangaroorat| 2016-10-25 |
| 0.2.8.9 | niftypika   | 2016-10-26 |
| 0.2.8.9 | niftyjerboa | 2016-10-26 |
| 0.2.8.9 | niftyguineapig  | 2016-10-26 |
| 0.2.8.9 | niftycottontail | 2016-10-26 |
+-+-++


___
tor-relays mailing list
tor-relays@lists.torproject.org

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays





___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread Ralph Seichter 
On 01.11.2016 12:56, hwertiout695 wrote:

> https://whois.arin.net/rest/org/PANEL-2/nets [...]

This appears to be the most comprehensive list of assigned networks
I have seen so far for panelboxmanager.com; thank you.

-Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor bandwith question

2016-11-01 Thread Michael Armbruster 
On 2016-11-01 at 13:29, SuperSluether wrote:
> Well, Tor-relay-debian says 250KBps (bytes):
> https://www.torproject.org/docs/tor-relay-debian.html.en
> 
> But Tor-doc-relay says 2Mbps (bits):
> https://www.torproject.org/docs/tor-doc-relay.html.en
> 

Which is exactly the same, so it's ok :)

Best,
Michael




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud

2016-11-01 Thread Petrusko 
Agree, trying to explain why people like Tor operators and/or volunteers
on WGC are giving time, network/cpu computing, money... to preserve and
help human rights, health... can be a good way. Trying to show them what
the Tor network is, why, the goal... the easiest possible, because many
of them are not geeks.
Good luck...


Julien ROBIN :
> In all those cases, my words are honest and true; as we shouldn't be
> ashamed of participating to projects aiming to a better word and more
> freedom, but shouldn't be happy of misuses, my personal preference is
> to be understanding and true. I also tell them that I'm participating,
> with my computers, to others scientific projects like World Community
> Grid (explaining it's about cancer research and a lot of others
> subjects) : It can be seen as "not related" but it is, as that's the
> way we are volunteers to the Tor Network !

-- 
Petrusko
EBE23AE5




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor bandwith question

2016-11-01 Thread SuperSluether 
Well, Tor-relay-debian says 250KBps (bytes): 
https://www.torproject.org/docs/tor-relay-debian.html.en


But Tor-doc-relay says 2Mbps (bits): 
https://www.torproject.org/docs/tor-doc-relay.html.en



On 10/31/2016 11:58 PM, ane...@tutanota.de wrote:
In order to clarify this once and for all: If I setup a Tor relay with 
200 kBps, do I slow down the Tor network? What amount of bandwith is 
needed in order to not slow down the network?



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud

2016-11-01 Thread Julien ROBIN 

Hi Volker,

A French text of law also exists for the following protection (following 
lines) but there is some others laws that are making it not completely 
clear, unfortunately.


You're not responsible about information that have been transmitted 
trough your Internet access if :

 -You're not originating the transmission
 -You're not selecting the recipient of the transmission
 -You're not selecting and not modifying the transmitted information

It's a little bit known because of intellectual property law 
infringement ("HADOPI" here).
Some years ago, when downloading movies and music with Peer to peer, if 
there were questions and complaint people simply could say "it's not me, 
somebody is likely using my IP trough WiFi".


So they written a law saying that you become responsible of "the faulty 
protection of your access", responsible of having neglected it, with a 
possible sanction about it. That means that today, you're supposed to 
have logs and identifications about "who is doing what" if you operate a 
public Internet access, and one time it's a reproach that I had orally 
about Tor. I didn't done a lot of research on this subject in order to 
know if Tor's case is fine about this law or not, since it was not a 
written and formal comment.


Here's for the technical points.

With hindsight :

Of course the law have been made in order to apply on movies and music 
download, and as a lot of laws, it can also be useful for information 
services in case of misdeed; and lot of people are agreeing with it, 
after all.
Finally it also have a repercussion about things like Tor; and I believe 
that not a lot of people here know about Tor.


People aren't always realizing that this kind of laws (supposed to be 
done "for people and on behalf of people"), are written out of any 
control from people, and are almost irreversible. And people never know 
how much things those law can touch. Few month ago with the "Emergency 
state" law about Islamic terrorism, ecology activists and volunteers had 
"assigned residence orders" during COP21, because this law is talking 
about security and trouble avoidance. Then, one can always say that it's 
good, but obviously I think nobody realize what we are loosing because 
of this kind of security laws. Even if climbing and eating flowers with 
big signs remains, most of the time, ineffective (as change.org and 
avaaz is most of the time), since elected persons who write the laws 
don't even care about it (and that's the biggest problem we have today). 
In our case, elected people are doing the law. For better laws, the only 
solution is better elected people, and that's a big problem too ;)


But then it's not related anymore to what we are discussing here (or 
just as it's about laws and fairness).



On 01/11/2016 10:22, Volker Mink wrote:

When reading this i am glad i live in germany.
We still have some laws which protect operators of TOR-Exits :)

https://www.gesetze-im-internet.de/tmg/__5.html
https://www.gesetze-im-internet.de/tmg/__8.html
https://www.gesetze-im-internet.de/tmg/__15.html
(perhaps try to translate them with google)

*Gesendet:* Dienstag, 01. November 2016 um 01:03 Uhr
*Von:* I 
*An:* tor-relays@lists.torproject.org
*Betreff:* Re: [tor-relays] Interrogated by Finnish police for alleged 
idendity crimes, fraud and attempts of fraud

An excellent approach

> -Original Message-
> From: julien.robi...@free.fr
> Sent: Mon, 31 Oct 2016 23:16:53 +0100
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Interrogated by Finnish police for alleged
> idendity crimes, fraud and attempts of fraud
>
> Hi,
>
> With the 3 big exit nodes I had in France (about 30MB/s in both
> direction for each of them), I got called by police a lot of time (may
> be 10 times approximately ? I do not really count anymore) on
> investigations about misdeed that was committed from IP addresses of my
> Tor relays (95.130.9.190 and 95.130.9.89 mainly, at Digicube, not
> running anymore since June, 2015). No call about the Online.net one
> (62.210.206.25, now Relay only since January, 2015), which was as big as
> the 2 others and Exit too, but the ISP is well known as servers and
> website big provider in France so I guess they realize it's an exit node
> before calling me. The "facts" were also, most of the time, fraud and
> attempts of fraud but also slander one time.
>
> I was most of the time called as suspect because IP are related to my
> name (because I was leasing those servers), as for a home connection in
> their point of view (not aware that those IP are dedicated servers IP).
> Then I simply explain this in appropriate terms. After some times,
> depending on the agent, for new investigations I'm sometimes "heard" as
> witness. And most of the time the meeting is fine.
>
> Each time, I explain that my servers are rented in my name, and that I
> use them for volunteer participation to a free proxies and VPN network
> called

Re: [tor-relays] Tor bandwith question

2016-11-01 Thread teor 

> On 1 Nov. 2016, at 23:12, Louie Cardone-Noott  wrote:
> 
> On Tue, 1 Nov 2016, at 11:42 AM, teor wrote:
>> 
>>> On 1 Nov. 2016, at 15:58,   wrote:
>>> 
>>> In order to clarify this once and for all: If I setup a Tor relay with 200 
>>> kBps, do I slow down the Tor network? What amount of bandwith is needed in 
>>> order to not slow down the network? 
>> 
>> In order to get the Fast flag, you need a relay capable of 2 megabytes
>> per
>> second. Most clients won't use you for anything if you don't have the
>> Fast
>> flag, so you'll have minimal impact on the network.
> 
> Do you mean 2 megabit/s?
> 
> Last time I checked 2 Mbps was the minimum for Fast, i.e. 256 KBps. Note
> the differing units. I ran a 2 Mbit relay from home for a while and it
> got the Fast flag.

Oops, you're right, Fast is 100 KByte/second, Guard is 2 MByte/second.

To get the fast flag, you also need to be in the top 7/8ths fastest relays.

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] assign_to_cpuworker failed. Ignoring.

2016-11-01 Thread Vinícius Zavam 
2016-10-31 20:22 GMT-03:00, Felix :
>
>
> Am 31.10.2016 um 23:40 schrieb Vinícius Zavam:
>> 2016-10-19 2:30 GMT-03:00, teor :
>>>
 On 19 Oct. 2016, at 16:25, Felix  wrote:

 Hi everybody

 May be someone can help with this warning:

 The security update (Tor v0.2.8.9 running on FreeBSD with Libevent
 2.0.22-stable, OpenSSL LibreSSL 2.4.3 and Zlib 1.2.8.) shows the
 following
 log entry each hour:

 Oct 19 02:51:07.000 [warn] Your system clock just jumped 136 seconds
 forward; assuming established circuits no longer work.
 Oct 19 02:51:07.000 [warn] assign_to_cpuworker failed. Ignoring.
 ...
 Oct 19 02:51:07.000 [warn] assign_to_cpuworker failed. Ignoring.
 Oct 19 02:51:15.000 [notice] Tor has successfully opened a circuit.
 Looks
 like client functionality is working.
 ...
 Oct 19 03:51:10.000 [warn] Your system clock just jumped 138 seconds
 forward; assuming established circuits no longer work.
 Oct 19 03:51:11.000 [warn] assign_to_cpuworker failed. Ignoring.
 ...
 Oct 19 04:50:37.000 [warn] Your system clock just jumped 105 seconds
 forward; assuming established circuits no longer work.
 Oct 19 04:50:37.000 [warn] assign_to_cpuworker failed. Ignoring.
 ...
 Oct 19 05:51:14.000 [warn] Your system clock just jumped 142 seconds
 forward; assuming established circuits no longer work.
 Oct 19 05:51:15.000 [warn] assign_to_cpuworker failed. Ignoring.
 ...

 The warning first appeared on 2.8.7 after update on September 13th (Tor
 v0.2.8.7 running on FreeBSD with Libevent 2.0.22-stable, OpenSSL
 LibreSSL
 2.4.2 and Zlib 1.2.8.). That time I switched back (Tor v0.2.7.6 running
 on
 FreeBSD with Libevent 2.0.22-stable, OpenSSL LibreSSL 2.4.2 and Zlib
 1.2.8.) and the warning disappeared.

 What can I do?

 The warning is reproted in tor-talk:
 https://
 lists.torproject.org/pipermail/tor-talk/2016-October/042425.html
>>>
>>> Thanks for reporting this issue - you could open a bug on our bug
>>> tracker
>>> under Core Tor/Tor:
>>> https://trac.torproject.org/projects/tor/newticket
>>>
>>> It would help us to know if it's just FreeBSD, or just LibreSSL.
>>>
>>> Maybe mention the bug number on tor-talk, so that poster can provide
>>> more details?
>>>
>>> Tim
>>>

 --
 Best regards, Felix
>>>
>>> T
>>>
>>> --
>>> Tim Wilson-Brown (teor)
>>
>> felix,
>>
>> that might not be related to Tor, but to your host's clock setup
>> and/or your jail's setup.
>>
>> # tor --version
>> Tor version 0.2.9.4-alpha (git-8b0755c9bb296ae2).
>> # uname -ai
>> FreeBSD cq110a 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11
>> 18:37:29 UTC 2016
>> r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>> GENERIC
>> # grep -i jump /var/log/tor/notice.log | wc -l
>> 0
>> # sysctl security.jail.jailed
>> security.jail.jailed: 1
>> # uptime
>>   7:32PM  up 18 days,  4:44, 1 user, load averages: 0.21, 0.21, 0.17
>>
>>
> Good to see Tor in a jail runs for you. For me it did until 0.2.8.
> You want to take a look at https://
> trac.torproject.org/projects/tor/ticket/20423 ?
>
> --
> Cheers, Felix
>

thanks for pointing out the ticket.
how long should we wait to see the warning?

# git branch
  maint-0.2.9
  master
* release-0.2.8

# tor --version
Tor version 0.2.8.9-dev (git-badc444f7adce748).

# head /var/log/tor/notice.log_r0289
Oct 31 22:48:44.000 [notice] Tor 0.2.8.9-dev (git-badc444f7adce748)
opening new log file.
Oct 31 22:48:44.632 [notice] Tor v0.2.8.9-dev (git-badc444f7adce748)
running on FreeBSD with Libevent 2.0.22-stable, OpenSSL LibreSSL 2.5.0
and Zlib 1.2.8.
Oct 31 22:48:44.633 [notice] Tor can't help you if you use it wrong!
Learn how to be safe at
https://www.torproject.org/download/download#warning
Oct 31 22:48:44.633 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Oct 31 22:48:44.742 [notice] Opening OR listener on [:xxxy:xxxz::abcd]:9021
Oct 31 22:48:44.752 [notice] Opening OR listener on a.b.c.d:9021
Oct 31 22:48:44.752 [notice] Opening Extended OR listener on 127.0.0.1:0
Oct 31 22:48:44.752 [notice] Extended OR listener listening on port 29790.
Oct 31 22:48:44.752 [notice] Opening Directory listener on a.b.c.d:9000
Oct 31 22:48:44.000 [notice] Parsing GEOIP IPv4 file /usr/local/share/tor/geoip.

# uname -ai
FreeBSD cq110a 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11
18:37:29 UTC 2016
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
GENERIC

# tail -n3 /var/log/tor/notice.log_r0289
Nov 01 08:51:24.000 [notice] Heartbeat: Tor's uptime is 10:00 hours,
with 19 circuits open. I've sent 167.56 MB and received 175.42 MB.
Nov 01 08:51:24.000 [notice] Circuit handshake stats since last time:
44/44 TAP, 187/187 NTor.
Nov 01 08:51:24.000 [notice] Since startup, we have initiated 0 v1
connections,

Re: [tor-relays] Tor bandwith question

2016-11-01 Thread Louie Cardone-Noott 
On Tue, 1 Nov 2016, at 11:42 AM, teor wrote:
> 
> > On 1 Nov. 2016, at 15:58,   wrote:
> > 
> > In order to clarify this once and for all: If I setup a Tor relay with 200 
> > kBps, do I slow down the Tor network? What amount of bandwith is needed in 
> > order to not slow down the network? 
> 
> In order to get the Fast flag, you need a relay capable of 2 megabytes
> per
> second. Most clients won't use you for anything if you don't have the
> Fast
> flag, so you'll have minimal impact on the network.

Do you mean 2 megabit/s?

Last time I checked 2 Mbps was the minimum for Fast, i.e. 256 KBps. Note
the differing units. I ran a 2 Mbit relay from home for a while and it
got the Fast flag.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] manual vs. automated updates

2016-11-01 Thread teor 

> On 1 Nov. 2016, at 16:44, Greg  wrote:
> 
> Hi,
> I'm very interested in setting up unattended upgrades for tor. I tried 
> searching for instructions on how to do it. But the only instructions I could 
> really find didn't work (on the Library Freedom git project).
> How do I write the config so that the tor repo (or whatever it's called) is 
> updated by unattended upgrades?

If you are using Debian or Ubuntu (or apt):

1. Modify your sources.list to include the tor repository
https://www.torproject.org/docs/debian.html.en

2. Modify
Debian: Unattended-Upgrade::Origins-Pattern
Ubuntu: Unattended-Upgrade::Allowed-Origins
to include the packages you want updated:

$EDITOR /etc/apt/apt.conf.d/50unattended-upgrades

Tim

> Thanks.
> 
> 
> On Oct 26, 2016 1:23 AM, "nusenu"  wrote:
> > 32 relays updated (Debian + Tor compiled to latest version)
> >
> > I am getting too old for this without a server management system 
> 
> not all relays with your contactinfo seem to be updated properly
> doing it manually is slow and error prone.
> Maybe consider using the 'unattended-upgrades' package?
> 
> (only found 28 relays)
> 
> +-+-++
> | version | nickname| restarted  |
> +-+-++
> | 0.2.8.7 | niftychipmunk   | 2016-10-26 |
> | 0.2.8.7 | niftymouse  | 2016-10-26 |
> | 0.2.8.7 | niftygerbil | 2016-10-26 |
> | 0.2.8.7 | niftyquokka | 2016-10-26 |
> | 0.2.8.9 | testnode2   | 2016-10-23 |
> | 0.2.8.9 | DOESaDEworkWITHtor1 | 2016-10-20 |
> | 0.2.8.9 | niftypedetes| 2016-10-26 |
> | 0.2.8.9 | niftyeuropeanrabbit | 2016-10-26 |
> | 0.2.8.9 | niftychinchilla | 2016-10-26 |
> | 0.2.8.9 | 2ndTRYdeEXIT| 2016-10-20 |
> | 0.2.8.9 | niftysugarglider| 2016-10-26 |
> | 0.2.8.9 | niftyvolcanorabbit  | 2016-10-26 |
> | 0.2.8.9 | niftyrat| 2016-10-26 |
> | 0.2.8.9 | niftypatagonianmara | 2016-10-25 |
> | 0.2.8.9 | niftywoodmouse  | 2016-10-25 |
> | 0.2.8.9 | niftysquirrel   | 2016-10-25 |
> | 0.2.8.9 | mullahspinymouse| 2016-10-26 |
> | 0.2.8.9 | niftybankvole   | 2016-10-25 |
> | 0.2.8.9 | capespinymouse  | 2016-10-26 |
> | 0.2.8.9 | niftyhedgehog   | 2016-10-25 |
> | 0.2.8.9 | niftycapybara   | 2016-10-26 |
> | 0.2.8.9 | testnode| 2016-10-23 |
> | 0.2.8.9 | cairospinymouse | 2016-10-26 |
> | 0.2.8.9 | niftykangaroorat| 2016-10-25 |
> | 0.2.8.9 | niftypika   | 2016-10-26 |
> | 0.2.8.9 | niftyjerboa | 2016-10-26 |
> | 0.2.8.9 | niftyguineapig  | 2016-10-26 |
> | 0.2.8.9 | niftycottontail | 2016-10-26 |
> +-+-++
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread hwertiout695 
Hi Ralph,

Ralph Seichter  schrieb am Di., 1. Nov. 2016 um
12:37 Uhr:

> Does anybody have a suggestion on how best to figure out which address
> ranges are owned by panelboxmanager.com? Complaints seem to come in for
> all sorts of addresses.
>

`whois 72.55.186.5` leads to https://whois.arin.net/rest/org/PANEL-2/nets:

PANELBOX-14 (NET-67-205-125-0-1
) 67.205.125.0 -
67.205.125.255
PANELBOX-07 (NET-108-163-147-0-1
) 108.163.147.0 -
108.163.147.255
PANELBOX-08 (NET-184-107-101-0-1
) 184.107.101.0 -
184.107.101.255
PANELBOX-09 (NET-184-107-116-0-1
) 184.107.116.0 -
184.107.116.255
PANELBOX-10 (NET-198-72-104-0-1
) 198.72.104.0 -
198.72.104.255
PANELBOX-11 (NET-72-55-152-240-1
) 72.55.152.240 -
72.55.152.255
PANELBOX-12 (NET-108-163-128-64-1
) 108.163.128.64
- 108.163.128.127
PANELBOX-06 (NET-70-38-127-64-1
) 70.38.127.64 -
70.38.127.127
PANELBOX-13 (NET-184-107-111-96-1
) 184.107.111.96
- 184.107.111.127
PANELBOX-13 (NET-209-172-50-32-1
) 209.172.50.32 -
209.172.50.63
PANELBOX-04 (NET-174-142-230-0-1
) 174.142.230.0 -
174.142.230.255
PANELBOX-05 (NET-184-107-100-0-1
) 184.107.100.0 -
184.107.100.255
PANELBOX-03 (NET-67-205-105-0-1
) 67.205.105.0 -
67.205.105.255
PANELBOX-02 (NET-67-205-90-240-1
) 67.205.90.240 -
67.205.90.255
IWEB--72-55-186-0-24 (NET-72-55-186-0-1
) 72.55.186.0 -
72.55.186.255
HTH
Sven
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread Michael Armbruster 
On 2016-11-01 at 12:37, Ralph Seichter wrote:
> On 01.11.2016 12:27, Diarmaid McManus wrote:
> 
>> is there a way to dynamically update the exit policy as a relay is
>> running?
> 
> There is. Change configuration file on-disk, then send a HUP signal to
> Tor process.
> 
> Does anybody have a suggestion on how best to figure out which address
> ranges are owned by panelboxmanager.com? Complaints seem to come in for
> all sorts of addresses.
> 

According to the whois of their IP address for panelboxmanager.com, I
got the following two subnets:

Panelbox IWEB--72-55-186-0-24 (NET-72-55-186-0-1) 72.55.186.0 -
72.55.186.255
iWeb Technologies Inc. IWEB-BLK-03 (NET-72-55-128-0-1) 72.55.128.0 -
72.55.191.255

Best,
Michael



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread Ralph Seichter 
On 01.11.2016 12:27, Diarmaid McManus wrote:

> is there a way to dynamically update the exit policy as a relay is
> running?

There is. Change configuration file on-disk, then send a HUP signal to
Tor process.

Does anybody have a suggestion on how best to figure out which address
ranges are owned by panelboxmanager.com? Complaints seem to come in for
all sorts of addresses.

-Ralph

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Blocking Domains

2016-11-01 Thread Diarmaid McManus 
I wouldn't recommend blocking at the DNS level, as this could flag your
exit with a BADEXIT for modifying traffic.

The current official way to do this is through the exit policy, but this is
in a configuration file.
*Relay Operators*: is there a way to dynamically update the exit policy as
a relay is running?

On 1 November 2016 at 10:35, teor  wrote:

>
> > On 1 Nov. 2016, at 07:42, SuperSluether  wrote:
> >
> > They give me the IP address to block. The problem is yesterday it was on
> s01.panelboxmanager.com. Today it was s502.panelboxmanager.com. I was
> hoping for a way to block all sub-domains of panelboxmanager.com to
> prevent further abuse on that particular network. Guess I'll keep going
> per-IP for now.
> >
> >
> > On 10/31/2016 03:38 PM, Jason Jung wrote:
> >> You need to block them via IP address.  Do a DNS lookup of the domain in
> >> question if the e-mail doesn't contain it.
> >>
> >> On Mon, Oct 31, 2016 at 07:55:43AM -0500, Tristan wrote:
> >>> Is it possible to block domain names in Tor's ExitPolicy? I've been
> getting
> >>> abuses on *.panelboxmanager.com, and I'd like to be proactive about
> this if
> >>> possible.
>
> If you run a local caching resolver, you can tell it not to answer requests
> for these domains. (Or, more precisely, answer them with NXDOMAIN.)
>
> And you should block the IP addresses for the netblock in your exit policy
> as well, so the blocking is at least somewhat transparent.
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> 
> --
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Stats not updated for several days?

2016-11-01 Thread John Ricketts 
Thank you!

> On Nov 1, 2016, at 05:17, Karsten Loesing  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Hi everyone,
> 
> can you check once again?
> 
> There was a problem with the data-collecting service that silently
> died on October 30 at around 23:00 UTC.  I have been working on that
> problem for an hour or two, and it should be resolved by now.  Please
> try again.
> 
> Sorry for the trouble. :(
> 
> All the best,
> Karsten
> 
> 
>> On 01/11/16 10:51, Markus Koch wrote:
>> Same here.
>> 
>> Sent from my iPad
>> 
>>> On 1 Nov 2016, at 10:42, Michael Armbruster 
>>> wrote:
>>> 
 On 2016-11-01 at 10:34, Pascal Terjan wrote: For example
 https://atlas.torproject.org/#details/20462CBA5DA4C2D963567D17D0B7249718114A68
 
 
> says uptime is 12 days and current version is 0.2.6.10 but I upgraded
 the machine and updated tor to 0.2.8.9 over a day ago:
 
>>> 
>>> I currently have problems with the stats, too. "armbrust2" [1]
>>> is running for about 2 days again and it shows as not running.
>>> Though it is in the current concensus with the Running flag and
>>> weighted with 12500.
>>> 
>>> [1] 
>>> https://atlas.torproject.org/#details/50EC45D8545D3BF901CD3EF677090F32E55BDA6B
>>> 
>>> 
>>> 
>>> 
> ___
>>> tor-relays mailing list tor-relays@lists.torproject.org 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___ tor-relays mailing
>> list tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> 
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBCAAGBQJYGGuRAAoJEC3ESO/4X7XBuBMH/00tIz3I/wWvPSAKteJUtbFK
> 0NmnHDzHIYje2nk6gx4Vcp0cbWAMRFivWY+WRgZeLZtFN1HRmZDnCTfLVCpSnanT
> c673YFb9HzUi1rNS+8VMJOY8uf3/X5vQ6s7B0lT+zWk8SPaQuhgHL4D0Nxj6WwBJ
> VU4leXEY0OR3YVgcjtF0CToHc+mjYDkHGp2IanHlEbwsKPL8DVwMzPHqju5sSYUG
> /G6XtzdOaQY/fLnPZwI70VijJucNbIVq1kxzZKn4EPgDVnrC1HyrRGyY7lttT8Kd
> rar1gTKmQmHHWk7+fI+1GUNh5V1z2JIxdCgG5/Ap64WDrsl83JpBJYAmB15d6po=
> =MdwV
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Stats not updated for several days?

2016-11-01 Thread Pascal Terjan 
On 1 November 2016 at 10:16, Karsten Loesing  wrote:
> Hi everyone,
>
> can you check once again?
>
> There was a problem with the data-collecting service that silently
> died on October 30 at around 23:00 UTC.  I have been working on that
> problem for an hour or two, and it should be resolved by now.  Please
> try again.
>
> Sorry for the trouble. :(

Thanks for fixing it!

> All the best,
> Karsten
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Stats not updated for several days?

2016-11-01 Thread Michael Armbruster 
On 2016-11-01 at 11:16, Karsten Loesing wrote:
> Hi everyone,
> 
> can you check once again?
> 
> There was a problem with the data-collecting service that silently
> died on October 30 at around 23:00 UTC.  I have been working on that
> problem for an hour or two, and it should be resolved by now.  Please
> try again.
> 
> Sorry for the trouble. :(
> 
> All the best,
> Karsten
> 

Looks good on my end :)

Best,
Michael



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Stats not updated for several days?

2016-11-01 Thread Karsten Loesing 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi everyone,

can you check once again?

There was a problem with the data-collecting service that silently
died on October 30 at around 23:00 UTC.  I have been working on that
problem for an hour or two, and it should be resolved by now.  Please
try again.

Sorry for the trouble. :(

All the best,
Karsten


On 01/11/16 10:51, Markus Koch wrote:
> Same here.
> 
> Sent from my iPad
> 
>> On 1 Nov 2016, at 10:42, Michael Armbruster 
>> wrote:
>> 
>>> On 2016-11-01 at 10:34, Pascal Terjan wrote: For example
>>> https://atlas.torproject.org/#details/20462CBA5DA4C2D963567D17D0B7249718114A68
>>>
>>> 
says uptime is 12 days and current version is 0.2.6.10 but I upgraded
>>> the machine and updated tor to 0.2.8.9 over a day ago:
>>> 
>> 
>> I currently have problems with the stats, too. "armbrust2" [1]
>> is running for about 2 days again and it shows as not running.
>> Though it is in the current concensus with the Running flag and
>> weighted with 12500.
>> 
>> [1] 
>> https://atlas.torproject.org/#details/50EC45D8545D3BF901CD3EF677090F32E55BDA6B
>>
>>
>>
>> 
___
>> tor-relays mailing list tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCAAGBQJYGGuRAAoJEC3ESO/4X7XBuBMH/00tIz3I/wWvPSAKteJUtbFK
0NmnHDzHIYje2nk6gx4Vcp0cbWAMRFivWY+WRgZeLZtFN1HRmZDnCTfLVCpSnanT
c673YFb9HzUi1rNS+8VMJOY8uf3/X5vQ6s7B0lT+zWk8SPaQuhgHL4D0Nxj6WwBJ
VU4leXEY0OR3YVgcjtF0CToHc+mjYDkHGp2IanHlEbwsKPL8DVwMzPHqju5sSYUG
/G6XtzdOaQY/fLnPZwI70VijJucNbIVq1kxzZKn4EPgDVnrC1HyrRGyY7lttT8Kd
rar1gTKmQmHHWk7+fI+1GUNh5V1z2JIxdCgG5/Ap64WDrsl83JpBJYAmB15d6po=
=MdwV
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Stats not updated for several days?

2016-11-01 Thread Markus Koch 
Same here. 

Sent from my iPad

> On 1 Nov 2016, at 10:42, Michael Armbruster  wrote:
> 
>> On 2016-11-01 at 10:34, Pascal Terjan wrote:
>> For example 
>> https://atlas.torproject.org/#details/20462CBA5DA4C2D963567D17D0B7249718114A68
>> says uptime is 12 days and current version is 0.2.6.10 but I upgraded
>> the machine and updated tor to 0.2.8.9 over a day ago:
>> 
> 
> I currently have problems with the stats, too. "armbrust2" [1] is
> running for about 2 days again and it shows as not running. Though it is
> in the current concensus with the Running flag and weighted with 12500.
> 
> [1]
> https://atlas.torproject.org/#details/50EC45D8545D3BF901CD3EF677090F32E55BDA6B
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Stats not updated for several days?

2016-11-01 Thread Michael Armbruster 
On 2016-11-01 at 10:34, Pascal Terjan wrote:
> For example 
> https://atlas.torproject.org/#details/20462CBA5DA4C2D963567D17D0B7249718114A68
> says uptime is 12 days and current version is 0.2.6.10 but I upgraded
> the machine and updated tor to 0.2.8.9 over a day ago:
> 

I currently have problems with the stats, too. "armbrust2" [1] is
running for about 2 days again and it shows as not running. Though it is
in the current concensus with the Running flag and weighted with 12500.

[1]
https://atlas.torproject.org/#details/50EC45D8545D3BF901CD3EF677090F32E55BDA6B




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud

2016-11-01 Thread Volker Mink 

When reading this i am glad i live in germany.
We still have some laws which protect operators of TOR-Exits :)


https://www.gesetze-im-internet.de/tmg/__5.html

https://www.gesetze-im-internet.de/tmg/__8.html

https://www.gesetze-im-internet.de/tmg/__15.html

(perhaps try to translate them with google)

 

 

Gesendet: Dienstag, 01. November 2016 um 01:03 Uhr
Von: I 
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud

An excellent approach

> -Original Message-
> From: julien.robi...@free.fr
> Sent: Mon, 31 Oct 2016 23:16:53 +0100
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Interrogated by Finnish police for alleged
> idendity crimes, fraud and attempts of fraud
>
> Hi,
>
> With the 3 big exit nodes I had in France (about 30MB/s in both
> direction for each of them), I got called by police a lot of time (may
> be 10 times approximately ? I do not really count anymore) on
> investigations about misdeed that was committed from IP addresses of my
> Tor relays (95.130.9.190 and 95.130.9.89 mainly, at Digicube, not
> running anymore since June, 2015). No call about the Online.net one
> (62.210.206.25, now Relay only since January, 2015), which was as big as
> the 2 others and Exit too, but the ISP is well known as servers and
> website big provider in France so I guess they realize it's an exit node
> before calling me. The "facts" were also, most of the time, fraud and
> attempts of fraud but also slander one time.
>
> I was most of the time called as suspect because IP are related to my
> name (because I was leasing those servers), as for a home connection in
> their point of view (not aware that those IP are dedicated servers IP).
> Then I simply explain this in appropriate terms. After some times,
> depending on the agent, for new investigations I'm sometimes "heard" as
> witness. And most of the time the meeting is fine.
>
> Each time, I explain that my servers are rented in my name, and that I
> use them for volunteer participation to a free proxies and VPN network
> called Tor. I then give some details and explanations about what is Tor,
> who created it, what are the goals of the project (about protection of
> _expression_ in bad countries and censorship avoidance, by accessing the
> same Internet that others do, pricacy protection too), and yes, the
> misuses... and that these are discouraging misuse and it is not the
> reason why we participate in this network (far from it !). Then I give
> the IP of those servers (and one of them is the reason why they called
> me). And I explain that they are computers with a very fast bandwidth,
> located in datacenters (Rennes, Vitry...) that can be accessed and
> configured remotely, like a remote desktop.
>
> When they ask the question about logs and how to find the author of the
> fact, my answer is that (unfortunately in that case), Tor is designed as
> it's not possible for anybody to find who is the IP address from where
> the traffic originated. It's very secure for those who need to use it.
> Of course I tell them that if they have suspects in the entourage of the
> victim, they can check if one of them was connected to the Tor network
> at the time of the "fact" but as me and others people are using Tor for
> online privacy without any intention of misuse against anybody, using
> Tor is not a proof of misuse and is most of the time not done for bad
> intention. Of course some questioning about a suspect using Tor at the
> same hour would be rightful in this particular situation, anyway (like I
> was questioned).
>
> All time I also come with a sheet of paper explaining Tor a little bit
> deeply, what are the motivation of the teams and people behind this
> project, (even in front of misuses that we are, of course, not proud of
> having on the Tor network, even if without the Tor network, those
> misuses would have been done by another way). In France I
>
> Of course sometimes the agent is not very happy about the Tor Network as
> the investigations is likely to fail because of the Tor Network
> efficiency. When the misuse is real and obviously bad, nobody can be
> happy of it !
>
> In all those cases, my words are honest and true; as we shouldn't be
> ashamed of participating to projects aiming to a better word and more
> freedom, but shouldn't be happy of misuses, my personal preference is to
> be understanding and true. I also tell them that I'm participating, with
> my computers, to others scientific projects like World Community Grid
> (explaining it's about cancer research and a lot of others subjects) :
> It can be seen as "not related" but it is, as that's the way we are
> volunteers to the Tor Network !
>
>
> Here's for my feedback ! It's very personal of course, I hope nobody
> would copy it without feeling it :) I'm just expressing my own feeling
> on those situations, if it can help