Re: [tor-relays] Remove IP from list of known Tor exit nodes

[nusenu]

> You are right. The "wrong" exit node is not figuring on
> https://check.torproject.org/exit-addresses anymore. But it still
> visible from https://atlas.torproject.org/.
> Downtime
>   4 days 5 hours 21 minutes and 6 seconds
> Running
>   false
> How long will it keep figuring on atlas?

Atlas uses onionoo data. Onionoo data shows relays that were running at
some point within the last 7 days.




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Remove IP from list of known Tor exit nodes

[Paw]

> Your IP leaves the official list of current Exits automatically when it
> ceases to be an Exit.
> In the previous msg I just repeated the exit-addresses URL. I actually
> meant to ask: for how long has the Exit been offline? The oldest by
> LastStatus are now from 2017-03-01 ~15:00.
You are right. The "wrong" exit node is not figuring on
https://check.torproject.org/exit-addresses anymore. But it still
visible from https://atlas.torproject.org/.
Downtime
  4 days 5 hours 21 minutes and 6 seconds
Running
  false
How long will it keep figuring on atlas?

> So it wouldn't surprise me if Cloudflare won't unlist your IP on request
You are right. I have written some mails to supp...@cloudflare.com.
According to
https://support.cloudflare.com/hc/en-us/articles/203306930-Does-Cloudflare-block-tor
Cloudflare updates its list of Tor exit node IP addresses every 15 minutes.
But the reply I got from their support was:
> it's not listed on honeypot it is not based on any maliscous activity
> but rather was a special list of TOR endpoints curated by the request
> of our customers to control access to their sites. As such your
> endpoint won't be removed from that as it is a TOR endpoint this is
> completely independent of the reputation.
They have not registered any malicious activity from the IP and it is
not figuring on https://check.torproject.org/exit-addresses, but still
they won't remove it from their list.

> So maybe you'll have to route your home traffic through some VPN now to
> get around the Great Cloudwall.
I have a few extra IPs, so for now I am routing outbound http-traffic
through one of them. But it is still a shame that such big companies can
do as they like, without any means to correct mistakes.

Thank you for your reply.

Best,
Paw

fnordomat  writes:

> Hi again,
>
> Paw:
>> Dear all,
>>
>> By mistake I routed exit traffic from my Tor exit node through an IP
>> that is used for NAT'ing where I live, for a short time. So now the NAT
>> ip is found on https://check.torproject.org/exit-addresses which is a
>> bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic.
>
> In the previous msg I just repeated the exit-addresses URL. I actually
> meant to ask: for how long has the Exit been offline? The oldest by
> LastStatus are now from 2017-03-01 ~15:00.
>
>>
>> Is there a way to remove my NAT ip from the list of Tor exit nodes? The
>> NAT address does not see any Tor traffic anymore.
>>
>> Best regards,
>> Paw
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] new Atlas feature: Not Recommended Tor Version

[nusenu]

I'd like to highlight a new Atlas feature [1]:

Atlas now displays a red "!" if the relay runs a tor version that is not
recommended by the tor directory authorities.


Examples
https://atlas.torproject.org/#/top10



Thanks to RaBe and irl for adding this.



[1] https://trac.torproject.org/projects/tor/ticket/21367



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] descriptor-id calc tool?

[nusenu]

>> The introduction points are not chosen by calculating the descriptor-id
>> and finding the 3 HSDirs next to it (by sorted fingerprint).
> 
> tldr: HSDir != IntroPoint.
> 
> Introduction points are chosen by random by an onion service and unknown 
> in advance. What is known in advance is only the onion address. Descriptor ID
> determines which HSDirs are responsible for storing corresponding descriptor.
> List of the current IntroPoints are embedded into descriptor (that's the
> reason we have descriptor thing in the first place).

Thanks for confirming!

(running an adhoc tor client in at 'info' log level was useful since it
outputs descriptor-id and actual hsdir it is contacting)



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Remove IP from list of known Tor exit nodes

[fnordomat]

Hi again,

Paw:
> Dear all,
> 
> By mistake I routed exit traffic from my Tor exit node through an IP
> that is used for NAT'ing where I live, for a short time. So now the NAT
> ip is found on https://check.torproject.org/exit-addresses which is a
> bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic.

In the previous msg I just repeated the exit-addresses URL. I actually
meant to ask: for how long has the Exit been offline? The oldest by
LastStatus are now from 2017-03-01 ~15:00.

> 
> Is there a way to remove my NAT ip from the list of Tor exit nodes? The
> NAT address does not see any Tor traffic anymore.
> 
> Best regards,
> Paw
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Remove IP from list of known Tor exit nodes

[fnordomat]

Hi,

Your IP leaves the official list of current Exits automatically when it
ceases to be an Exit.

https://check.torproject.org/exit-addresses

However, it will remain on any web-blocking lists for as long as the
web-blocking list operators please.

On the bright side you now have a daily reminder of the extent of
Cloudflare's gigantic MitM business.

Cloudflare and their filthy ilk couldn't care less about the collateral
damage they're inflicting on millions of people (as evidenced by their
dishonest, stalling approach to the Tor-Captcha problem and the recent
"cloudbleed" incident - and the very idea of selling MitM as a
substitute of security in depth - is evidence enough that the whole
operation is in bad faith).

The basic MO of their blocking lists: paint all traffic coming from one
IP address with the same brush. Once something they deem "bad" comes
from somewhere, use that as "ground truth" to "prove" that their
"service" is useful.

https://blog.torproject.org/blog/trouble-cloudflare

Pure snake-oil. So why should they care for exactness? They just want to
"make the web great again" for idiots by reducing the frequency of
perceived "attacks", with minimal involvement or human effort.

So it wouldn't surprise me if Cloudflare won't unlist your IP on request
because

a) apparently they don't think it worth their money to not piss off
minorities such as Tor users and

b) you know, the "bad guys could do that too".

So maybe you'll have to route your home traffic through some VPN now to
get around the Great Cloudwall.

But who knows.


Paw:
> Dear all,
> 
> By mistake I routed exit traffic from my Tor exit node through an IP
> that is used for NAT'ing where I live, for a short time. So now the NAT
> ip is found on https://check.torproject.org/exit-addresses which is a
> bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic.
> 
> Is there a way to remove my NAT ip from the list of Tor exit nodes? The
> NAT address does not see any Tor traffic anymore.
> 
> Best regards,
> Paw
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] descriptor-id calc tool?

[Ivan Markin]

On Thu, Mar 02, 2017 at 01:11:00PM +, nusenu wrote:
> nusenu:
> > Shouldn't the first 2 or 3 hex digits of your output (after converting
> > them to hex) without time option and the actual intro point FPs match
> > when run at roughly the same time?
> > 
> > example for duckduckgo:
> > 
> > ./get-intro-points.py 3g2upl4pq6kufc4m  [1]
> > 3g2upl4pq6kufc4m:56782537778BEFC5A48080B58BE01E814AF9B5D3
> > 3g2upl4pq6kufc4m:769DBA4C0C992FCEA080618833FD7BF5AC1F4F41
> > 3g2upl4pq6kufc4m:744B753C7F5E0C6BDD240EE5D879A36C650D2B00
> > 
> > 
> > go run descriptor-id-calc.go 3g2upl4pq6kufc4m
> > replica #0: sv5uuknuqvjgquf4hu4m6tvcyuyiyvw7
> > -> hex: 957B4A29B485526850BC3D38CF4EA2C5308C56DF
> > 
> > replica #1: crpc4lkarusgflm5nblslpopg5qpvw7i
> > -> hex: 145E2E2D408D2462AD9D685725BDCF3760FADBE8
> > 
> > they start with 95.. and 14.. but the actual intro points start with
> > 56.., 76.. and 74.. ?
> 
> I probably misunderstood how the design works.
> 
> The introduction points are not chosen by calculating the descriptor-id
> and finding the 3 HSDirs next to it (by sorted fingerprint).

tldr: HSDir != IntroPoint.

Introduction points are chosen by random by an onion service and unknown 
in advance. What is known in advance is only the onion address. Descriptor ID
determines which HSDirs are responsible for storing corresponding descriptor.
List of the current IntroPoints are embedded into descriptor (that's the
reason we have descriptor thing in the first place).

--
Ivan Markin
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Remove IP from list of known Tor exit nodes

[Paw]

Dear all,

By mistake I routed exit traffic from my Tor exit node through an IP
that is used for NAT'ing where I live, for a short time. So now the NAT
ip is found on https://check.torproject.org/exit-addresses which is a
bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic.

Is there a way to remove my NAT ip from the list of Tor exit nodes? The
NAT address does not see any Tor traffic anymore.

Best regards,
Paw
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] descriptor-id calc tool?

[nusenu]

nusenu:
> 
> 
> Ivan Markin:
>> On Tue, Feb 28, 2017 at 02:09:00AM +, nusenu wrote:
> Is there a tool out there that tells me which HSDir is/will probably be
> responsible for a given onion address (and at what time)?

 There's no tool, unless you can reverse SHA1.
 (Or brute-force a set of popular onion addresses.)
>>>
>>> I probably was not very clear in my question. I'm not aiming for the
>>> reverse path, just the normal calculation a tor client does given an
>>> onion address but instead of just calculating the current descriptor-id,
>>> print descriptor-ids for the future N days for onion address M (for the
>>> pre-prop224 world).
>>
>> FYI https://gist.github.com/nogoegst/895dde228496e04f409fc6d160a5de5a
>>
>> $ go run onion-desc-advance.go -time 1488288001 yrcfcqhja2ide7yh
>>
>> prints descriptor IDs for the given time for replica #1 and #2.
> 
> Thanks for this.
> 
> Shouldn't the first 2 or 3 hex digits of your output (after converting
> them to hex) without time option and the actual intro point FPs match
> when run at roughly the same time?
> 
> example for duckduckgo:
> 
> ./get-intro-points.py 3g2upl4pq6kufc4m  [1]
> 3g2upl4pq6kufc4m:56782537778BEFC5A48080B58BE01E814AF9B5D3
> 3g2upl4pq6kufc4m:769DBA4C0C992FCEA080618833FD7BF5AC1F4F41
> 3g2upl4pq6kufc4m:744B753C7F5E0C6BDD240EE5D879A36C650D2B00
> 
> 
> go run descriptor-id-calc.go 3g2upl4pq6kufc4m
> replica #0: sv5uuknuqvjgquf4hu4m6tvcyuyiyvw7
> -> hex: 957B4A29B485526850BC3D38CF4EA2C5308C56DF
> 
> replica #1: crpc4lkarusgflm5nblslpopg5qpvw7i
> -> hex: 145E2E2D408D2462AD9D685725BDCF3760FADBE8
> 
> they start with 95.. and 14.. but the actual intro points start with
> 56.., 76.. and 74.. ?

I probably misunderstood how the design works.

The introduction points are not chosen by calculating the descriptor-id
and finding the 3 HSDirs next to it (by sorted fingerprint).





signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [tor-announce] Tor 0.2.9.10 is released

[nusenu]

>> Changes in version 0.2.9.10 - 2017-03-01
>> [...]
> 
> Starting this new version results in the following log entry:
> 
>   This version of Tor (0.2.9.10) is newer than any recommended version
>   in its series, according to the directory authorities. Recommended
>   versions are:
>   
> 0.2.4.27,0.2.4.28,0.2.5.12,0.2.5.13,0.2.7.6,0.2.7.7,0.2.8.9,0.2.8.10,0.2.8.11,0.2.8.12,0.2.9.9,0.3.0.2-alpha,0.3.0.3-alpha
> 
> Not sure if this is just informational or if it will affect Tor node 
> operation.

This is just sub-optimal timing. Ideally tor dir auths would add new
versions before they get released to the recommended versions list but
in this case only moria1 was in time [1]. This log message should no
longer appear as soon as tor26 or gabelmoo adds the new releases [2].

Maybe it would make sense to add support for version ranges so not every
new release would require two dir auth operators to touch their
configuration.


[1]
https://lists.torproject.org/pipermail/tor-consensus-health/2017-March/007748.html
[2] https://consensus-health.torproject.org/#recommendedversions



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [tor-announce] Tor 0.2.9.10 is released

[Ralph Seichter]

On 01.03.2017 22:18, Nick Mathewson wrote:

> Changes in version 0.2.9.10 - 2017-03-01
> [...]

Starting this new version results in the following log entry:

  This version of Tor (0.2.9.10) is newer than any recommended version
  in its series, according to the directory authorities. Recommended
  versions are:
  
0.2.4.27,0.2.4.28,0.2.5.12,0.2.5.13,0.2.7.6,0.2.7.7,0.2.8.9,0.2.8.10,0.2.8.11,0.2.8.12,0.2.9.9,0.3.0.2-alpha,0.3.0.3-alpha

Not sure if this is just informational or if it will affect Tor node operation.

-Ralph

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] descriptor-id calc tool?

[nusenu]

Ivan Markin:
> On Tue, Feb 28, 2017 at 02:09:00AM +, nusenu wrote:
 Is there a tool out there that tells me which HSDir is/will probably be
 responsible for a given onion address (and at what time)?
>>>
>>> There's no tool, unless you can reverse SHA1.
>>> (Or brute-force a set of popular onion addresses.)
>>
>> I probably was not very clear in my question. I'm not aiming for the
>> reverse path, just the normal calculation a tor client does given an
>> onion address but instead of just calculating the current descriptor-id,
>> print descriptor-ids for the future N days for onion address M (for the
>> pre-prop224 world).
> 
> FYI https://gist.github.com/nogoegst/895dde228496e04f409fc6d160a5de5a
> 
> $ go run onion-desc-advance.go -time 1488288001 yrcfcqhja2ide7yh
> 
> prints descriptor IDs for the given time for replica #1 and #2.

Thanks for this.

Shouldn't the first 2 or 3 hex digits of your output (after converting
them to hex) without time option and the actual intro point FPs match
when run at roughly the same time?

example for duckduckgo:

./get-intro-points.py 3g2upl4pq6kufc4m  [1]
3g2upl4pq6kufc4m:56782537778BEFC5A48080B58BE01E814AF9B5D3
3g2upl4pq6kufc4m:769DBA4C0C992FCEA080618833FD7BF5AC1F4F41
3g2upl4pq6kufc4m:744B753C7F5E0C6BDD240EE5D879A36C650D2B00


go run descriptor-id-calc.go 3g2upl4pq6kufc4m
replica #0: sv5uuknuqvjgquf4hu4m6tvcyuyiyvw7
-> hex: 957B4A29B485526850BC3D38CF4EA2C5308C56DF

replica #1: crpc4lkarusgflm5nblslpopg5qpvw7i
-> hex: 145E2E2D408D2462AD9D685725BDCF3760FADBE8

they start with 95.. and 14.. but the actual intro points start with
56.., 76.. and 74.. ?

thanks

[1] https://gist.github.com/nusenu/8339cfd5351b64c47676241a40ee2942





signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays