Re: [tor-relays] FW: Lots of spam on new tor exit node.
Hi, > On 7 Sep 2019, at 21:06, > wrote: > > I have recently setup a new tor exit node but since about an hour of setting > it up it has been almost maxed out with spam. > https://metrics.torproject.org/rs.html#details/4AFECB973C2268D5074D8DEDAF0BDB604C89ED50 > > How can I combat it? > > I turned the node off for about an hour from about 6.30am GMT but the user > reconnected. From the looks of it they are connecting through the tor > network. DNS logs are looking like it is targeting illicit Russian drug > forums almost all with .biz domains. That's totally normal. People use anonymity for all sorts of reasons. And it's hard to tell the difference between spam and anonymous sites with weird names. Here's our advice for exit relays: * don't run them at home, if you're at risk from the police assuming the exit traffic is your traffic * don't monitor the sites that are accessed via the exit, because that is illegal in some places, and changes your legal risk in others T signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] FW: Lots of spam on new tor exit node.
I have recently setup a new tor exit node but since about an hour of setting it up it has been almost maxed out with spam. https://metrics.torproject.org/rs.html#details/4AFECB973C2268D5074D8DEDAF0BD B604C89ED50 How can I combat it? I turned the node off for about an hour from about 6.30am GMT but the user reconnected. From the looks of it they are connecting through the tor network. DNS logs are looking like it is targeting illicit Russian drug forums almost all with .biz domains. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] What could cause a huge clock skew (9 days) across Tor restarts - anyone else experienced something like this?
> On Sep 7, 2019, at 04:13, s7r wrote: > > after upgrading from 0.4.1.2 to 0.4.2.0, I did an entire system > reboot because I also updated some other stuff. So the entire OS > restarted, not just Tor daemon It seems likely that your machine's hardware clock is off. During a reboot, the system will come up using the hardware clock, then (if configured to do so) eventually correct the time using NTP. You can check the hardware clock by running 'hwclock' as root. If it's off, you can set it to your (presumed accurate) system time by executing 'hwclock --systohc'. --Ron ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
> On 7. Sep 2019, at 12:20, teor wrote: > > Hi, > > On 6 Sep 2019, at 20:14, Roman Mamedov wrote: > >>> Where does the security weakpoint risk come from? Does >>> apt-transport-tor/onion service repository availability help in your >>> mind here? >> >> As with adding any third-party repository, it means trusting the repository >> provider to install and run any root-privilege code on the machine. In case >> the repository server (or actually the release process, including signing) is >> compromised, on the next update it can serve malicious or backdoored versions >> of the software. So naturally from the security standpoint it is beneficial >> to >> add (and trust) as few repositories as possible, just to reduce the "attack >> surface". > > So one thing Tor could do here is run easily and securely without root? > > T Not really I think. I kind of subscribe to the same argument (I think it is the same argument at least) for almost all software I install: - I want fast and low-risk updates in the case of a security update, so please give me a patch that fixes only the security issue - I want a low-hassle installation, so frequently updating (more frequently than every other year or so) is really annoying. Especially if there could be changes in the configuration that I have to adapt, and even more so if I cannot have confidence that all configuration changes I might need to make are given during the update. - I never want a software to update without my knowledge, so absolutely no phoning home for updates/automatically updating. Even without root. Being able to execute a binary on a system is not very far from being root on that system these days. I think I apply this to every software with the exception of Tor, and for Tor I only do it because of my project involvement and the big trust I put into the maintainers of our repository. For other stuff, I just stop running it if it doesn't work out of the box provided by my distribution. Cheers Sebastian ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
My relays track current stable, though I prefer going slow updating unless a major CVE/TROVE lands. LTS is beneficial for many reasons and, from the enthused developer perspective perhaps best viewed as "necessary evil." Rather than thinking about killing LTS, is better to think about ways to campaign for and facilitate rapid migration to a latest LTS release when very important features arrive. Possibly this translates to early retirement via blacklisting of the eldest version. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
On Sat, 7 Sep 2019 20:20:06 +1000 teor wrote: > > As with adding any third-party repository, it means trusting the repository > > provider to install and run any root-privilege code on the machine. In case > > the repository server (or actually the release process, including signing) > > is > > compromised, on the next update it can serve malicious or backdoored > > versions > > of the software. So naturally from the security standpoint it is beneficial > > to > > add (and trust) as few repositories as possible, just to reduce the "attack > > surface". > > So one thing Tor could do here is run easily and securely without root? This will not address the concern, because AFAIK in Debian the package management scripts (contained inside the .deb's DEBIAN dir: preinst, postinst, prerm and postrm) always run with root privileges on package addition or removal. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
> Unfortunately, we still have something like 2500 relays on either Tor > 0.2.9-LTS or Tor 0.3.5-LTS. > > What are the reasons for this? My guess is the top 5 most common > responses are: > > 1. "I didn't know that Debian's backports repo has latest-stable Tor!" > 2. "I didn't see the Tor Project repos mentioned in Tor's Relay docs!" > 3. "I'm running a distribution that Tor Project doesn't have repos for." > 4. "I rolled my own custom Tor from git and forgot about it." > 5. "My relay machine was not getting any updates at all. Oops." > > Does anyone have a reason that they think many other relay operators > also share? > > How can we fix that for you, or at least, how can we make it easier to > run the very latest stable series Tor on your relay? - "I followed the official torproject documentation for Debian/Ubuntu which says 'apt install tor' in the first option" (before the relay guide has been introduced - which points to option two) https://2019.www.torproject.org/docs/debian.html.en - "I run vanilla debian and don't want to trust any third party or backport repos if not necessary" - "I want to run a relay with minimal effort and LTS releases happen less frequently -> less effort" - "If I update my relay frequently my cw decreases" - "Roger said tor 0.3.5 is especially stable, we like more stable software" (see the emails send out to operators on https://lists.torproject.org/pipermail/network-health/2019-September/thread.html ) -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays