Re: [tor-relays] Remove IP from list of known Tor exit nodes
> You are right. The "wrong" exit node is not figuring on > https://check.torproject.org/exit-addresses anymore. But it still > visible from https://atlas.torproject.org/. > Downtime > 4 days 5 hours 21 minutes and 6 seconds > Running > false > How long will it keep figuring on atlas? Atlas uses onionoo data. Onionoo data shows relays that were running at some point within the last 7 days. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Remove IP from list of known Tor exit nodes
> Your IP leaves the official list of current Exits automatically when it > ceases to be an Exit. > In the previous msg I just repeated the exit-addresses URL. I actually > meant to ask: for how long has the Exit been offline? The oldest by > LastStatus are now from 2017-03-01 ~15:00. You are right. The "wrong" exit node is not figuring on https://check.torproject.org/exit-addresses anymore. But it still visible from https://atlas.torproject.org/. Downtime 4 days 5 hours 21 minutes and 6 seconds Running false How long will it keep figuring on atlas? > So it wouldn't surprise me if Cloudflare won't unlist your IP on request You are right. I have written some mails to supp...@cloudflare.com. According to https://support.cloudflare.com/hc/en-us/articles/203306930-Does-Cloudflare-block-tor Cloudflare updates its list of Tor exit node IP addresses every 15 minutes. But the reply I got from their support was: > it's not listed on honeypot it is not based on any maliscous activity > but rather was a special list of TOR endpoints curated by the request > of our customers to control access to their sites. As such your > endpoint won't be removed from that as it is a TOR endpoint this is > completely independent of the reputation. They have not registered any malicious activity from the IP and it is not figuring on https://check.torproject.org/exit-addresses, but still they won't remove it from their list. > So maybe you'll have to route your home traffic through some VPN now to > get around the Great Cloudwall. I have a few extra IPs, so for now I am routing outbound http-traffic through one of them. But it is still a shame that such big companies can do as they like, without any means to correct mistakes. Thank you for your reply. Best, Paw fnordomatwrites: > Hi again, > > Paw: >> Dear all, >> >> By mistake I routed exit traffic from my Tor exit node through an IP >> that is used for NAT'ing where I live, for a short time. So now the NAT >> ip is found on https://check.torproject.org/exit-addresses which is a >> bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic. > > In the previous msg I just repeated the exit-addresses URL. I actually > meant to ask: for how long has the Exit been offline? The oldest by > LastStatus are now from 2017-03-01 ~15:00. > >> >> Is there a way to remove my NAT ip from the list of Tor exit nodes? The >> NAT address does not see any Tor traffic anymore. >> >> Best regards, >> Paw >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] new Atlas feature: Not Recommended Tor Version
I'd like to highlight a new Atlas feature [1]: Atlas now displays a red "!" if the relay runs a tor version that is not recommended by the tor directory authorities. Examples https://atlas.torproject.org/#/top10 Thanks to RaBe and irl for adding this. [1] https://trac.torproject.org/projects/tor/ticket/21367 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] descriptor-id calc tool?
>> The introduction points are not chosen by calculating the descriptor-id >> and finding the 3 HSDirs next to it (by sorted fingerprint). > > tldr: HSDir != IntroPoint. > > Introduction points are chosen by random by an onion service and unknown > in advance. What is known in advance is only the onion address. Descriptor ID > determines which HSDirs are responsible for storing corresponding descriptor. > List of the current IntroPoints are embedded into descriptor (that's the > reason we have descriptor thing in the first place). Thanks for confirming! (running an adhoc tor client in at 'info' log level was useful since it outputs descriptor-id and actual hsdir it is contacting) signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Remove IP from list of known Tor exit nodes
Hi again, Paw: > Dear all, > > By mistake I routed exit traffic from my Tor exit node through an IP > that is used for NAT'ing where I live, for a short time. So now the NAT > ip is found on https://check.torproject.org/exit-addresses which is a > bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic. In the previous msg I just repeated the exit-addresses URL. I actually meant to ask: for how long has the Exit been offline? The oldest by LastStatus are now from 2017-03-01 ~15:00. > > Is there a way to remove my NAT ip from the list of Tor exit nodes? The > NAT address does not see any Tor traffic anymore. > > Best regards, > Paw > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Remove IP from list of known Tor exit nodes
Hi, Your IP leaves the official list of current Exits automatically when it ceases to be an Exit. https://check.torproject.org/exit-addresses However, it will remain on any web-blocking lists for as long as the web-blocking list operators please. On the bright side you now have a daily reminder of the extent of Cloudflare's gigantic MitM business. Cloudflare and their filthy ilk couldn't care less about the collateral damage they're inflicting on millions of people (as evidenced by their dishonest, stalling approach to the Tor-Captcha problem and the recent "cloudbleed" incident - and the very idea of selling MitM as a substitute of security in depth - is evidence enough that the whole operation is in bad faith). The basic MO of their blocking lists: paint all traffic coming from one IP address with the same brush. Once something they deem "bad" comes from somewhere, use that as "ground truth" to "prove" that their "service" is useful. https://blog.torproject.org/blog/trouble-cloudflare Pure snake-oil. So why should they care for exactness? They just want to "make the web great again" for idiots by reducing the frequency of perceived "attacks", with minimal involvement or human effort. So it wouldn't surprise me if Cloudflare won't unlist your IP on request because a) apparently they don't think it worth their money to not piss off minorities such as Tor users and b) you know, the "bad guys could do that too". So maybe you'll have to route your home traffic through some VPN now to get around the Great Cloudwall. But who knows. Paw: > Dear all, > > By mistake I routed exit traffic from my Tor exit node through an IP > that is used for NAT'ing where I live, for a short time. So now the NAT > ip is found on https://check.torproject.org/exit-addresses which is a > bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic. > > Is there a way to remove my NAT ip from the list of Tor exit nodes? The > NAT address does not see any Tor traffic anymore. > > Best regards, > Paw > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] descriptor-id calc tool?
On Thu, Mar 02, 2017 at 01:11:00PM +, nusenu wrote: > nusenu: > > Shouldn't the first 2 or 3 hex digits of your output (after converting > > them to hex) without time option and the actual intro point FPs match > > when run at roughly the same time? > > > > example for duckduckgo: > > > > ./get-intro-points.py 3g2upl4pq6kufc4m [1] > > 3g2upl4pq6kufc4m:56782537778BEFC5A48080B58BE01E814AF9B5D3 > > 3g2upl4pq6kufc4m:769DBA4C0C992FCEA080618833FD7BF5AC1F4F41 > > 3g2upl4pq6kufc4m:744B753C7F5E0C6BDD240EE5D879A36C650D2B00 > > > > > > go run descriptor-id-calc.go 3g2upl4pq6kufc4m > > replica #0: sv5uuknuqvjgquf4hu4m6tvcyuyiyvw7 > > -> hex: 957B4A29B485526850BC3D38CF4EA2C5308C56DF > > > > replica #1: crpc4lkarusgflm5nblslpopg5qpvw7i > > -> hex: 145E2E2D408D2462AD9D685725BDCF3760FADBE8 > > > > they start with 95.. and 14.. but the actual intro points start with > > 56.., 76.. and 74.. ? > > I probably misunderstood how the design works. > > The introduction points are not chosen by calculating the descriptor-id > and finding the 3 HSDirs next to it (by sorted fingerprint). tldr: HSDir != IntroPoint. Introduction points are chosen by random by an onion service and unknown in advance. What is known in advance is only the onion address. Descriptor ID determines which HSDirs are responsible for storing corresponding descriptor. List of the current IntroPoints are embedded into descriptor (that's the reason we have descriptor thing in the first place). -- Ivan Markin ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Remove IP from list of known Tor exit nodes
Dear all, By mistake I routed exit traffic from my Tor exit node through an IP that is used for NAT'ing where I live, for a short time. So now the NAT ip is found on https://check.torproject.org/exit-addresses which is a bit unfortunate, since cloudFlare now does CAPCHA check on my NAT traffic. Is there a way to remove my NAT ip from the list of Tor exit nodes? The NAT address does not see any Tor traffic anymore. Best regards, Paw ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] descriptor-id calc tool?
nusenu: > > > Ivan Markin: >> On Tue, Feb 28, 2017 at 02:09:00AM +, nusenu wrote: > Is there a tool out there that tells me which HSDir is/will probably be > responsible for a given onion address (and at what time)? There's no tool, unless you can reverse SHA1. (Or brute-force a set of popular onion addresses.) >>> >>> I probably was not very clear in my question. I'm not aiming for the >>> reverse path, just the normal calculation a tor client does given an >>> onion address but instead of just calculating the current descriptor-id, >>> print descriptor-ids for the future N days for onion address M (for the >>> pre-prop224 world). >> >> FYI https://gist.github.com/nogoegst/895dde228496e04f409fc6d160a5de5a >> >> $ go run onion-desc-advance.go -time 1488288001 yrcfcqhja2ide7yh >> >> prints descriptor IDs for the given time for replica #1 and #2. > > Thanks for this. > > Shouldn't the first 2 or 3 hex digits of your output (after converting > them to hex) without time option and the actual intro point FPs match > when run at roughly the same time? > > example for duckduckgo: > > ./get-intro-points.py 3g2upl4pq6kufc4m [1] > 3g2upl4pq6kufc4m:56782537778BEFC5A48080B58BE01E814AF9B5D3 > 3g2upl4pq6kufc4m:769DBA4C0C992FCEA080618833FD7BF5AC1F4F41 > 3g2upl4pq6kufc4m:744B753C7F5E0C6BDD240EE5D879A36C650D2B00 > > > go run descriptor-id-calc.go 3g2upl4pq6kufc4m > replica #0: sv5uuknuqvjgquf4hu4m6tvcyuyiyvw7 > -> hex: 957B4A29B485526850BC3D38CF4EA2C5308C56DF > > replica #1: crpc4lkarusgflm5nblslpopg5qpvw7i > -> hex: 145E2E2D408D2462AD9D685725BDCF3760FADBE8 > > they start with 95.. and 14.. but the actual intro points start with > 56.., 76.. and 74.. ? I probably misunderstood how the design works. The introduction points are not chosen by calculating the descriptor-id and finding the 3 HSDirs next to it (by sorted fingerprint). signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-announce] Tor 0.2.9.10 is released
>> Changes in version 0.2.9.10 - 2017-03-01 >> [...] > > Starting this new version results in the following log entry: > > This version of Tor (0.2.9.10) is newer than any recommended version > in its series, according to the directory authorities. Recommended > versions are: > > 0.2.4.27,0.2.4.28,0.2.5.12,0.2.5.13,0.2.7.6,0.2.7.7,0.2.8.9,0.2.8.10,0.2.8.11,0.2.8.12,0.2.9.9,0.3.0.2-alpha,0.3.0.3-alpha > > Not sure if this is just informational or if it will affect Tor node > operation. This is just sub-optimal timing. Ideally tor dir auths would add new versions before they get released to the recommended versions list but in this case only moria1 was in time [1]. This log message should no longer appear as soon as tor26 or gabelmoo adds the new releases [2]. Maybe it would make sense to add support for version ranges so not every new release would require two dir auth operators to touch their configuration. [1] https://lists.torproject.org/pipermail/tor-consensus-health/2017-March/007748.html [2] https://consensus-health.torproject.org/#recommendedversions signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-announce] Tor 0.2.9.10 is released
On 01.03.2017 22:18, Nick Mathewson wrote: > Changes in version 0.2.9.10 - 2017-03-01 > [...] Starting this new version results in the following log entry: This version of Tor (0.2.9.10) is newer than any recommended version in its series, according to the directory authorities. Recommended versions are: 0.2.4.27,0.2.4.28,0.2.5.12,0.2.5.13,0.2.7.6,0.2.7.7,0.2.8.9,0.2.8.10,0.2.8.11,0.2.8.12,0.2.9.9,0.3.0.2-alpha,0.3.0.3-alpha Not sure if this is just informational or if it will affect Tor node operation. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] descriptor-id calc tool?
Ivan Markin: > On Tue, Feb 28, 2017 at 02:09:00AM +, nusenu wrote: Is there a tool out there that tells me which HSDir is/will probably be responsible for a given onion address (and at what time)? >>> >>> There's no tool, unless you can reverse SHA1. >>> (Or brute-force a set of popular onion addresses.) >> >> I probably was not very clear in my question. I'm not aiming for the >> reverse path, just the normal calculation a tor client does given an >> onion address but instead of just calculating the current descriptor-id, >> print descriptor-ids for the future N days for onion address M (for the >> pre-prop224 world). > > FYI https://gist.github.com/nogoegst/895dde228496e04f409fc6d160a5de5a > > $ go run onion-desc-advance.go -time 1488288001 yrcfcqhja2ide7yh > > prints descriptor IDs for the given time for replica #1 and #2. Thanks for this. Shouldn't the first 2 or 3 hex digits of your output (after converting them to hex) without time option and the actual intro point FPs match when run at roughly the same time? example for duckduckgo: ./get-intro-points.py 3g2upl4pq6kufc4m [1] 3g2upl4pq6kufc4m:56782537778BEFC5A48080B58BE01E814AF9B5D3 3g2upl4pq6kufc4m:769DBA4C0C992FCEA080618833FD7BF5AC1F4F41 3g2upl4pq6kufc4m:744B753C7F5E0C6BDD240EE5D879A36C650D2B00 go run descriptor-id-calc.go 3g2upl4pq6kufc4m replica #0: sv5uuknuqvjgquf4hu4m6tvcyuyiyvw7 -> hex: 957B4A29B485526850BC3D38CF4EA2C5308C56DF replica #1: crpc4lkarusgflm5nblslpopg5qpvw7i -> hex: 145E2E2D408D2462AD9D685725BDCF3760FADBE8 they start with 95.. and 14.. but the actual intro points start with 56.., 76.. and 74.. ? thanks [1] https://gist.github.com/nusenu/8339cfd5351b64c47676241a40ee2942 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays