Re: [tor-relays] Drop in consensus weight

[Markus Koch]

https://atlas.torproject.org/#details/B771AA877687F88E6F1CA5354756DF6C8A7B6B24

the same, others are perfectly fine. no clue why :/

markus


2016-11-08 12:52 GMT+01:00 r1610091651 :
> Hi all
>
> The consensus weight of the relay I'm running drop recently (5th of nov) to
> almost half of previous value. To my knowledge there was no changes on my
> end.
>
> https://atlas.torproject.org/#details/36EE8D47E570B8D5515460A9972F3CFD9EDFDFCE
>
> Is there a way to identify the cause of this drop? Is there anyone else in
> same situation?
>
> Thanks
> Seb
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] proper way to insert PGP key in torrc?

[Markus Koch]

They told me as long there are no abuse mails and no warez I can do whatever I 
want. So I am running two guards/middle relays with them. No problems.

markus

Sent from my iPad

> On 3 Nov 2016, at 13:44, patacca <pata...@autistici.org> wrote:
> 
>> On 03/11/2016 12:59, Markus Koch wrote:
>> You have good ISPs for very very little money in Italy ...
>> 
>> https://atlas.torproject.org/#details/FE3587D12AACD55486E7024A5EC8CE0994643BA0
>> 
>> just 1,99 € :)
>> 
> 
> 
> I wrote to seflow last year asking them whether they allow Tor running
> on a dedicated server and they replied that due to past abuses they do
> not allow it anymore, only with some private clients they make an exception.
> Did anything changed?
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] proper way to insert PGP key in torrc?

[Markus Koch]

You have good ISPs for very very little money in Italy ...

https://atlas.torproject.org/#details/FE3587D12AACD55486E7024A5EC8CE0994643BA0

just 1,99 € :)


2016-11-03 12:42 GMT+01:00 Marco Predicatori :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
>
>
> Toralf Förster wrote on 03/11/2016 11:39:
>>> https://atlas.torproject.org/#details/A1D5528320F51B910C996CE9988FAFAF4780044F
>>>
>> Advertised Bandwidth
>> 76.8 KB/s
>>
>> Not too much fun with such a lame relay I fear
>
> Very little fun indeed, but still better than nothing. :-)
>
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQIcBAEBCgAGBQJYGyKmAAoJEB/R9oFxDPMwyngP/0NCwUsYtd3l42fzRbvf89ej
> NejmVyR3x2trxznSO7tS5eRox8Mqd9QatGrG/WWv6T0Am1a0lKZxoyDT6bw0Jjgu
> zB9dHPanvIVBtudWexhgFp8NNM793RjLFDy8Onomfm4Pe0kLlsL+dxLuGuI8HWr9
> yddM4zN2NX2Z61vatl1P3I/NO/u+7I7kdKCzyiw7uyFICBhsVeMjJ3D7VbunS0DL
> 83BfJt8GsPBHgCFL2G/D2tEOXtu7zpeLC4O6/02rMs+pjUtbYJ0WajZW8hZXOopj
> VIcDLu1Z5uBHsxABlxXQYRbf12On0YatQNy7Z8HacKhfUa/w9FkoSgHDSfmSwBEP
> xBqV13CgPWn9isV598IjnYUC1fxywkr6GMj2cPTyXcZ+wRs6LHDdHJOOQm711uhZ
> Wzee5FFPDIdq9lRNLPV5QbkaHZWjJJT2dOmnyrI3Qyc9kEMHdF+bUzqKek2byA6l
> FfLbuN4VKbKs2Gk10K9hK/Orz/mH473q12jFODl/zUjxLO4cTKbBu8FdUR25s70z
> 5v86TR//DFy59i8Ngd237Gw/AOSodZa/wtF1oNh3ISCX1Z3WrtPeVTT6f0BzEvJA
> nz3E+nALS3CowuvQwkR6m6iblpk5ZE/7x0Xb+SoRBPIr/z/8clukCixoWZ52+VdI
> GP1WAS/tEyvaXd8FRjcg
> =dhOU
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor bandwith question

[Markus Koch]

2016-11-03 3:35 GMT+01:00 grarpamp :
> On Tue, Nov 1, 2016 at 8:31 AM, Michael Armbruster  wrote:
>>> Well, Tor-relay-debian says 250KBps (bytes):
>>> https://www.torproject.org/docs/tor-relay-debian.html.en
>>>
>>> But Tor-doc-relay says 2Mbps (bits):
>>> https://www.torproject.org/docs/tor-doc-relay.html.en
>>
>> Which is exactly the same, so it's ok :)
>
> No it's not ok because 'K' is not a valid prefix.

Welcome to geek culture!

> And 'b' (bits) is the proper context that network
> hardware and network applications use, not 'B' bytes.

Welcome to Linux culture!

> Whoever wrote / maintains that doc needs to fix it.
> And all posters in this thread posted invalid stuff too.
>

CCNP here, you are technically correct, good luck fighting with both cultures.

> No wonder users and operators are perpetually
> confused about what rates are, which rates
> have significance in tor, and how to configure them.
>
> See prior posts links wikipedia for using units / prefixes.

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Stats not updated for several days?

[Markus Koch]

Same here. 

Sent from my iPad

> On 1 Nov 2016, at 10:42, Michael Armbruster  wrote:
> 
>> On 2016-11-01 at 10:34, Pascal Terjan wrote:
>> For example 
>> https://atlas.torproject.org/#details/20462CBA5DA4C2D963567D17D0B7249718114A68
>> says uptime is 12 days and current version is 0.2.6.10 but I upgraded
>> the machine and updated tor to 0.2.8.9 over a day ago:
>> 
> 
> I currently have problems with the stats, too. "armbrust2" [1] is
> running for about 2 days again and it shows as not running. Though it is
> in the current concensus with the Running flag and weighted with 12500.
> 
> [1]
> https://atlas.torproject.org/#details/50EC45D8545D3BF901CD3EF677090F32E55BDA6B
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] manual vs. automated updates

[Markus Koch]

I was talking about the bridges you can see on the screen shot. These
were my "backup" Digital Ocean accounts because Digital Ocean kicked
my exits after 2-3 months. Digital Ocean is not allowing any exits
anymore so I use the prepaid accounts to run bridges. The bridges will
all die end of the year. I will just run them until the prepaid money
is gone. The three exists currently running with Digital Ocean are
also dead in  the water. Just waiting for the next abuse mail so they
get kicked. Trying and testing new exits for a world without Digital
Ocean.

Markus


2016-10-26 10:22 GMT+02:00 nusenu :
>> 32 relays updated (Debian + Tor compiled to latest version)
>>
>> I am getting too old for this without a server management system 
>
> not all relays with your contactinfo seem to be updated properly
> doing it manually is slow and error prone.
> Maybe consider using the 'unattended-upgrades' package?
>
> (only found 28 relays)
>
> +-+-++
> | version | nickname| restarted  |
> +-+-++
> | 0.2.8.7 | niftychipmunk   | 2016-10-26 |
> | 0.2.8.7 | niftymouse  | 2016-10-26 |
> | 0.2.8.7 | niftygerbil | 2016-10-26 |
> | 0.2.8.7 | niftyquokka | 2016-10-26 |
> | 0.2.8.9 | testnode2   | 2016-10-23 |
> | 0.2.8.9 | DOESaDEworkWITHtor1 | 2016-10-20 |
> | 0.2.8.9 | niftypedetes| 2016-10-26 |
> | 0.2.8.9 | niftyeuropeanrabbit | 2016-10-26 |
> | 0.2.8.9 | niftychinchilla | 2016-10-26 |
> | 0.2.8.9 | 2ndTRYdeEXIT| 2016-10-20 |
> | 0.2.8.9 | niftysugarglider| 2016-10-26 |
> | 0.2.8.9 | niftyvolcanorabbit  | 2016-10-26 |
> | 0.2.8.9 | niftyrat| 2016-10-26 |
> | 0.2.8.9 | niftypatagonianmara | 2016-10-25 |
> | 0.2.8.9 | niftywoodmouse  | 2016-10-25 |
> | 0.2.8.9 | niftysquirrel   | 2016-10-25 |
> | 0.2.8.9 | mullahspinymouse| 2016-10-26 |
> | 0.2.8.9 | niftybankvole   | 2016-10-25 |
> | 0.2.8.9 | capespinymouse  | 2016-10-26 |
> | 0.2.8.9 | niftyhedgehog   | 2016-10-25 |
> | 0.2.8.9 | niftycapybara   | 2016-10-26 |
> | 0.2.8.9 | testnode| 2016-10-23 |
> | 0.2.8.9 | cairospinymouse | 2016-10-26 |
> | 0.2.8.9 | niftykangaroorat| 2016-10-25 |
> | 0.2.8.9 | niftypika   | 2016-10-26 |
> | 0.2.8.9 | niftyjerboa | 2016-10-26 |
> | 0.2.8.9 | niftyguineapig  | 2016-10-26 |
> | 0.2.8.9 | niftycottontail | 2016-10-26 |
> +-+-++
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

[Markus Koch]

Okay, Its 6am and I need more coffee. Sorry, my bad!
Thank you very much!

Markus

2016-10-28 6:05 GMT+02:00 grarpamp <grarp...@gmail.com>:
> On Thu, Oct 27, 2016 at 11:57 PM, Markus Koch <niftybu...@googlemail.com> 
> wrote:
>> I tried to reject the IP
>> space of funio but Tor is telling me its not allowed. Why?
>
> Your syntax is probably wrong. Search and read the "ExitPolicy"
> section in the manpage for tor(1). You probably want...
>
> ExitPolicy reject 184.107.0.0/16:*
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

[Markus Koch]

You cant, Tor will give out a error msg:

Oct 28 07:07:32.653 [warn] Malformed mask on address range
"184.107.0.0/16*"; rejecting.
Oct 28 07:07:32.654 [warn] Couldn't parse line "184.107.0.0/16*". Dropping
Oct 28 07:07:32.654 [warn] Malformed policy 'reject 184.107.0.0/16*'.
Discarding entire policy list.
Oct 28 07:07:32.654 [warn] Failed to parse/validate config: Error in
ExitPolicy entry.
Oct 28 07:07:32.654 [err] Reading config failed--see warnings above.

WTF?


2016-10-28 5:59 GMT+02:00 John Ricketts <j...@quintex.com>:
> I am getting them as well.  I haven't blocked yet, are you suggesting we 
> should?
>
>> On Oct 27, 2016, at 22:58, Markus Koch <niftybu...@googlemail.com> wrote:
>>
>> Getting abuse mass mails on nearly all exist in the last hours:
>>
>> The following intrusion attempts were detected:
>>
>> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400]
>> "GET / HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
>> Gecko/20100101 Firefox/7.0.1"
>> ./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400]
>> "GET /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
>> HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
>> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:30
>> -0400] "GET / HTTP/1.1" 200 26737 "-" "Mozilla/5.0 (Windows NT 5.1;
>> rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:31
>> -0400] "GET /search-listing.php?list_search_box==Search&
>> HTTP/1.1" 200 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT
>> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400] "GET /
>> HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
>> Gecko/20100101 Firefox/7.0.1"
>> ./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400] "GET
>> /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
>> HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
>> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
>> [27/Oct/2016:00:30:30 -0400] "GET / HTTP/1.1" 200 26737 "-"
>> "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>> ./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
>> [27/Oct/2016:00:30:31 -0400] "GET
>> /search-listing.php?list_search_box==Search& HTTP/1.1" 200
>> 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
>> Gecko/20100101 Firefox/7.0.1"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [26/Oct/2016:23:41:12 -0400] "GET
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
>> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
>> Firefox/38.0"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [26/Oct/2016:23:41:16 -0400] "POST
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 116
>> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
>> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:00:02:49 -0400] "GET
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 17902
>> "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
>> Firefox/38.0"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:00:02:51 -0400] "POST
>> /index.php?option=com_user=register=2 HTTP/1.1" 200 116
>> "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
>> (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:10:32:33 -0400] "GET
>> /index.php?option=com_user=activate=e36afd6ab6a066e3485fcd4aedbc74ac
>> HTTP/1.1" 200 11230 "-" ""
>> ./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
>> [27/Oct/2016:10:32:34 -0400] "GET
>> /index.php?option=com_user=login HTTP/1.1" 200 12349 "-"
>> "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/38.0.2125.104 Safari/537.36"
>> ./hansenq/hqhospitality.hansen-qua

[tor-relays] ExitPolicy reject 184.107.0.0/16* funio.com

[Markus Koch]

Getting abuse mass mails on nearly all exist in the last hours:

The following intrusion attempts were detected:

./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400]
"GET / HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./pilipia/pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400]
"GET /?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:30
-0400] "GET / HTTP/1.1" 200 26737 "-" "Mozilla/5.0 (Windows NT 5.1;
rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./autoparcs.promoafrik.com:188.166.63.113 - - [27/Oct/2016:00:30:31
-0400] "GET /search-listing.php?list_search_box==Search&
HTTP/1.1" 200 9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:35 -0400] "GET /
HTTP/1.1" 200 5734 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./pilipiak.com:188.166.63.113 - - [27/Oct/2016:18:06:36 -0400] "GET
/?subscribe-email=dlcw87%40hotmail.com=Informez-moi&
HTTP/1.1" 200 5734 "http://pilipiak.com/; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
[27/Oct/2016:00:30:30 -0400] "GET / HTTP/1.1" 200 26737 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
./promoaf/autoparcs.promoafrik.com:188.166.63.113 - -
[27/Oct/2016:00:30:31 -0400] "GET
/search-listing.php?list_search_box==Search& HTTP/1.1" 200
9280 "http://autoparcs.com/; "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:12 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:16 -0400] "POST
/index.php?option=com_user=register=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:49 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:51 -0400] "POST
/index.php?option=com_user=register=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:33 -0400] "GET
/index.php?option=com_user=activate=e36afd6ab6a066e3485fcd4aedbc74ac
HTTP/1.1" 200 11230 "-" ""
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:34 -0400] "GET
/index.php?option=com_user=login HTTP/1.1" 200 12349 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:36 -0400] "POST
/index.php?option=com_user=login HTTP/1.1" 200 116
"http://hq-hospitality.com/index.php?option=com_user=login;
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:10:32:38 -0400] "GET
/index.php?option=com_user=user=edit HTTP/1.1" 200 25720 "-"
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:12:55:40 -0400] "GET
/index.php?option=com_user=activate=72ca806c4be186be71e7a5e0316e8681
HTTP/1.1" 200 11230 "-" ""
./hansenq/hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:19:28:56 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:12 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[26/Oct/2016:23:41:16 -0400] "POST
/index.php?option=com_user=register=2 HTTP/1.1" 200 116
"-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36"
./hqhospitality.hansen-quao.com:188.166.63.113 - -
[27/Oct/2016:00:02:49 -0400] "GET
/index.php?option=com_user=register=2 HTTP/1.1" 200 17902
"-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Firefox/38.0"
./hqhospitality.hansen-quao.com:188.166.63.113 - -

Re: [tor-relays] Abuses: Suspicious botnet ramnit attack

[Markus Koch]

No. Thats my problem too, around 90% of my abuse mails are bot related
and you cant do anything about it.

Markus


2016-10-27 20:24 GMT+02:00 pa011 :
> Hi,
>
> got the abuse below on three different exits. Anybody having any idea what to 
> do and how to possibly to stop this in the future?
> Thanks Paul
>
>
> CERT-EU has received information regarding an infected IP belonging to your
> network, which may have security problems. The information regarding the 
> problems
> is also included as attachments in both CSV and XML formats. All timestamps 
> are in
> UTC.
> At this time we do not have any more information.
>
> Where:
> - ASN: is the Autonomous System Number;
> - IP:  the Internet Protocol address associated with this activity;
> - TIME: discovery time of the malicious activity;
> - PTR/DNAME: PTR/DNAME record
> - CC: ISO 3166-1 alpha-2 two-letter country code;
> - TYPE: type of the security problem or threat;
>
> - INFO: provides any additional information, if 
> available.asn|ip|time|ptr|cc|type|info|info2
>
> ASx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: 
> Ramnit botnet victim connection to sinkhole details, Timestamp : 
> 1477397409.72, City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last 
> Seen: 25-10-2016
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] manual vs. automated updates

[Markus Koch]

niftyeuropeanbunny -> bridges, a lot of them

Markus 

Sent from my iPad

On 26 Oct 2016, at 10:22, nusenu  wrote:

>> 32 relays updated (Debian + Tor compiled to latest version)
>> 
>> I am getting too old for this without a server management system 
> 
> not all relays with your contactinfo seem to be updated properly
> doing it manually is slow and error prone.
> Maybe consider using the 'unattended-upgrades' package?
> 
> (only found 28 relays)
> 
> +-+-++
> | version | nickname| restarted  |
> +-+-++
> | 0.2.8.7 | niftychipmunk   | 2016-10-26 |
> | 0.2.8.7 | niftymouse  | 2016-10-26 |
> | 0.2.8.7 | niftygerbil | 2016-10-26 |
> | 0.2.8.7 | niftyquokka | 2016-10-26 |
> | 0.2.8.9 | testnode2   | 2016-10-23 |
> | 0.2.8.9 | DOESaDEworkWITHtor1 | 2016-10-20 |
> | 0.2.8.9 | niftypedetes| 2016-10-26 |
> | 0.2.8.9 | niftyeuropeanrabbit | 2016-10-26 |
> | 0.2.8.9 | niftychinchilla | 2016-10-26 |
> | 0.2.8.9 | 2ndTRYdeEXIT| 2016-10-20 |
> | 0.2.8.9 | niftysugarglider| 2016-10-26 |
> | 0.2.8.9 | niftyvolcanorabbit  | 2016-10-26 |
> | 0.2.8.9 | niftyrat| 2016-10-26 |
> | 0.2.8.9 | niftypatagonianmara | 2016-10-25 |
> | 0.2.8.9 | niftywoodmouse  | 2016-10-25 |
> | 0.2.8.9 | niftysquirrel   | 2016-10-25 |
> | 0.2.8.9 | mullahspinymouse| 2016-10-26 |
> | 0.2.8.9 | niftybankvole   | 2016-10-25 |
> | 0.2.8.9 | capespinymouse  | 2016-10-26 |
> | 0.2.8.9 | niftyhedgehog   | 2016-10-25 |
> | 0.2.8.9 | niftycapybara   | 2016-10-26 |
> | 0.2.8.9 | testnode| 2016-10-23 |
> | 0.2.8.9 | cairospinymouse | 2016-10-26 |
> | 0.2.8.9 | niftykangaroorat| 2016-10-25 |
> | 0.2.8.9 | niftypika   | 2016-10-26 |
> | 0.2.8.9 | niftyjerboa | 2016-10-26 |
> | 0.2.8.9 | niftyguineapig  | 2016-10-26 |
> | 0.2.8.9 | niftycottontail | 2016-10-26 |
> +-+-++
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

[Markus Koch]

I did it like a real man, just me hands and putty without any bash scripts and 
these modern devil tools!

markus


Sent from my iPad

> On 26 Oct 2016, at 09:18, John Ricketts <j...@quintex.com> wrote:
> 
> I feel you Markus, I did 24.  I wrote a bash script to update/upgrade/reboot. 
> 
>> On Oct 26, 2016, at 02:17, Markus Koch <niftybu...@googlemail.com> wrote:
>> 
>> 32 relays updated (Debian + Tor compiled to latest version)
>> 
>> I am getting too old for this without a server management system 
>> 
>> Markus
>> 
>> 
>> 
>> 
>> 2016-10-25 23:48 GMT+02:00 nusenu <nus...@openmailbox.org>:
>>> just a reminder since most of the tor network (including some of the
>>> biggest operators) still runs vulnerable relays
>>> 
>>> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>>> 
>>> 
>>> Since 2/3 directory authorities removed most vulnerable versions from
>>> their 'recommended versions' you should see a log entry if you run
>>> outdated versions (except if you run 0.2.5.12).
>>> 
>>> 
>>> It is not possible to reliable determine the exact CW fraction
>>> affected[1] due to the fact that patches were released that didn't
>>> increase tor's version number.
>>> Therefore it is also possible that you get log entries even if you run a
>>> patched version (IMHO this hasn't been handled in the most professional
>>> way).
>>> 
>>> 
>>> Update instructions
>>> 
>>> Debian/Ubuntu
>>> ==
>>> 
>>> make sure you use the Torproject repository:
>>> https://www.torproject.org/docs/debian.html.en
>>> 
>>> (you can also use the debian repository but the Torproject's repo will
>>> provide you with the latest releases)
>>> 
>>> 
>>> aptitude update && aptitude install tor
>>> 
>>> 
>>> CentOS/RHEL/Fedora
>>> ===
>>> 
>>> yum install --enablerepo=epel-testing tor
>>> 
>>> 
>>> FreeBSD
>>> 
>>> 
>>> pkg update
>>> pkg upgrade
>>> 
>>> OpenBSD
>>> ===
>>> 
>>> pkg_add -u tor
>>> 
>>> 
>>> Windows
>>> 
>>> 
>>> No updated binaries available for this platform yet.
>>> 
>>> 
>>> 
>>> 
>>> [1] as of 2016-10-25 18:00 (onionoo data)
>>> conservative estimate
>>> --
>>> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched)
>>> 31% CW fraction patched
>>> 
>>> optimistic estimate
>>> ---
>>> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12,
>>> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched):
>>> 43% CW fraction patched
>>> 
>>> 
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

[Markus Koch]

32 relays updated (Debian + Tor compiled to latest version)

I am getting too old for this without a server management system 

Markus




2016-10-25 23:48 GMT+02:00 nusenu :
> just a reminder since most of the tor network (including some of the
> biggest operators) still runs vulnerable relays
>
> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>
>
> Since 2/3 directory authorities removed most vulnerable versions from
> their 'recommended versions' you should see a log entry if you run
> outdated versions (except if you run 0.2.5.12).
>
>
> It is not possible to reliable determine the exact CW fraction
> affected[1] due to the fact that patches were released that didn't
> increase tor's version number.
> Therefore it is also possible that you get log entries even if you run a
> patched version (IMHO this hasn't been handled in the most professional
> way).
>
>
> Update instructions
>
> Debian/Ubuntu
> ==
>
> make sure you use the Torproject repository:
> https://www.torproject.org/docs/debian.html.en
>
> (you can also use the debian repository but the Torproject's repo will
> provide you with the latest releases)
>
>
> aptitude update && aptitude install tor
>
>
> CentOS/RHEL/Fedora
> ===
>
> yum install --enablerepo=epel-testing tor
>
>
> FreeBSD
> 
>
> pkg update
> pkg upgrade
>
> OpenBSD
> ===
>
> pkg_add -u tor
>
>
> Windows
> 
>
> No updated binaries available for this platform yet.
>
>
>
>
> [1] as of 2016-10-25 18:00 (onionoo data)
> conservative estimate
> --
> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched)
> 31% CW fraction patched
>
> optimistic estimate
> ---
> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12,
> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched):
> 43% CW fraction patched
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] You dont love me anymore :(

[Markus Koch]

Just solved but thank you very much for helping me out. It was
confusing without end because this server was up for 10 months and
high traffic.

Markus


2016-10-18 20:30 GMT+02:00 Tristan <supersluet...@gmail.com>:
> According to this page:
> https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
>
> Looks like you need to get in touch work bad-rel...@lists.torproject.org
>
> What's strange is that the bad relay team should have contacted you before
> making a decision.
>
>
> On Oct 18, 2016 1:23 PM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>
>> Thank you very much. How do I dispute this?
>>
>>
>> 2016-10-18 20:20 GMT+02:00 Tristan <supersluet...@gmail.com>:
>> > I don't know why or how, but you've got the BadExit flag from moria1:
>> > https://consensus-health.torproject.org/consensus-health.html
>> >
>> >
>> > On Oct 18, 2016 1:16 PM, "Markus Koch" <niftybu...@googlemail.com>
>> > wrote:
>> >>
>> >> This is a guard/middle and should be good ...
>> >>
>> >>
>> >>
>> >> https://atlas.torproject.org/#details/B771AA877687F88E6F1CA5354756DF6C8A7B6B24
>> >>
>> >> and I have never ever seen this before.
>> >>
>> >> Markus
>> >>
>> >>
>> >> 2016-10-18 20:13 GMT+02:00 Tristan <supersluet...@gmail.com>:
>> >> > I've seen 404s from time to time, but this is new. Did you get a bad
>> >> > relay
>> >> > flag somehow???
>> >> >
>> >> >
>> >> > On Oct 18, 2016 1:12 PM, "Markus Koch" <niftybu...@googlemail.com>
>> >> > wrote:
>> >> >>
>> >> >>  20:08:18 [WARN] Received http status code 404 ("Not found") from
>> >> >> server '86.59.21.38:80' while fetching
>> >> >> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401C02A-
>> >> >>8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>> >> >>  20:06:18 [WARN] Received http status code 404 ("Not found") from
>> >> >> server '194.109.206.212:80' while fetching
>> >> >> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401-
>> >> >>C02A8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>> >> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> >> this range.") response from dirserver '171.25.193.9:443'. Please
>> >> >> correct.
>> >> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> >> this range.") response from dirserver '154.35.175.225:80'. Please
>> >> >> correct.
>> >> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> >> this range.") response from dirserver '131.188.40.189:80'. Please
>> >> >> correct.
>> >> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> >> this range.") response from dirserver '86.59.21.38:80'. Please
>> >> >> correct.
>> >> >>
>> >> >> This is my niftypika server. This is animal abuse! Seriously, WTF is
>> >> >> going wrong?
>> >> >>
>> >> >> Markus
>> >> >> ___
>> >> >> tor-relays mailing list
>> >> >> tor-relays@lists.torproject.org
>> >> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >> >
>> >> >
>> >> > ___
>> >> > tor-relays mailing list
>> >> > tor-relays@lists.torproject.org
>> >> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >> >
>> >> ___
>> >> tor-relays mailing list
>> >> tor-relays@lists.torproject.org
>> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> >
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] You dont love me anymore :(

[Markus Koch]

For this animal abuse I demand a pika and t-shirt from you. Its not
fair at all that pikas died out in europe 25 million years ago and you
guys in america still have them :/

Ill show myself out 

Markus

ps: thx for fixing it


2016-10-18 20:28 GMT+02:00 David Goulet <dgou...@torproject.org>:
> On 18 Oct (20:11:45), Markus Koch wrote:
>>  20:08:18 [WARN] Received http status code 404 ("Not found") from
>> server '86.59.21.38:80' while fetching
>> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401C02A-
>>8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>>  20:06:18 [WARN] Received http status code 404 ("Not found") from
>> server '194.109.206.212:80' while fetching
>> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401-
>>C02A8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '171.25.193.9:443'. Please
>> correct.
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '154.35.175.225:80'. Please
>> correct.
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '131.188.40.189:80'. Please
>> correct.
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '86.59.21.38:80'. Please
>> correct.
>>
>> This is my niftypika server. This is animal abuse! Seriously, WTF is
>> going wrong?
>
> Hi!
>
> It turns out that our last change to the dirauth configuration to reject newly
> discovered malicious relays had the _wrong_ IPs for the relay fingerprints...
> and you relay IP was a victim of this :S ...
>
> My apologize! I'm currently working on fixing this, you should be back in the
> consensus once authorities update from the mistake.
>
> Again, sorry!
> David
>
>>
>> Markus
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] You dont love me anymore :(

[Markus Koch]

Thank you very much. How do I dispute this?


2016-10-18 20:20 GMT+02:00 Tristan <supersluet...@gmail.com>:
> I don't know why or how, but you've got the BadExit flag from moria1:
> https://consensus-health.torproject.org/consensus-health.html
>
>
> On Oct 18, 2016 1:16 PM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>
>> This is a guard/middle and should be good ...
>>
>>
>> https://atlas.torproject.org/#details/B771AA877687F88E6F1CA5354756DF6C8A7B6B24
>>
>> and I have never ever seen this before.
>>
>> Markus
>>
>>
>> 2016-10-18 20:13 GMT+02:00 Tristan <supersluet...@gmail.com>:
>> > I've seen 404s from time to time, but this is new. Did you get a bad
>> > relay
>> > flag somehow???
>> >
>> >
>> > On Oct 18, 2016 1:12 PM, "Markus Koch" <niftybu...@googlemail.com>
>> > wrote:
>> >>
>> >>  20:08:18 [WARN] Received http status code 404 ("Not found") from
>> >> server '86.59.21.38:80' while fetching
>> >> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401C02A-
>> >>8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>> >>  20:06:18 [WARN] Received http status code 404 ("Not found") from
>> >> server '194.109.206.212:80' while fetching
>> >> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401-
>> >>C02A8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> this range.") response from dirserver '171.25.193.9:443'. Please
>> >> correct.
>> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> this range.") response from dirserver '154.35.175.225:80'. Please
>> >> correct.
>> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> this range.") response from dirserver '131.188.40.189:80'. Please
>> >> correct.
>> >>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> >> this range.") response from dirserver '86.59.21.38:80'. Please
>> >> correct.
>> >>
>> >> This is my niftypika server. This is animal abuse! Seriously, WTF is
>> >> going wrong?
>> >>
>> >> Markus
>> >> ___
>> >> tor-relays mailing list
>> >> tor-relays@lists.torproject.org
>> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> >
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] You dont love me anymore :(

[Markus Koch]

This is a guard/middle and should be good ...

https://atlas.torproject.org/#details/B771AA877687F88E6F1CA5354756DF6C8A7B6B24

and I have never ever seen this before.

Markus


2016-10-18 20:13 GMT+02:00 Tristan <supersluet...@gmail.com>:
> I've seen 404s from time to time, but this is new. Did you get a bad relay
> flag somehow???
>
>
> On Oct 18, 2016 1:12 PM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>
>>  20:08:18 [WARN] Received http status code 404 ("Not found") from
>> server '86.59.21.38:80' while fetching
>> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401C02A-
>>8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>>  20:06:18 [WARN] Received http status code 404 ("Not found") from
>> server '194.109.206.212:80' while fetching
>> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401-
>>C02A8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '171.25.193.9:443'. Please
>> correct.
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '154.35.175.225:80'. Please
>> correct.
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '131.188.40.189:80'. Please
>> correct.
>>  20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
>> this range.") response from dirserver '86.59.21.38:80'. Please
>> correct.
>>
>> This is my niftypika server. This is animal abuse! Seriously, WTF is
>> going wrong?
>>
>> Markus
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] You dont love me anymore :(

[Markus Koch]

 20:08:18 [WARN] Received http status code 404 ("Not found") from
server '86.59.21.38:80' while fetching
"/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401C02A-
   8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
 20:06:18 [WARN] Received http status code 404 ("Not found") from
server '194.109.206.212:80' while fetching
"/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401-
   C02A8DF2E8B4-692049A2E7868BE9933107A39B1CE0C7CBF1BF65".
 20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
this range.") response from dirserver '171.25.193.9:443'. Please
correct.
 20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
this range.") response from dirserver '154.35.175.225:80'. Please
correct.
 20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
this range.") response from dirserver '131.188.40.189:80'. Please
correct.
 20:05:18 [WARN] http status 400 ("Authdir is rejecting routers in
this range.") response from dirserver '86.59.21.38:80'. Please
correct.

This is my niftypika server. This is animal abuse! Seriously, WTF is
going wrong?

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] RPi Relay Maximum Speed

[Markus Koch]

okay, pls ignore my post.

2016-10-12 14:49 GMT+02:00 Tristan <supersluet...@gmail.com>:
> Last I heard, the Raspberry Pi was only capable of 100Mbps because the
> ethernet port is on the same bus as the USB ports, and the chipset used only
> supports 100Mbps. I could be wrong though.
>
>
> On Oct 12, 2016 7:42 AM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>
>> Everyone should have full duplex by now.
>>
>> So he has 200 mbit on a fast ethernet port.
>>
>> Sent from my iPad
>>
>> On 12 Oct 2016, at 14:20, Tristan <supersluet...@gmail.com> wrote:
>>
>> Remember, a relay has to download and upload as well, so your 100Mbps link
>> would really only be able to _relay_ at 50Mbps anyway.
>>
>>
>> On Oct 12, 2016 4:17 AM, "Farid Joubbi" <jou...@kth.se> wrote:
>>>
>>> The hardware in your raspberry is way too weak to be able to push 100
>>> Mbit/s.
>>>
>>> My guess is that Atlas will show somewhere just below 1 MByte for your
>>> relay.
>>>
>>>
>>> I have tried to find cost effective hardware for a relay that is able to
>>> push around 100 Mbit/s. All the options I have looked at turned out to be a
>>> bit too expensive for my taste (and wallet). Either the initial cost or the
>>> energy usage is too high for such hardware for my purposes.
>>>
>>>
>>> 
>>> From: tor-relays <tor-relays-boun...@lists.torproject.org> on behalf of
>>> Volker Mink <volker.m...@gmx.de>
>>> Sent: 12 October 2016 09:09
>>> To: tor-relays@lists.torproject.org
>>> Subject: Re: [tor-relays] RPi Relay Maximum Speed
>>>
>>> So the best would be to use two raspis or your old gaming-workstation -
>>> depends on the costs for energy
>>>
>>> Gesendet: Mittwoch, 12. Oktober 2016 um 07:55 Uhr
>>> Von: "Roman Mamedov" <r...@romanrm.net>
>>> An: Manny <fel...@posteo.de>
>>> Cc: "Tor relays" <tor-relays@lists.torproject.org>
>>> Betreff: Re: [tor-relays] RPi Relay Maximum Speed
>>> On Wed, 12 Oct 2016 07:18:56 +0200
>>> Manny <fel...@posteo.de> wrote:
>>>
>>> > I have a 1gbit symmetric connection at home and would like to donate
>>> > 100mbit with my raspberry pi 3 model b. Since it has a 100mbit Network
>>> > Interface, I'm limited to that anyways.
>>> >
>>> > What Settings do I Need in my torcc to get the Maximum Speed? At the
>>> > Moment I entered 12 Mbytes - which Shows up at 96 mb/s in Arm - is that
>>> > correct and my understanding of things is just the opposite?
>>> > Max Speed, I think, should be 12.7mb/s for a 100mbit Connection?
>>>
>>> mb is not a thing that exists;
>>> Mb is megabits: https://en.wikipedia.org/wiki/Megabit
>>> MB is megabytes: https://en.wikipedia.org/wiki/Megabyte
>>>
>>> What you entered in torrc is currently correct. But since your board has
>>> a 100
>>> Mbit interface anyway, it would be better if you just omit the bandwidth
>>> limit
>>> line entirely.
>>>
>>> Also, actually hit anything remotely close to 100 Mbit, you'll absolutely
>>> have
>>> to run two instances of Tor. The Raspberry Pi 3 has 4 CPU cores, but each
>>> core
>>> on its own is not very fast. One copy of Tor only uses about 1 to 1.3
>>> cores,
>>> so to fully utilize your hardware you need more than one. Ideally you'd
>>> set up
>>> four, but the Tor network will only accept two running from the same IPv4
>>> address. It appears that these days there's a built-in script for that,
>>> see
>>> "man tor-instance-create".
>>>
>>> --
>>> With respect,
>>> Roman
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] RPi Relay Maximum Speed

[Markus Koch]

Everyone should have full duplex by now.

So he has 200 mbit on a fast ethernet port.

Sent from my iPad

> On 12 Oct 2016, at 14:20, Tristan  wrote:
> 
> Remember, a relay has to download and upload as well, so your 100Mbps link 
> would really only be able to _relay_ at 50Mbps anyway.
> 
> 
>> On Oct 12, 2016 4:17 AM, "Farid Joubbi"  wrote:
>> The hardware in your raspberry is way too weak to be able to push 100 Mbit/s.
>> My guess is that Atlas will show somewhere just below 1 MByte for your relay.
>> 
>> I have tried to find cost effective hardware for a relay that is able to 
>> push around 100 Mbit/s. All the options I have looked at turned out to be a 
>> bit too expensive for my taste (and wallet). Either the initial cost or the 
>> energy usage is too high for such hardware for my purposes.
>> 
>> From: tor-relays  on behalf of 
>> Volker Mink 
>> Sent: 12 October 2016 09:09
>> To: tor-relays@lists.torproject.org
>> Subject: Re: [tor-relays] RPi Relay Maximum Speed
>>  
>> So the best would be to use two raspis or your old gaming-workstation - 
>> depends on the costs for energy
>>  
>> Gesendet: Mittwoch, 12. Oktober 2016 um 07:55 Uhr
>> Von: "Roman Mamedov" 
>> An: Manny 
>> Cc: "Tor relays" 
>> Betreff: Re: [tor-relays] RPi Relay Maximum Speed
>> On Wed, 12 Oct 2016 07:18:56 +0200
>> Manny  wrote:
>> 
>> > I have a 1gbit symmetric connection at home and would like to donate
>> > 100mbit with my raspberry pi 3 model b. Since it has a 100mbit Network
>> > Interface, I'm limited to that anyways.
>> >
>> > What Settings do I Need in my torcc to get the Maximum Speed? At the
>> > Moment I entered 12 Mbytes - which Shows up at 96 mb/s in Arm - is that
>> > correct and my understanding of things is just the opposite?
>> > Max Speed, I think, should be 12.7mb/s for a 100mbit Connection?
>> 
>> mb is not a thing that exists;
>> Mb is megabits: https://en.wikipedia.org/wiki/Megabit
>> MB is megabytes: https://en.wikipedia.org/wiki/Megabyte
>> 
>> What you entered in torrc is currently correct. But since your board has a 
>> 100
>> Mbit interface anyway, it would be better if you just omit the bandwidth 
>> limit
>> line entirely.
>> 
>> Also, actually hit anything remotely close to 100 Mbit, you'll absolutely 
>> have
>> to run two instances of Tor. The Raspberry Pi 3 has 4 CPU cores, but each 
>> core
>> on its own is not very fast. One copy of Tor only uses about 1 to 1.3 cores,
>> so to fully utilize your hardware you need more than one. Ideally you'd set 
>> up
>> four, but the Tor network will only accept two running from the same IPv4
>> address. It appears that these days there's a built-in script for that, see
>> "man tor-instance-create".
>> 
>> --
>> With respect,
>> Roman
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.

[Markus Koch]

tldr: epic quest chain, this ISP item must be orange.

2016-10-11 10:53 GMT+02:00 Moritz Bartl :
> On 10/11/2016 12:51 AM, Kenneth Freeman wrote:
> I set up my own ISP (AS28715) so I could run Tor exits etc without any
> trouble.
 Could you share a bit more about what is involved in doing that?
>>> I'd also be very interested in learning more about setting up an ISP
>>> for Tor. Is it a non-profit? How many man hours did it take (roughly)
>>> to get the structure in place? How much money (roughly) did it take?
>>> How much legal consultation did it require to setup?
>> I'm intrigued by this myself.
>
> There are different phases or activities one might consider being part
> of "creating an ISP".
>
> Legally, you "create an ISP" by operating a Tor exit relay.
>
> As always, for exit relays, I strongly urge people to get listed in the
> WHOIS of the respective IP range, especially as abuse contact. As soon
> as you're listed there, a lot more people will regard you as "the ISP".
>
> In theory it does not matter what type of legal entity is listed there;
> I know of hosting providers run by single individuals without another
> legal entity "around them", and it works just fine. Still, in many
> cases, if they see the name of an individual, they will more likely
> assume that you might be the culprit, than if it just lists an
> incorporated entity.
>
> Then, the next step is to get your own Autonomous System Number. Quite a
> number of complaints don't go to the abuse contact listed in the IP
> range, but directly to the "upstream" Autonomous System operator. You
> "catch" these types of complaints by registering your own, and your own
> IP space. Then, the hunt for "exit friendly hosters" turns into a hunt
> for ISPs that will announce your IP space and your ASN.
>
> In most jurisdictions, you do not register "common carrier-type"
> activities with the government; you have to register Internet _access_
> providers in certain jurisdictions (eg. Germany), but you do not _want_
> to be an _access_ provider with your exit relays.
>
> To get an Autonomous System Number and IP space, the place to go to
> depends on _your_ jurisdiction: ARIN (US/CAN), RIPE (EU), APNIC (Asia),
> LANIC (Latin America), AFRINIC (Africa); IP ranges and ASNs can then be
> announced by any hosting provider.
>
> For examples, see
> https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE
>
> --
> Moritz Bartl
> https://www.torservers.net/
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Digital Ocean - running Exit node locked

[Markus Koch]

Thats really really bad news. Over 400 Digitalocean relays out there :(

Markus

2016-10-09 11:44 GMT+02:00 pa011 <pa...@web.de>:
> OK further bad news, Exit shut down by DO yesterday.
> Here the latest statement from them:
>
> "Additionally, we are not allowing further TOR exit nodes on our 
> infrastructure - they generate a large amount of abuse, are used for various 
> illegal activities, and attract a large number of DDoS attacks.
>
> You're more than welcome to run bridges, obfs proxies, and relays, but 
> running an exit node is at your own risk, and sufficient abuse may result in 
> suspension of service."
>
>
>
>
> Am 08.10.2016 um 05:00 schrieb Alecks Gates:
>> I'm running on DO as well with the reduced exit policy and have had
>> about five complaints in 2 months.  DO certainly appears to be getting
>> less and less happy.  I'm glad to know it's not just me, though.
>>
>> Hopefully a curated list of IPs to reject will help a lot.  Thanks for
>> the link to tornull.
>>
>> Exit Node fingerprints:
>> E553AC1CA05365EA218D477C2FF4C48986919D07
>> 889550CB9C98CF172CB977AA942B77E9759056C2
>>
>> Alecks
>>
>> On 10/07/2016 07:04 PM, Matthew Finkel wrote:
>>> On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote:
>>>> 2016-10-08 0:09 GMT+02:00 Tristan <supersluet...@gmail.com>:
>>>>> This page has 3 policies: Reduce exit policy, reduced-reduced exit policy,
>>>>> and a lightweight example policy.
>>>>>
>>>>> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
>>>>>
>>>>>
>>>>> On Oct 7, 2016 5:01 PM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>>>>>
>>>>>> reduced-reduced exit policy. ?
>>>>>>
>>>>>> Illuminate me, pls.
>>>>>>
>>>> Thank you both!
>>>>
>>>> Will try https://tornull.org. Perhaps it helps.
>>>>
>>>> Markus
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

I am more of a fan of closing certain URL paths. So we could at least
stop these very old Apache directory bug attacks. Or forbid accessing
whatever.com/admin/

Markus


2016-10-09 2:03 GMT+02:00 teor <teor2...@gmail.com>:
>
>> On 9 Oct 2016, at 11:00, Markus Koch <niftybu...@googlemail.com> wrote:
>>
>> Would not help. These are bots, you can slow them down but this will
>> not stop them at all.
>
> Ah, but the point isn't to stop the bots, it's to stop the abuse
> complaints by coming in under the abuse report automated thresholds.
>
> In my experience, the abuse complaints are auto-generated, and no-one
> replies to my offer to block the site. So why not eliminate the
> complaints? Then everyone will be happy. Except the bot-herders.
>
> Tim
>
>>
>> Markus
>>
>>
>> 2016-10-09 1:57 GMT+02:00 teor <teor2...@gmail.com>:
>>>
>>>> On 7 Oct 2016, at 05:07, Green Dream <greendream...@gmail.com> wrote:
>>>>
>>>> If we're going to change anything I think it needs to happen within
>>>> Tor software. Operators could leverage the existing "Exitpolicy
>>>> reject" rules, or Tor could add functionality there if it's missing.
>>>> Whatever we do, I think it needs to be uniform and transparent.
>>>
>>> I had a conversation with someone at the recent tor meeting about
>>> rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
>>> popular sites, for example), but I wonder if there are rate-limiting
>>> settings that would eliminate the majority of abuse reports based on
>>> default fail2ban and similar reporting system settings.
>>>
>>> For example, I wonder if the complaints I receive about SSH could be
>>> eliminated by slowing down repeated SSH connections to the same host
>>> by a second or so.
>>>
>>> Clearly more research is needed to work out if this is even feasible,
>>> and, if it is, what rate limits should apply to what ports.
>>>
>>> T
>>>
>>> --
>>> Tim Wilson-Brown (teor)
>>>
>>> teor2345 at gmail dot com
>>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>>> ricochet:ekmygaiu4rzgsk6n
>>> xmpp: teor at torproject dot org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>
>
>
>
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Would not help. These are bots, you can slow them down but this will
not stop them at all.

Markus


2016-10-09 1:57 GMT+02:00 teor :
>
>> On 7 Oct 2016, at 05:07, Green Dream  wrote:
>>
>> If we're going to change anything I think it needs to happen within
>> Tor software. Operators could leverage the existing "Exitpolicy
>> reject" rules, or Tor could add functionality there if it's missing.
>> Whatever we do, I think it needs to be uniform and transparent.
>
> I had a conversation with someone at the recent tor meeting about
> rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
> popular sites, for example), but I wonder if there are rate-limiting
> settings that would eliminate the majority of abuse reports based on
> default fail2ban and similar reporting system settings.
>
> For example, I wonder if the complaints I receive about SSH could be
> eliminated by slowing down repeated SSH connections to the same host
> by a second or so.
>
> Clearly more research is needed to work out if this is even feasible,
> and, if it is, what rate limits should apply to what ports.
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>
>
>
>
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Digital Ocean - running Exit node locked

[Markus Koch]

reduced-reduced exit policy. ?

Illuminate me, pls.

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Digital Ocean - running Exit node locked

[Markus Koch]

# The following sets which ports can exit the tor network through you. For more
# information and updates on the suggested policy see:
# https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
ExitPolicy accept *:53# DNS

# ports for general internet browsing
ExitPolicy reject 103.11.130.162:* # Gute Frage :(
ExitPolicy reject 23.254.211.232:* # gute Frage :(
ExitPolicy reject 211.234.112.4:* # South Korea
ExitPolicy reject 147.67.119.2:* # tax spam
ExitPolicy reject 147.67.119.20:* # tax spam
ExitPolicy reject 147.67.119.102:* # tax spam
ExitPolicy reject 147.67.136.2:* # tax spam
ExitPolicy reject 147.67.136.20:* # tax spam
ExitPolicy reject 147.67.136.102:* # tax spam
ExitPolicy reject 147.67.136.103 # TAX SPAM
ExitPolicy reject 147.67.136.21  # TAX SPAM
ExitPolicy reject 147.67.119.103  # TAX SPAM
ExitPolicy reject 147.67.119.3  # TAX SPAM
ExitPolicy reject 147.67.136.3  # TAX SPAM
ExitPolicy reject 147.67.119.21  # TAX SPAM
ExitPolicy reject 138.197.129.153:* #Hacking Fail2ban
ExitPolicy accept *:80# HTTP
ExitPolicy accept *:81# HTTP Alternate
ExitPolicy accept *:443   # HTTPS
ExitPolicy accept *:3128  # SQUID
ExitPolicy accept *:8008  # HTTP Alternate
ExitPolicy accept *:8080  # HTTP Proxy
ExitPolicy reject *:* # prevents any exit traffic not permitted above

Thats part of my DigitalOcean torrc file. I got the fucking tax spam
and the south korea bank on every droplet ever, so I would advise you
to do the same reject. Its helping to only allow HTTP + HTTPS. But
with the new circle I am just 2 weeks in and already 5 abuse mails.
And these exits should go to a friend ... I need more spare time :/

Markus


2016-10-07 23:49 GMT+02:00 Tristan <supersluet...@gmail.com>:
> Guess I'm next. My relay has been running for 3 months now. I'm doing my
> best to be a good neighbor though. After the first month, I got an SSH
> abuse, so now I reject SSH traffic. A month later I got an SQL hack attempt,
> and I switched to the reduced-reduced exit policy. Haven't gotten anything
> else yet.
>
>
> On Oct 7, 2016 4:34 PM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>
> They will kick you after 2-3 months. Delete account, make new account.
> They will kick you after 2-3 months. Delete account, make new account.
> They will kick you after 2-3 months. Delete account, make new account.
> They will kick you after 2-3 months. Delete account, make new account.
> Welcome to DigitalOcean!
>
> Markus
>
>
> 2016-10-07 23:23 GMT+02:00 pa011 <pa...@web.de>:
>> Seems like even DO is not very much in favour of running Exits any more ?
>>
>> Anybody made the same experience - how to handle this please ?
>>
>> Thanks and Regards
>> Paul
>>
>>
>> "Hello -Although we do not specifically disallow TOR exit nodes, as the
>> account holder you are responsible for all the traffic going through your
>> droplet (including traffic that an exit node may generate).
>>
>> Also be aware that we do not allow some of the traffic types that come out
>> of a typical TOR exit node (torrents, spam, SSH probes, hacking attempts,
>> botnets, DDoS, etc).
>>
>> If you are unable to stop this sort of traffic, please reconsider running
>> a TOR exit node as it may lead to your account suspension or termination.
>>
>> Please refer to our Terms of Service for greater detail on this issue:
>> https://www.digitalocean.com/legal/terms/
>>
>> Best,
>>
>> DigitalOcean Support "
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Digital Ocean - running Exit node locked

[Markus Koch]

They will kick you after 2-3 months. Delete account, make new account.
They will kick you after 2-3 months. Delete account, make new account.
They will kick you after 2-3 months. Delete account, make new account.
They will kick you after 2-3 months. Delete account, make new account.
Welcome to DigitalOcean!

Markus


2016-10-07 23:23 GMT+02:00 pa011 :
> Seems like even DO is not very much in favour of running Exits any more ?
>
> Anybody made the same experience - how to handle this please ?
>
> Thanks and Regards
> Paul
>
>
> "Hello -Although we do not specifically disallow TOR exit nodes, as the 
> account holder you are responsible for all the traffic going through your 
> droplet (including traffic that an exit node may generate).
>
> Also be aware that we do not allow some of the traffic types that come out of 
> a typical TOR exit node (torrents, spam, SSH probes, hacking attempts, 
> botnets, DDoS, etc).
>
> If you are unable to stop this sort of traffic, please reconsider running a 
> TOR exit node as it may lead to your account suspension or termination.
>
> Please refer to our Terms of Service for greater detail on this issue: 
> https://www.digitalocean.com/legal/terms/
>
> Best,
>
> DigitalOcean Support "
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

[Markus Koch]

Same here, no clue why :(

markus


2016-10-06 10:45 GMT+02:00 Toralf Förster :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Today I got this for the first since I run exits:
>
> Oct 06 08:23:03.000 [warn] Duplicate rendezvous cookie in 
> ESTABLISH_RENDEZVOUS.
>
> Something I should worry about ?
>
> - --
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iF4EAREIAAYFAlf2Dz0ACgkQxOrN3gB26U5LMAD+POAhOITGeYh5CFdOwFxgfzMf
> 510EN+mxt+3nTAFXgrIA/1BUXnr1DXh61y5ttIxSoVGJb95r8FTrnKiDTZ23yBkV
> =vFhm
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Or you simply block port 22 and everyone everyone lived happily ever after.

I do not care about a script kiddie trying to hack something.

Bots are what I am afraid of, you get the same abuse over and over and over.

Markus

2016-10-06 6:43 GMT+02:00 Green Dream :
>>> >   for i in subdir/*; do ssh host mkdir -p "$i"; done
>>> >
>>> > with an ssh-agent would look pretty exactly the same to the exit node.
>>>
>>> OK, so I left out the "Permission denied, please try again." bits :)
>>
>> The exit node doesn't see that - that's the point of ssh. It can
>> at best look at the session length and timing and infer flakily
>> from that.
>
>
> Exactly. There isn't a 100% effective way to accurately filter out
> "bad ssh" on the wire. It's a good example of where intrusion
> prevention systems fail.
>
> I worked at a public university where Bro (https://www.bro.org/) was
> in use. One of the enabled rules was for ssh brute-force /
> failed-login. It was mostly false positives. Bro was flagging
> legitimate ssh traffic. Turns out Bro is notorious for this (ref:
> http://mailman.icsi.berkeley.edu/pipermail/bro/2013-September/006026.html
> and many other similar posts).
>
> I've also worked with Snort and Cisco and Palo Alto IPS/IDS systems,
> and I've come to hate all of them for a couple of reasons:
>
> 1) The rulesets are finicky, always in flux, highly variant between
> vendors, and wildly inaccurate.
>
> 2) At the end of the day they are just tools for censorship.
>
> The way these systems work: the admin is presented with an assortment
> of rulesets, usually broadly categorized, and you just go through and
> start checking off boxes with labels like "adult content", "violence",
> "hacking", "tor", or if you're using an open source variant it may be
> a bit more refined like "ssh brute force", "syn flood", "tcp scan",
> etc.
>
> At the end of the day though someone is just checking off boxes. The
> underlying regex applied to packets may or may not have even been
> looked at.
>
> Multiply that chaos by the number of Tor exit operators who might
> implement such a thing. Think about the different experience levels of
> operators too; how many would know that the Bro rule for ssh was
> mostly going to block legitimate ssh traffic?
>
> We have technical and highly qualified Exit operators who could
> install an IPS, sure. But we have others fairly new to being
> sysadmins.
>
> One other huge problem -- where there's IPS there are IPS logs. Every
> IPS tool I know of has an option to log, and they're all going to log
> by default. That's bad. I'd vote BadExit flag (if I had a vote, ha).
> There's too much metadata that this would leave behind, and it may
> open up the operator to legal liabilities.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

No, you are not. Its not that simple as "just find a ISP"

The Tor network is made up of volunteers, so you need a:

1. ISP with more than laughable traffic limits
2. Tor friendly
3. Cheap
4. and with traffic connections that the Tor network likes

Thats not easy. OVH (the biggest in Tor) is pissed off, Online.net
does kick exits faster than you can "freedom of speech" , Hetzner
hosts you and will bet on your first police raid.Its a complete mess.

Do not tell me about the good/bad isp wiki. these are old data and I
personally burned 2 ISPs there because of abuse mails. Btw, my only
open ports were/are http and https...




2016-10-05 23:35 GMT+02:00 Green Dream :
>> You are ignoring completely reality, aren't you?
>
> No, I'm describing the status quo, how Tor already operates. "Don't
> run IPS/Snort on exits" has been a long standing response from the Tor
> folks. It looks to me like that response is essentially unchanged.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

>
>
> No, we don't need to do anything. Tor has been running under these
> principles of uncensored access for a long time. Find an ISP that
> understands Tor, appreciates the nature of the service and its value,
> and is willing to work with you in a reasonable manner on abuse
> complaints. It's that simple.
>

You are ignoring completely reality, aren't you?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

These are getting rare. It is much easier to get a seedbox than a tor
exit. I had even bulletproof ISPs who dont want to host exits. Believe
me, I was chatting /mailing ISPs for days and its a mess.

Markus

PS: Tor changed years ago the exit policy and since then Tor is not
anymore one big torrent. But we cant do this with bots? Because bots
have rights?



>
> No offense to the ISP here (I do think they are within their rights to
> take this position), but I think relay/exit operators should find ISPs
> that understand Tor and don't demand an IPS.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Okay, I´ll volunteer as an guinea pig if you are okay with it, I´ll
get 2 VPSs and you do your Snort magic on them. Worst case is that we
all know it isnt working and we have learned something :)

Markus



2016-10-05 14:06 GMT+02:00  :
 It's really time consuming and that's
> why I would like to combine tor with some IPS for automation of the "policy
> set process".
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Dealing with OVH Abuse Complaints

[Markus Koch]

*cough* Resellers *cough*


2016-10-05 14:21 GMT+02:00 Tristan :
> Interesting seeing as how OVH is one of the biggest VPS services running Tor
> exits.
>
>
> On Oct 5, 2016 3:10 AM, "Roman Mamedov"  wrote:
>>
>> On Wed, 5 Oct 2016 18:55:26 +1100
>> teor  wrote:
>>
>> > Does anyone have experience running a long-lived Exit on OVH / So You
>> > Start?
>> >
>> > We've just received a threat to shut down our OVH Exit due to abuse
>> > complaints.
>> > We were responding to these automated reports (mainly SSH brute force)
>> > with template responses, offering to block the destination IP and port if
>> > the remote site wanted us to. We never received a reply.
>> >
>> > What does OVH expect its Exit operators to do with complaints?
>> > Should we have blocked each complaining IP address as soon as we
>> > received a complaint?
>>
>>
>> https://www.soyoustart.com/fr/documents_legaux/Conditions_particulieres_serveur_SoyouStart.pdf
>>
>> 6.4 Pour des raisons de sécurité, OVH se réserve la
>> possibilité de procéder à la suspension immédiate et sans
>> préavis de tout Serveur sur lequel serait proposé à titre
>> gracieux ou onéreux, un service ouvert au public de Proxy,
>> IRC, VPN, TOR, pour lequel OVH aurait connaissance
>> d'une utilisation malveillante, frauduleuse ou illicite.
>> ---
>> 6.4 For security reasons, OVH reserves the
>> chance to make the immediate suspension without
>> notice of any server on which would be proposed as
>> or without charge, a service open to the public Proxy,
>> IRC, VPN, TOR, for which OVH has knowledge
>> a malicious, fraudulent or illegal.
>> ---
>>
>> Some take this as "OVH doesn't allow Tor", I take this as "don't run exits
>> there".
>>
>> --
>> With respect,
>> Roman
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Different viewpoint:

I pay $5 + Taxes (WTF?) for an droplet with DigitalOcean
I pay $7,5 for a VPS with Hostwinds

Someone has to get the abuse mail, check where to send them and then
make this issue as solved. From an economic standpoint this is a
shitty idea. I cost them more than I pay. Even if we exclude the
trouble with blocked IP ranges and the other stuff.

Markus

PS: Yes, the Tor wiki says: Get your own IP with your own data so the
ISP is not involved.  That's easier said than done.


2016-10-05 13:44 GMT+02:00 Ralph Seichter <tor-relays...@horus-it.de>:
> On 05.10.16 13:16, Markus Koch wrote:
>
>> reality is many sites will not block Tor traffic but will send
>> (automated) abuse mails over and over and over again.
>
> True, sadly. And like you said it is their right not to block Tor based
> traffic. But it is your right not to heed their ongoing complaints and
> sabre-rattling, like it is your right to voluntarily update your exit
> policies. My point is that none of these choices requires your ISP to
> spend time, money or even thought on the issue, all that is required is
> passing it along to the Tor operators.
>
> -Ralph
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Sounds great, but the reality is many sites will not block Tor traffic
but will send (automated) abuse mails over and over and over again.
Had this with a bank in South Korea who sent weekly abuse mails with
"we will sue you in the USA, we will sue you in South Kora and we will
never ending suing you all over the world" besides my e-mail to
multiple bank e-mail accounts how to block Tor traffic from reaching
the banks website.

For whatever reason they dont block Tor traffic and thats their right.

And the ISP gets abuse mails with the content "We sue you
motherfucker" and gets mad. I completely understand that. Its easier
to send out automated abuse mails and tell my boss "look, 1000 abuse
mails, I am protected this website like Godzilla". Looks good on every
weekly work report. Numbers count.

Markus


2016-10-05 13:01 GMT+02:00 Ralph Seichter :
> On 04.10.2016 23:55, oco...@email.cz wrote:

>
> As far as abuse complaints go, I encourage ISPs to pass these along to
> the Tor operators and not spend any time and resources beyond that. Most
> Tor operators are hopefully responsible enough to process complaints in
> a reasonable fashion. That, in my opinion, does not mean blocking every
> destination IP out of sheer reflex, but rather informing the complaining
> party about Tor. The CP is free to block Tor exits, but I believe that
> it is their own job, not the job of every Tor operator or ISP. Also, I
> don't feel any obligation to spend time making the life of some person
> running an outdated, unprotected WordPress installation easier. ;-)
>
> -Ralph
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

> - During my praxis, I've met only like 10% of customers (tor exit node) with
> real data - unfortunately ISP is not the one who can judge that - we have to
> trust our customer
>

TIL that I am an idiot for using my real data.

How do they pay? With all of my webhosting companies I pay with PayPal
or creditcard and with both I am clearly singled out because you cant
get it anonymous.

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

What should a tor exit op do? Ban the user? exits get the traffic from middle 
nodes and we cant tell (by design) who anyone is. We can block ips but that is 
not really helping with bots who tries to find vulnerabilities and scan large 
blocks.

markus

Sent from my iPad

> On 4 Oct 2016, at 23:55,   wrote:
> 
> If I understand that well ... if tor operator is avare, that his tor node is 
> used for illegal activity (when their ISP told them about that) and he's not 
> going to do anything abou that, he wont be guity by complicity?
> 
> 
> On 04.10.16 22:37, oco...@email.cz wrote:
> 
> > Tor and IPS has both it's own nature and you shouldn't be punished, if
> > your intension was just to filter the bad traffic.
> 
> And who is to decide what constitutes "bad traffic"? I am not a lawyer,
> but in Germany one of the cornerstones of not being held responsible
> for traffic passing through a Tor node is § 8 of the Telemediengesetz:
> http://www.gesetze-im-internet.de/tmg/__8.html -- sometimes referred to
> colloquially as the "provider privilege".
> 
> One only is free of responsibility if one neither initiates a transfer,
> nor selects the transfer's destination, nor selects or modifies the
> transmitted data. That's what "passing through" means.
> 
> According to two lawyers I spoke to, exit policies might already be
> borderline breaking these rules for exit nodes, but the technical basis
> at least guarantees that traffic will never reach an exit node that does
> not let it pass. Now think of a firewall that interferes with transfers
> once the data has already reached the exit node. Wouldn't you agree that
> this means selecting/modifiying the transmitted data?
> 
> That's just one national law that I am aware of, I imagine other
> countries have similar regulations in place. Any internet service
> provider interfering with net neutrality risks lawsuits, because it is
> not an ISP's prerogative to decide what traffic is "good" or "bad".
> 
> -Ralph
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> =
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Just for shits and giggles:

Do you have a good, easy, workable solution to this complex problem?

Markus


2016-10-04 22:19 GMT+02:00  :
> And I'm not against you (tor admins/operators) ;)
>
> I'm really glad that this discussion started, let's see, if we can find some
> solution.
>
> Just 2 make 1 thing clear: Its not we against you (ISPs).
>
> Working myself years ago at an ISP I know the trouble and I understand
> the issues.
>
> Markus
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Okay, I am getting confused.
(OSI model here)

ATM we are traffic shaping/blocking at layer 3

DNS is layer 7.

destination IP and port should be layer 1-4, right?

Markus


2016-10-04 22:18 GMT+02:00 Roger Dingledine <a...@mit.edu>:
> On Tue, Oct 04, 2016 at 10:08:25PM +0200, Markus Koch wrote:
>> Thank you very much, interesting. So I could block URLs but not on
>> deep packet inspection?
>
> That's where it starts to get murky: where do headers end and contents
> begin? It depends what protocol layer you're looking at. Law-makers
> spend a lot of time debating exactly that question.
>
> In Tor's world, since Tor transports TCP streams, we think the headers
> are what the TCP layer thinks of as headers, e.g. destination IP and
> destination port. And the URL is way down in the payload. (After all,
> what business is it of Tor's whether that stream you send over port 80
> is http or is something else?)
>
> --Roger
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Thank you very much, interesting. So I could block URLs but not on
deep packet inspection?

Markus


2016-10-04 22:04 GMT+02:00 Roger Dingledine <a...@mit.edu>:
> On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
>> Everyone is running a reduced exit policy ... I only allow HTTP +
>> HTTPS and I know nobody who allows port 25  at the end of the day
>> we all shape our exit traffic.
>
> Choosing what to do with your traffic based on headers is fundamentally
> different, legally, than choosing what to do with it based on payload.
>
> In the US, it's the difference between the "pen register" category and
> the "wiretap" category. I imagine there are similar terms in many other
> countries.
>
> In the telephone metaphor (which is what many of these laws are
> fundamentally based on), it's the difference between "I won't let you
> call Germany" and "when you call Germany, I'll cut the connection if
> you start talking about surveillance".
>
> You'll notice that all of the Tor mechanisms for limiting abuse work
> on the header level, not the payload level.
>
> --Roger
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Services on Amazon

[Markus Koch]

The BEST relay I can see is

https://torstatus.blutmagie.de/router_detail.php?FP=3181f36ce226b30bd2845872655d55e7d0b4a846

with whopping 776 KByte/sec

95% of the amazon relays are dead. zero traffic.

Markus



2016-10-04 21:53 GMT+02:00 nusenu :
>> Awhile ago Tor blocked relays from running on Amazon AWS (after there was
>> an attach that originated from Amazon-hosted nodes). Google GCE was also
>> blocked. See this thread about it from last year when I tried to run a node
>> on google's cloud:
>> https://lists.torproject.org/pipermail/tor-relays/2015-August/007681.html
>
> Yes I remember that thread, but that was some time ago and since I got
> several emails from ornetradar about someone adding relays on amazon (in
> IE) in September 2016 [1] I still doubt that amazon or the dir auths are
> blocking relays from being added there.
>
> you can also use
> https://compass.torproject.org
> to find amazon-hosted relays by AS
>
>
> [1]
> https://lists.riseup.net/www/arc/ornetradar/2016-09/msg00118.html
> https://lists.riseup.net/www/arc/ornetradar/2016-09/msg00087.html
> https://lists.riseup.net/www/arc/ornetradar/2016-09/msg00100.html
> https://lists.riseup.net/www/arc/ornetradar/2016-09/msg00104.html
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Everyone is running a reduced exit policy ... I only allow HTTP +
HTTPS and I know nobody who allows port 25  at the end of the day
we all shape our exit traffic.

Markus


2016-10-04 21:42 GMT+02:00 Roger Dingledine :
> On Tue, Oct 04, 2016 at 10:21:14AM -0500, BlinkTor wrote:
>> The technical problem is that implementing IPS in Tor would be massively 
>> non-trivial.[...]
>>
>> The political problem is, what gets blocked by TIPS and what doesn???t? Who 
>> gets to decide? What if some of those brute-force SSH or DOS attacks are 
>> ???good guys??? trying to crack the ???bad guy??? servers? Is that 
>> legitimate Tor traffic? Who gets to decide who are the good/bad guys? Could 
>> we agree on a base level of protection, perhaps by relay operator consensus? 
>> Etc.
>
> Another challenge here is that many lawyers have told us that you change
> your legal situation if you start choosing which traffic to allow
> through. Specifically, if you just pass bytes back and forth, you're
> essentially in the common carrier situation, like backbone telcos and
> backbone Internet providers. But if you make a list of topics or messages
> or patterns to block, then it becomes your responsibility to make that
> list perfect, and your fault if you leave something out of your list.
>
> So it would seem that using an IPS is fundamentally dangerous for relay
> operators.
>
> I've heard that this logic applies both in the US and in Europe. But
> it's been a while since we've had an actual lawyer look at the topic.
> Maybe this is a great question for each of the torservers.net umbrella
> orgs to ask their friendly nearby lawyers who are wanting to help them?
>
> There is also the separate but related question of wiretapping: blocking
> some traffic based on patterns in the request content implies looking at
> the traffic, which relay operators typically do not have permission to
> do. While ISPs typically make their customers sign an agreement that they
> will be surveilled (and I guess they ignore the concept of jurisdictions
> that require consent from both sides), Tor relay operators do not have
> that agreement -- and they can't really get it, because their 'users'
> are all the Tor users.
>
> In summary, I totally get why hosting providers would want to ask relay
> operators to monitor their traffic and block certain activities by
> examining connection payloads, and that's to make their lives easier,
> not for any legal requirement. But it would appear there are some legal
> reasons why Tor relay operators might (should?) hesitate to deploy
> an IPS on their traffic, and those legal reasons are probably not as
> well-understood as they could be.
>
> Do any of the torservers umbrella orgs want to pick this one up and do
> something with it? I remember hearing Pepijn cite a specific EU law that
> says European relay operators aren't liable for their traffic so long
> as they don't mess with it.
>
> One of the goals would be for relay operators to better understand the
> tradeoff they should consider when deciding whether to do the thing
> that their ISP asks for. Another goal would be for the ISP to better
> understand what they're asking from the relay operators.
>
> --Roger
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Just 2 make 1 thing clear: Its not we against you (ISPs).

Working myself years ago at an ISP I know the trouble and I understand
the issues.

Markus


2016-10-04 19:49 GMT+02:00  :
> Hello,
>
> I'm the ISP technician who is negotiating with Paul who started this thread.
> I just read this whole discussion and I think that there are few things
> which need to be mentioned.
>
> The threat of blocked subnet is real. It happened once to us and we don't
> want to experience that anymore. Imagine a few hundreds angry customers, who
> are bombing your support and writing all over the internet about your awful
> services. The worst thing is, that you can't do anything about it, but wait
> to some authority to confirm your delist request. Then you spend few
> days/weeks searching the newly created discusion threads and keep explaining
> what happened. That costs a lot of money and energy. The prevention is the
> best solution.
>
> Nowadays IPS can be handled by the owner to filter just what he wants to be
> filtered. It's not a rocket science. We are using IPS for our webhosting and
> mailserver segment and I can say it can save work of 2-3 people, who would
> otherwise constantly write to clients to put some hotfix to their system /
> change their password / etc.
>
> It would be fine, if you start seek for solution how to stop malicious
> activity comming out of the tor exit nodes and stop seeking reasons why not
> to do that.
>
> Freedom is very important to me, but freedom of one ends where the other
> begins.
>
> Petr
>
> 100% agreed.
>
> Just let us kick out the bots ...
>
> Offending/Source IP: 95.85.45.159
> - Issue: Source has attempted the following botnet activity:
> Semalt Referrer Spam Tor Exit Bot
>
> I am not in for free speech for bots and anything without a pulse.
>
> markus
>
>
> Hello!
>
> === You are receiving this e-mail in regard to abuse issues against
> our clients coming from the host at IP 95.85.45.159. ===
>
> --- Automated Message - To get a response or report issues with the
> reports, please see the contact info below. ---
> --- Report details are at the bottom of the e-mail. For web attacks
> see the "bot" links for more details about the attack. 
>
> Webiron is a security service and this e-mail is being sent on behalf
> of our customers. We do not control how our clients configure their
> protection and as a result do not control how blocks and bans are
> generated.
>
> We are committed to providing useful information on abuse issues on
> behalf of our clients to help stop issues related to issues that seem
> to originate from within your network.
>
> We value your time and effort and appreciate your assistance in
> handling these issues!
>
> If you are responsible for abuse issues however the IP being reported
> does not belong to you, please open a ticket or email us to let us
> know of the error and we'll correct it as soon as possible.
>
> Please note due to the retaliatory nature of attackers and the
> abundance of internet abuse havens and fake hosting companies, we do
> not give out the exact IP of our clients. If you require further
> assistance we will be more than happy to work with you. Just open a
> ticket our contact us with the details below.
>
> -- Who We Are --
> A little about our service, we are a server protection solution
> designed to help hosting companies, their customers, and SoC
> departments improve their system security, stability and lower TCO and
> support costs.
>
> Please feel free to send us your comments or responses. If you are
> inquiring for more information you must disclosed the offending IP.
> To contact us via e-mail, use , however if you
> require a ticket tracked response you can open one at
> https://www.webiron.com/abuse-soc-issues.html
>
> -- Abuse Criteria --
> To be considered abusive a bot must either be a clear danger (IE:
> exploit attempts, flooding, etc) or match at least two items from the
> list
> athttps://www.webiron.com/supporthome/view-article/33-criteria-for-what-makes-a-bot-bad.html
>
> -- Removal Requests --
> To be removed entirely from future reports reply to this e-mail with
> REMOVE (in all caps) in the subject line. Please note this will only
> stop the e-mail to the address the e-mail was sent to and public
> notices will remain as your abuse address will be listed on our BABL
> blacklist.
>
> -- Feed/History Links --
> IP Abuse Feed: https://www.webiron.com/abuse_feed/95.85.45.159
> IP Detailed Information: https://www.webiron.com/iplookup/95.85.45.159
> Your Abuse Report History:
> https://www.webiron.com/abuse_feed/ab...@digitalocean.com
>
> --- Blacklist Warning ---
> In an ongoing effort to stop chronic abuse we maintain several
> blacklists available as flat data or free public DNSRBL.
>
> For more information see: https://www.webiron.com/rbl.html
>
> To check the blacklist status of the offending IP, see:
> https://www.webiron.com/iplookup/95.85.45.159
>
> -- NEW --
> 

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

2016-10-04 19:21 GMT+02:00 Tristan :
> I hate Webiron. They never marked any of my IP abuses as resolved, even
> though I responded and revised my exit policy within 24 hours of the
> complaint.
>
>

Ticket or e-mail?

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

Short answer: ISP

I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and
I get weekly mass reports from DigitalOcean.
And the thing that pisses me off is: Its all bots or Tax spam or other
stuff I got weeks/months ago. Different day, same shitty abuse mail.

Markus


2016-10-04 18:03 GMT+02:00 Tristan <supersluet...@gmail.com>:
> I don't know what I'm doing different, because I only got 2 complaints in
> the last 2 months, and that was for SSH and SQL stuff.
>
>
> On Oct 4, 2016 11:01 AM, "pa011" <pa...@web.de> wrote:
>>
>> Me too Markus -could fill a folder with that tax issue :-((
>> Costing a lot of time to answer and restrict the IPs
>>
>> Plus my ISP moaning with good reason: "It's not just about you, but you're
>> giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 IPs
>> which are potentionaly endagered to be marked as source of malicious content
>> / blacklisted / whatever ... so you see, this is quite critical for us."
>>
>> Am 04.10.2016 um 17:48 schrieb Markus Koch:
>> > same shit here:
>> >
>> > Dear User,
>> > We are contacting you because of unusual activity coming from your IP
>> > address towards the IT infrastructure of the European Commission.
>> > In specific, since 03/10/2016, IP addresses 95.85.45.159 &
>> > 104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and
>> > the USA respectively, have submitted a significantly large number of
>> > invalid VAT number requests as compared to the total number of
>> > requests (89,59% & 89,96% respectively) towards VAT numbers from a
>> > multiple of EU member States (MS) through the VIES on the Web service
>> > (http://ec.europa.eu/taxation_customs/vies/). For more information on
>> > Invalid VAT number requests please refer to FAQ, questions 7, 11, 12,
>> > 13 and 20 of the VIES on the WEB site
>> > (http://ec.europa.eu/taxation_customs/vies/faq.html).
>> > The scope of our team is to monitor on a daily basis the performance
>> > of the VIES-on-the-Web (VoW) service in order to ensure its
>> > performance in accordance with the standards agreed upon between EU's
>> > Directorate General for Taxation and Customs Union (DG TAXUD) and the
>> > EU Member States.
>> > Our objective is to secure constant and uninterrupted availability and
>> > flow of traffic (requests for VAT validation) at all times.
>> > Under this framework, our team intervenes whenever there is out of the
>> > ordinary, unusual and potentially suspicious use of the system that
>> > violates the rules of use as they are stated in the Specific
>> > disclaimer for this service, which is available at the VoW site
>> > (http://ec.europa.eu/taxation_customs/vies/disclaimer.html).
>> > Consequently, in order to allow flawless use of the service, we were
>> > obliged to block the access to VIES on the Web for the IP address
>> > 88.198.110.130.
>> > Following our action, we would like to know if you are aware of this
>> > situation. Furthermore, your cooperation and contribution is necessary
>> > in order to determine the reason for this occurrence.
>> > Please inform us if this behaviour is normal and if such, how often it
>> > should occur; we would then take action to unblock the traffic coming
>> > from the corresponding IP address assuming you will agree to follow a
>> > set ITSM VIES/Web Team
>> > "ITSM2 is a contracted support partner for the IT Service Management
>> > of the European Commission.
>> > This e-mail is a reply to your message sent to the
>> > taxud-vies...@ec.europa.eu<mailto:taxud-vies...@ec.europa.eu> e-mail.
>> > Answers provided by the contactor are on behalf and according to
>> > policy guidelines of DG TAXUD, but not binding for the European
>> > Commission."
>> >
>> > I am so done with it, I added
>> >
>> > ExitPolicy reject 147.67.136.103 # TAX SPAM
>> > ExitPolicy reject 147.67.136.21  # TAX SPAM
>> > ExitPolicy reject 147.67.119.103  # TAX SPAM
>> > ExitPolicy reject 147.67.119.3  # TAX SPAM
>> > ExitPolicy reject 147.67.136.3  # TAX SPAM
>> > ExitPolicy reject 147.67.119.21  # TAX SPAM
>> >
>> > Thats going on for months now and by all means, this is not free speech
>> > ...
>> >
>> > Markus.
>> >
>> >
>> >
>> > 2016-10-04 17:42 GMT+02:00 pa011 <pa...@web.de>:
>> >> Am 04.10.2016 um 16:48 schrieb krishna e bera

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

[Markus Koch]

same shit here:

Dear User,
We are contacting you because of unusual activity coming from your IP
address towards the IT infrastructure of the European Commission.
In specific, since 03/10/2016, IP addresses 95.85.45.159 &
104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and
the USA respectively, have submitted a significantly large number of
invalid VAT number requests as compared to the total number of
requests (89,59% & 89,96% respectively) towards VAT numbers from a
multiple of EU member States (MS) through the VIES on the Web service
(http://ec.europa.eu/taxation_customs/vies/). For more information on
Invalid VAT number requests please refer to FAQ, questions 7, 11, 12,
13 and 20 of the VIES on the WEB site
(http://ec.europa.eu/taxation_customs/vies/faq.html).
The scope of our team is to monitor on a daily basis the performance
of the VIES-on-the-Web (VoW) service in order to ensure its
performance in accordance with the standards agreed upon between EU's
Directorate General for Taxation and Customs Union (DG TAXUD) and the
EU Member States.
Our objective is to secure constant and uninterrupted availability and
flow of traffic (requests for VAT validation) at all times.
Under this framework, our team intervenes whenever there is out of the
ordinary, unusual and potentially suspicious use of the system that
violates the rules of use as they are stated in the Specific
disclaimer for this service, which is available at the VoW site
(http://ec.europa.eu/taxation_customs/vies/disclaimer.html).
Consequently, in order to allow flawless use of the service, we were
obliged to block the access to VIES on the Web for the IP address
88.198.110.130.
Following our action, we would like to know if you are aware of this
situation. Furthermore, your cooperation and contribution is necessary
in order to determine the reason for this occurrence.
Please inform us if this behaviour is normal and if such, how often it
should occur; we would then take action to unblock the traffic coming
from the corresponding IP address assuming you will agree to follow a
set ITSM VIES/Web Team
"ITSM2 is a contracted support partner for the IT Service Management
of the European Commission.
This e-mail is a reply to your message sent to the
taxud-vies...@ec.europa.eu e-mail.
Answers provided by the contactor are on behalf and according to
policy guidelines of DG TAXUD, but not binding for the European
Commission."

I am so done with it, I added

ExitPolicy reject 147.67.136.103 # TAX SPAM
ExitPolicy reject 147.67.136.21  # TAX SPAM
ExitPolicy reject 147.67.119.103  # TAX SPAM
ExitPolicy reject 147.67.119.3  # TAX SPAM
ExitPolicy reject 147.67.136.3  # TAX SPAM
ExitPolicy reject 147.67.119.21  # TAX SPAM

Thats going on for months now and by all means, this is not free speech ...

Markus.



2016-10-04 17:42 GMT+02:00 pa011 :
> Am 04.10.2016 um 16:48 schrieb krishna e bera:
>> On 04/10/16 08:48 AM, pa011 wrote:
>>> One of my main ISP is going mad with the number of abuses he gets from my 
>>> Exits (currently most on port 80).
>>> He asks me to install "Intrusion Prevention System Software" or shutting 
>>> down the servers.
>>
>> You can first ask him for a copy of the complaints in order to
>> understand what sort of alleged abuses are taking place.  Are the
>> complaints about spam or scraping or web server exploits or something else?
>
> I do get a copy of every complaint - they are unfortunately:
>
> - Http browser intrucion  - 
> /var/log/apache2/other_vhosts_access.log:soldierx.com:80 xxx.xxx.xxx.xxx - - 
> [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" "Mozilla/5.0 
> (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
>
> - invalid VAT number requests
>
> -recorded connection attempt(s) from your hosts to our honeypots
>
> - Issue: Source has attempted the following botnet activity: Semalt Referrer  
>   Spam Tor Exit Bot
>
> - botnet drone|Description: Ramnit botnet victim connection to sinkhole 
> details,
>
> - attackers used the method/service: *imap*
>
>> You can change your exit policy to reduce likelihood of complaints:
>> https://blog.torproject.org/blog/tips-running-exit-node
>
> I know, but I hardly like to block port 80
>
>>> As far as I understand implementing such a software is not going together 
>>> with Tor - am I right?
>>
>> If your exit nodes tamper with traffic in any way they will be labelled
>> as Bad Exit. (Tor tries to be net neutral.)
>> https://trac.torproject.org/projects/tor/wiki/doc/badRelays
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___

Re: [tor-relays] TOR Services on Microsoft Azure

[Markus Koch]

https://azure.microsoft.com/en-us/free/free-account-faq/

What do I get when I sign up for a free account?

You get an Azure account, plus a $200 credit to spend on Azure
services for 30 days. You can use this $200 credit to try out any
combination of Azure services, exploring our cloud for free.

What happens with the services I created after 30 days?

The $200 credit expires after 30 days, and you can either let any
services you’ve deployed be decommissioned (and you won’t have access
to them anymore) or transition to a Pay-As-You-Go Azure subscription,
paying only for what you use moving forward.

= one (massiv) VPS for one month :/


2016-10-01 9:54 GMT+02:00 Volker Mink :
> Hi.
>
> I read some pages on the internet about TOR-servers on cloud-services like
> Microsoft Azure or Amazon AWS.
>
> Just gave it a try on Azure and it works like a charm!
>
> You can sign up for free and receive credits worth ~200$. With this credits
> you can safely run an unlimited VPS for about 4-5 month.
>
> https://atlas.torproject.org/#details/0534295ACFD5A84312183B41D3FB275E9ADD9EE2
>
>
>
> i think im going to give Amazon AWS also a try J
>
>
>
>
>
>
>
> regards,
>
> volker
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] TOR Services on Microsoft Azure

[Markus Koch]

Tor on amazon is not allowed anymore :(

Does Azure allow exits?

Markus

Sent from my iPad

> On 1 Oct 2016, at 09:54, Volker Mink  wrote:
> 
> Hi.
> 
> I read some pages on the internet about TOR-servers on cloud-services like 
> Microsoft Azure or Amazon AWS.
> Just gave it a try on Azure and it works like a charm!
> You can sign up for free and receive credits worth ~200$. With this credits 
> you can safely run an unlimited VPS for about 4-5 month.
> https://atlas.torproject.org/#details/0534295ACFD5A84312183B41D3FB275E9ADD9EE2
>  
> i think im going to give Amazon AWS also a try J
>  
>  
>  
> regards,
> volker
>  
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] help #3

[Markus Koch]

Thx, already thought about this and its not :(

Markus


2016-09-30 14:46 GMT+02:00 David S <d...@bitmail.cc>:
> On 09/30/2016 05:05 AM, Markus Koch wrote:
>>
>> me again ... I need the knowledge of the almighty tor operators.
>>
>> I set up three new and shiny tor exists and got a not so shiny error
>> message:
>>
>> [WARN]Failing because we have 4063 connections already. Please read
>> doc/TUNING for guidance
>>
>> It was already in this mailing list:
>>
>> http://archives.seul.org/tor/relays/Feb-2016/msg00060.html
>>
>> I "tuned" it with ulimit
>> https://gitweb.torproject.org/tor.git/tree/doc/TUNING/
>>
>> and nothing works and now I am running out of ideas and getting
>> pissed. They exits are running a Debian 7 x64 minimal install with the
>> newest tor version.
>>
>> Any ideas how to fix it?
>>
>> Markus
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
> is this running inside OpenVZ virtualization? if so, check the archives of
> this list. i had the same problem a few days ago.
> cat /proc/user_beancounters
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] help #3

[Markus Koch]

me again ... I need the knowledge of the almighty tor operators.

I set up three new and shiny tor exists and got a not so shiny error message:

[WARN]Failing because we have 4063 connections already. Please read
doc/TUNING for guidance

It was already in this mailing list:

http://archives.seul.org/tor/relays/Feb-2016/msg00060.html

I "tuned" it with ulimit https://gitweb.torproject.org/tor.git/tree/doc/TUNING/

and nothing works and now I am running out of ideas and getting
pissed. They exits are running a Debian 7 x64 minimal install with the
newest tor version.

Any ideas how to fix it?

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Guard/Middle/Exit Hosting

[Markus Koch]

Just 2 let you know, DigitalOcean has a new Promo: $15 free aka 3
months free droplet.

Guard/Middle is no problem at all. My exits have been kicked after
around 4 months (too many abuse mails :( )

Promocode: LOWENDBOX

https://lowendbox.com/blog/september-hosting-vps-coupon-round-up/

I do not get any money from it, just to let you know, DigitalOcean is
already big in the Tor network but its free money :)

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node families and guard flags

[Markus Koch]

100%  normal. Welcome to tor.
No, no clue why ;)

Markus

Sent from my iPad

> On 15 Sep 2016, at 18:12, Ralph Seichter  wrote:
> 
> When running two non-exit nodes, configured as a single family with no
> other members, and using identical bandwidth settings, is it to be
> expected that only one of the nodes ever obtains the guard flag? The
> node uptimes are pretty much the same as well, but consensus weight
> differs significantly. I don't really understand why that is, given
> what I read about node life cycles.
> 
> -Ralph
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

Guard or exit?

2016-09-14 12:27 GMT+02:00 Petrusko :
> On my last relay, the bandwidth max rate was set up to 20Mbits/s
> up+down, and no problem about this "1TB traffic" after 2 months with
> full bandwidth used ;)
> Sooo many TB were forwarded during those months without any mail or
> bottleneck on VPS router's side ;)
>
>> 1 TB traffic :(
>
> --
> Petrusko
> PubKey EBE23AE5
> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

1 TB traffic :(

2016-09-14 6:19 GMT+02:00 Petrusko :
> Hey,
> Since 1-2 months I'm using a VPS on this provider, don't want to
> advertise here, but only share my little experience:
> https://www.pcextreme.com/aurora/compute
> Starting price is 3€/month for a virtual machine - 20G SSD - 512 RAM -
> (Have to check bandwidth... hosted in a datacenter, so...)
> Bandwidth : fairly use... For a relay, never got a mail from them. About
> an exit, I don't know.
>
> I've imported a debian.iso in the web-interface, and possible to boot a
> custom install. Or of course you can use VPS templates...
>
>> Well, if $5 a month is high for you, I don't know what to say.
>>
>
> --
> Petrusko
> PubKey EBE23AE5
> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

There are worlds between a Rasperry Pi1 and the DigitalOcean VPS. $5 is dirt 
cheap. What provider do you use?

Sent from my iPad

> On 13 Sep 2016, at 17:26, Admin Kode-IT  wrote:
> 
> 5$ for 512 MB RAM, 1 Core and 20 Gig SSD Space is actually bad if you ask me.
> Don't know if this is normal in the US but compared to my provider this is 
> really expensive.
> That's why I asked if there's something special about D.O. that makes that 
> price appropriate.
> 
> It's like you're running a Rasperry Pi 1 with an SSD and a good Network for 
> 5$/month.
> 
> 
> Am Di., Sept. 13, 2016 15:04 schrieb Tristan :
> Well, if $5 a month is high for you, I don't know what to say. 
> 
> On Sep 13, 2016 4:01 AM, "Admin Kode-IT"  wrote:
> Is there something special about D.O.? The server prices are quite high in my 
> opinion.
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

Running 2 guard/middle for months now, no problem at all. Support told me they 
only dont want to host warez. 

Tor ≠ warez

markus

Sent from my iPad

> On 13 Sep 2016, at 17:15, jensm1 <jen...@bbjh.de> wrote:
> 
> SeFlow does not allow Tor nodes, though, if the good/bad isp wiki-page is any 
> indication.
> 
>> Am 13.09.2016 um 16:14 schrieb Markus Koch:
>> Seflow is only 1,99 € ... So compared to $5 DigitalOcean is expensive  :)
>> 
>> Sent from my iPad
>> 
>> On 13 Sep 2016, at 15:01, Tristan <supersluet...@gmail.com> wrote:
>> 
>>> Well, if $5 a month is high for you, I don't know what to say.
>>> 
>>> 
>>>> On Sep 13, 2016 4:01 AM, "Admin Kode-IT" <ad...@kode-it.de> wrote:
>>>> Is there something special about D.O.? The server prices are quite high in 
>>>> my opinion.
>>>> 
>>>> ___
>>>> tor-relays mailing list
>>>> tor-relays@lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> 
>   
> Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. 
> www.avast.com
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

Seflow is only 1,99 € ... So compared to $5 DigitalOcean is expensive  :)

Sent from my iPad

> On 13 Sep 2016, at 15:01, Tristan  wrote:
> 
> Well, if $5 a month is high for you, I don't know what to say.
> 
> 
>> On Sep 13, 2016 4:01 AM, "Admin Kode-IT"  wrote:
>> Is there something special about D.O.? The server prices are quite high in 
>> my opinion.
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

I use Debian 64 minimal. Works.

2016-09-11 15:53 GMT+02:00 Ralph Seichter <tor-relays...@horus-it.de>:
> On 11.09.2016 14:30, Markus Koch wrote:
>
>> So around 90 terabyte a month for $5. Seems fair :)
>
> Yeah, it does, doesn't it... ;-) Leaves me with figuring out what Linux
> distro to use, as D.O. does not offer Gentoo. Debian or Ubuntu? Exclusive
> Tor use is what I have in mind. Your thoughts?
>
> -Ralph
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

So around 90 terabyte a month for $5. Seems fair :)

2016-09-11 14:24 GMT+02:00 Tristan <supersluet...@gmail.com>:
> I asked this question as well. Currently, they don't have a way to monitor
> bandwidth, so they don't charge for usage. However, they ask that continuous
> transfer be limited to 300 Mbps.
>
>
> On Sep 11, 2016 5:46 AM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>
>> They do not bill traffic at the moment, this can change at will of
>> DigitalOcean but atm there is no traffic limit and there is no extra
>> traffic cost. I will move at once they start billing traffic.
>>
>> Markus
>>
>>
>> 2016-09-11 12:24 GMT+02:00 Ralph Seichter <tor-relays...@horus-it.de>:
>> > On 11.09.2016 12:09, Markus Koch wrote:
>> >
>> >> > Considering digital oceans traffic pricing, I'm also wondering
>> >> > why DO is so popular? https://www.digitalocean.com/pricing/
>> >>
>> >> You do not have to pay the traffic at the moment.
>> >
>> > That caught my attention, but browsing the DO pricing table and FAQs, I
>> > didn't see any notice that traffic would be free of charge? Don't all
>> > droplet servers have a traffic cap, as the pricing table would suggest?
>> >
>> > -Ralph
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Markus Koch]

They do not bill traffic at the moment, this can change at will of
DigitalOcean but atm there is no traffic limit and there is no extra
traffic cost. I will move at once they start billing traffic.

Markus


2016-09-11 12:24 GMT+02:00 Ralph Seichter <tor-relays...@horus-it.de>:
> On 11.09.2016 12:09, Markus Koch wrote:
>
>> > Considering digital oceans traffic pricing, I'm also wondering
>> > why DO is so popular? https://www.digitalocean.com/pricing/
>>
>> You do not have to pay the traffic at the moment.
>
> That caught my attention, but browsing the DO pricing table and FAQs, I
> didn't see any notice that traffic would be free of charge? Don't all
> droplet servers have a traffic cap, as the pricing table would suggest?
>
> -Ralph
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tomhek - the (new) biggest guard relay operator

[Markus Koch]

> On 11 Sep 2016, at 12:02, nusenu  wrote:
> 
> Considering digital oceans traffic pricing, I'm also wondering why DO is
> so popular?
> https://www.digitalocean.com/pricing/

You do not have to pay the traffic at the moment.

Markus

> 
> regards,
> nusenu
> 
> 
> tomhek relays:
> +--+-+-+--+
> | nickname | as_name | IP  | FP   |
> +--+-+-+--+
> | DinoaurTor16 | OVH SAS | 5.39.76.158 | 0CD23887 |
> | DinoaurTor17 | OVH SAS | 5.196.73.86 | FA55B57C |
> | DinoaurTor18 | OVH SAS | 5.196.73.88 | 5959E696 |
> | DinoaurTor20 | ONLINE S.A.S.   | 163.172.29.81   | E44B773C |
> | DinoaurTor19 | ONLINE S.A.S.   | 163.172.211.135 | 5AD8B42D |
> | DinoaurTor24 | ONLINE S.A.S.   | 163.172.29.9| C61D1EA1 |
> | DinoaurTor21 | ONLINE S.A.S.   | 163.172.38.173  | FB733C67 |
> | DinoaurTor22 | ONLINE S.A.S.   | 163.172.38.175  | FBFE4534 |
> | DinoaurTor23 | ONLINE S.A.S.   | 163.172.28.159  | 52E8508F |
> | DinoaurTor10 | Digital Ocean, Inc. | 45.55.162.210   | 434E2796 |
> | DinoaurTor14 | Digital Ocean, Inc. | 95.85.21.196| CECA079E |
> | DinoaurTor12 | Digital Ocean, Inc. | 95.85.41.239| 611CBC19 |
> | DinoaurTor9  | Digital Ocean, Inc. | 45.55.162.189   | 8F73A7FF |
> | DinoaurTor15 | Digital Ocean, Inc. | 188.166.58.190  | 2F479358 |
> | DinoaurTor3  | Digital Ocean, Inc. | 46.101.245.10   | C41F60F8 |
> | DinoaurTor2  | Digital Ocean, Inc. | 95.85.41.114| 9B99C72B |
> | DinoaurTor5  | Digital Ocean, Inc. | 178.62.26.219   | 317E00F4 |
> | DinoaurTor13 | Digital Ocean, Inc. | 178.62.211.195  | 0DB81001 |
> | DinoaurTor11 | Digital Ocean, Inc. | 188.166.63.60   | B12A4EF2 |
> | DinoaurTor6  | Digital Ocean, Inc. | 45.55.159.232   | B70CFA35 |
> | DinoaurTor1  | Digital Ocean, Inc. | 178.62.12.24| FCB6695F |
> | DinoaurTor4  | Digital Ocean, Inc. | 178.62.26.186   | F78F391C |
> | DinoaurTor7  | NULL (manual: DO)   | 138.68.66.236   | CE91251C |
> | DinoaurTor8  | NULL (manual: DO)   | 138.68.74.104   | FEA0CDB9 |
> +--+-+-+--+
> 
> 
> OVH, ONLINE SAS and DO are all within the top 4 guard capacity ASes:
> +++-+
> | guard_prob | relays | as_name |
> +++-+
> | 17.028 |579 | OVH SAS |
> | 16.380 |312 | ONLINE S.A.S.   |
> |  9.678 |373 | Hetzner Online GmbH |
> |  9.339 |485 | Digital Ocean, Inc. |
> +++-+
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] #torstrike

[Markus Koch]

We have 2016 not 1950. Update your ntp server.


> assault/abuse/exploitation. The western culture we have collectively
> created, where women are the lesser equals, and this underlining tone of
> male arrogance that if a women was sexually abused/exploited that she
> wanted it, was looking for it, or even enjoyed it (I speak from my
> past-perspective on these type of scenarios, although wrong.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] halp #2

[Markus Koch]

<3

2016-08-24 6:28 GMT+02:00 Ivan Markin <t...@riseup.net>:
> Markus Koch:
>> I just complied TOR (hurray!) on a NON-ROOT server.
> TOR -> Tor (tor here, I guess).
>
>> 1. Issue: I cant find the torrc file. I found out that the rest of the
>> stuff is in ~./tor but no torrc at all. Where is it/should I put it?
> There is no torrc installed. You can create it wherever you want and
> pass the path to it via '-f' option to tor:
>
> $ ./src/or/tor -f /home/bunny/lol-torrc
>
> On most of the systems it can be found at /etc/tor/torrc.
>
>> 2. Issue: I only need the complied TOR executable and I can safely
>> delete all the other stuff?
>
> Yes, 'tor' binary should be enough. You can keep default torrc if you want.
>
> --
> Ivan Markin
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] halp #2

[Markus Koch]

Sorry to bother you guys again

Its 6am here and after reading the FAQ and other install guides I am
out of ideas

I just complied TOR (hurray!) on a NON-ROOT server.

1. Issue: I cant find the torrc file. I found out that the rest of the
stuff is in ~./tor but no torrc at all. Where is it/should I put it?

2. Issue: I only need the complied TOR executable and I can safely
delete all the other stuff?

Cheers,

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] HALP!

[Markus Koch]

Yep, got this too

http://i.imgur.com/R7wsC1I.png

2016-08-24 0:50 GMT+02:00 Lucas Werkmeister <m...@lucaswerkmeister.de>:
> This seems to be only the content of the keys/ subdirectory… my relay
> also has some other files in /var/lib/tor/, most significantly (it would
> seem) a fingerprint file. Did you copy these other files as well, and
> they’re just not included in the screenshot?
>
>
> On 24.08.2016 00:48, Markus Koch wrote:
>> Okay, I should have said that this is my backup server ... so ...
>>
>> old tor exit -> backup server -> new VPS
>>
>> its running on the new VPS with the right permissions :)
>>
>>
>> 2016-08-24 0:44 GMT+02:00 Michael Armbruster <t...@armbrust.me>:
>>> On 2016-08-24 at 00:41, Markus Koch wrote:
>>>> Okay :(
>>>>
>>>> http://i.imgur.com/r1ZxAAH.png Is there anything important missing?
>>> Well, it looks like wrong permissions to me. The files and the directory
>>> is owned by your current user "bunny". Is this also the tor user, or is
>>> tor using the user "tor" (which should be the default)?
>>>
>>> Currently, no other user but "bunny" can read from or write to those
>>> files and it's the only user that can look into the current directory.
>>>
>>> Best,
>>> Michael
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] HALP!

[Markus Koch]

Okay, I should have said that this is my backup server ... so ...

old tor exit -> backup server -> new VPS

its running on the new VPS with the right permissions :)


2016-08-24 0:44 GMT+02:00 Michael Armbruster <t...@armbrust.me>:
> On 2016-08-24 at 00:41, Markus Koch wrote:
>> Okay :(
>>
>> http://i.imgur.com/r1ZxAAH.png Is there anything important missing?
>
> Well, it looks like wrong permissions to me. The files and the directory
> is owned by your current user "bunny". Is this also the tor user, or is
> tor using the user "tor" (which should be the default)?
>
> Currently, no other user but "bunny" can read from or write to those
> files and it's the only user that can look into the current directory.
>
> Best,
> Michael
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] HALP!

[Markus Koch]

Okay :(

http://i.imgur.com/r1ZxAAH.png Is there anything important missing?



2016-08-24 0:22 GMT+02:00 Roger Dingledine <a...@mit.edu>:
> On Tue, Aug 23, 2016 at 10:53:04PM +0200, Markus Koch wrote:
>> > Do the log files give you any hints?
>>
>> I copied all the stuff, checked it and deleted the old vps. So I only see 
>> the new logfiles and they are fine, tor finds everything but with a 
>> different fingerprint. If the config would be in a different dir on the old 
>> vps, how comes that there are config files in both dirs?
>
> Well, a different fingerprint means a different identity key. Maybe
> you didn't copy the identity key over correctly?
>
> I notice your old one was Tor version 0.2.7.6 and your new one is Tor
> 0.2.8.6. So maybe it is a newer Debian, or maybe the timing is just
> coincidence.
>
> I also notice that your new Tor relay didn't start out with any
> past estimated bandwidth. That makes me think your state file didn't
> get transferred either. (These are all the BWHistory* lines.)
>
> So I think your torrc did transfer correctly, but not your datadirectory.
>
> --Roger
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] HALP!

[Markus Koch]

Sent from my iPad

> On 23 Aug 2016, at 22:41, Roger Dingledine <a...@mit.edu> wrote:
> 
>> On Tue, Aug 23, 2016 at 10:00:57PM +0200, Markus Koch wrote:
>> I just deleted my best running exit node to move to another vps.
>> 
>> I copied /etc/tor and /var/lib/tor + keys dir and moved it to the new
>> vps. I double-checked the files/keys are the same but i still get a
>> new fingerprint. Wtf is wrong with me?
> 
> Here's the FAQ entry:
> https://www.torproject.org/docs/faq#UpgradeOrMove
> 
> It sounds like you did that though.
> 
> Sounds like it's time to debug and question your assumptions. :)
> 
> For example, were they both Debian systems, using the Tor deb? I am
> wondering in particular if the new Tor thinks it should be using that
> DataDirectory.

Yes and yes.

> 
> Do the log files give you any hints?

I copied all the stuff, checked it and deleted the old vps. So I only see the 
new logfiles and they are fine, tor finds everything but with a different 
fingerprint. If the config would be in a different dir on the old vps, how 
comes that there are config files in both dirs?

> 
> I'm guessing this is the 'niftyguineapig' relay?
> 
Yes :(

> --Roger
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] HALP!

[Markus Koch]

I just deleted my best running exit node to move to another vps.

I copied /etc/tor and /var/lib/tor + keys dir and moved it to the new
vps. I double-checked the files/keys are the same but i still get a
new fingerprint. Wtf is wrong with me?

Markus


Sent from my iPad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Pi3 mid relay dropping lil bit of packets

[Markus Koch]

  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:1053088862188 errors:0 dropped:0 overruns:511390 frame:0
  TX packets:306784541602 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:1413645618747401 (1.2 PiB)  TX
bytes:317045507788162 (288.3 TiB)
  Memory:8000-8001

Over half a million packets lost. Nothing to worry at all. Even good
packets get sometimes hurt. I would not worry about your 11 packets :)

Markus



2016-08-15 21:50 GMT+02:00 Roman Mamedov :
> On Mon, 15 Aug 2016 20:08:31 +0200
> Pi3  wrote:
>
>> Hello,
>> I just started running my little 5 mbits mid relay on Pi3 on raspbian and 
>> all seems to be dandy,
>>  it picked traffic nicely, hovering around 700-800 total connections,
>> its not unusual to see it pushing full advertised bandwidth during peak 
>> hours (with ~20-25% load on 1 core, multithread pls come already), tldr so 
>> far nice.
>> Except with 3days uptime and 20 gigs of data relayed ifconfig shows 11 
>> (eleven) packets dropped on eth0.
>> Google says it can be ring buffer on NIC getting full, but
>> ethtool -g eth0 says
>> Ring parameters for eth0: Cannot get device ring settings: Operation not 
>> supported
>> ethtool -S eth0 = no stats available
>> Htop avg load is 0.30, tor uses 121/950mb of ram. Im running standard 
>> conntrack cstate established related iptable rule with default drop.
>> Pi3 is in LAN behind modem nat.
>> It worries me because if I get more consensus, drops will probably go up.
>> I didnt apply any sysctl tweaks. Using official deb
>> NIC is Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter and 
>> its internally connected to usb2 by design - it shows under lsusb.
>> ethtool says 100Mb/s full duplex.
>> Tor log is clean with only heartbeat in it, syslog seemed ok also if I didnt 
>> miss anything.
>> Or is it so marginal I should forget about it?
>> Im not sure what should I do about it, any suggestions are welcomed.
>> Thanks
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Out of memory: Kill process (tor)

[Markus Koch]

2016-08-12 15:11 GMT+02:00 Tristan :
> Last night I received my first abuse complaint on DigitalOcean.

Congratulations!

> When I logged in, I saw Tor was no longer running because the system ran out 
> of
> memory.
>
> Is it possible the system ran out of memory because of the abuse?

No.

> My relay has 512MB of RAM running Tor and Unbound, and it's been running fine 
> all
> month. How can I prevent this memory issue from happening in the future?
>
I think they make no default swap partition so you buy a higher tier
droplet ... but you can make a swapfile in under 1 minute:

http://www.cyberciti.biz/faq/linux-add-a-swap-file-howto/

worked like a charm on my two droplets.


> Thanks

You  are welcome.

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How to exclude a CDN ?

[Markus Koch]

Got the same abuse mail on my exits ... you get a IP depending where
you are so you dont know where the attacker is and thats why you cant
block the IP. You are out of luck.



2016-08-09 18:38 GMT+02:00 Toralf Förster :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Got few times an informal report containing something like:
>
>
> It is most likely the attack traffic is directed at one of the 
> following endpoints:
>
> account.sonyentertainmentnetwork.com
> auth.np.ac.playstation.net
> auth.api.sonyentertainmentnetwork.com
> auth.api.np.ac.playstation.net
>
>
> I was just wondering how would somebody handle a request to exclude those IP 
> addresses, b/c 2 attempts to get the affected netwrok gives:
>
> # host account.sonyentertainmentnetwork.com
> account.sonyentertainmentnetwork.com is an alias for 
> account.sonyentertainmentnetwork.com.edgekey.net.
> account.sonyentertainmentnetwork.com.edgekey.net is an alias for 
> e380.b.akamaiedge.net.
> e380.b.akamaiedge.net has address 104.109.72.158
>
> #  whois 104.109.72.158 | grep CIDR
> CIDR:   104.64.0.0/10
> CIDR:   104.109.64.0/20
>
>
> and at another system :
>
>
> ~/devel/wireshark $ host account.sonyentertainmentnetwork.com
> account.sonyentertainmentnetwork.com is an alias for 
> account.sonyentertainmentnetwork.com.edgekey.net.
> account.sonyentertainmentnetwork.com.edgekey.net is an alias for 
> e380.b.akamaiedge.net.
> e380.b.akamaiedge.net has address 184.24.193.168
>
> $ whois 184.24.193.168 | grep CIDR
> CIDR:   184.24.0.0/13
> CIDR:   184.24.192.0/20
>
>
>
> - --
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iF4EAREIAAYFAleqBwUACgkQxOrN3gB26U7YXQD+PHgO8nVRo01abzdu1P7zC6TZ
> gDMkb+L51zt/k7hBJOsA/0czdSd8p8AnINKx+FP2Gi5ZSjVzzBuUM9o+htw5BdIX
> =Tz+I
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] outgooing UDP flooding on middle relay

[Markus Koch]

If this is a synflood or any other ddos attack on his vps the tor server would 
not relay the attack and in and outgoing traffic would be vastly different. 

Sent from my iPad

> On 01 Aug 2016, at 15:12, teor <teor2...@gmail.com> wrote:
> 
> 
>> On 1 Aug 2016, at 23:08, Markus Koch <niftybu...@googlemail.com> wrote:
>> 
>> Looks like DOS/DDOS.Is it even possible to DDOS over tor?
> 
> It's possible to (D)DOS any server using ping (or DNS, or any other UDP 
> responder).
> All an attacker needs is the server's IP address, which is publicly available 
> in the Tor consensus.
> Then they can attack the relay from the Internet.
> 
> There's no need to use Tor to tunnel the (D)DOS. In this case, Tor doesn't 
> tunnel UDP, so it's unlikely to be the culprit.
> 
> Tim
> 
>> 
>> 
>> 2016-08-01 15:04 GMT+02:00 pa011 <pa...@web.de>:
>>> yes about the same - sorry for the page brake dont get it solved in my
>>> thunderbird
>>> 
>>> h  rx (KiB)   tx (KiB)  h  rx (KiB)   tx (KiB)  h  rx (KiB)
>>> tx (KiB)
>>> 23  6.559.929  6.748.21507  4.697.285  4.845.89315 35.106.193
>>> 35.833.114
>>> 00  5.129.384  5.289.45608 12.317.567 12.605.72616  0
>>> 0
>>> 01  3.709.181  3.843.98809 14.913.172 15.278.07917  0
>>> 0
>>> 02  4.405.017  4.574.74510 22.218.874 22.738.50818102.138
>>> 144.732
>>> 03  4.670.091  4.817.78511 25.700.571 26.306.50519275.999
>>> 340.633
>>> 04  4.711.807  4.853.92112 32.840.796 33.571.99620271.278
>>> 382.087
>>> 05  4.269.354  4.408.41713 32.910.527 33.637.09221263.147
>>> 383.444
>>> 06  5.279.142  5.443.89014 40.052.678 40.824.13822176.040
>>> 258.865
>>> 
>>> 
>>>> Am 01.08.2016 um 14:51 schrieb Markus Koch:
>>>> In and outgoing traffic is the same size?
>>>> 
>>>> 
>>>> 
>>>> 2016-08-01 14:44 GMT+02:00 pa011 <pa...@web.de>:
>>>>> The ISP didn’t mention - I would have to ask.
>>>>> 
>>>>> What I saw was that the traffic was up about linear from usually 30Mbits
>>>>> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and
>>>>> dropping.
>>>>> 
>>>>> 
>>>>>> Am 01.08.2016 um 14:36 schrieb Markus Koch:
>>>>>> How many packets per second?
>>>>>> 
>>>>>> Markus
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 2016-08-01 14:28 GMT+02:00 pa011 <pa...@web.de>:
>>>>>>> Hello,
>>>>>>> 
>>>>>>> one of my middle relays got auto limited by the ISP because of
>>>>>>> "outgooing UDP flooding ".
>>>>>>> 
>>>>>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
>>>>>>> so I highly doubt the give reason for the traffic limitation.
>>>>>>> Also I cant find anything in the log files.
>>>>>>> 
>>>>>>> Anybody having experience with such an issue?
>>>>>>> What to check for please?
>>>>>>> 
>>>>>>> Paul
>>>>>>> 
>>>>>>> ___
>>>>>>> tor-relays mailing list
>>>>>>> tor-relays@lists.torproject.org
>>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>>> ___
>>>>>> tor-relays mailing list
>>>>>> tor-relays@lists.torproject.org
>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>> ___
>>>>> tor-relays mailing list
>>>>> tor-relays@lists.torproject.org
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>> ___
>>>> tor-relays mailing list
>>>> tor-relays@lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmmp: teor at torproject dot org
> 
> 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] outgooing UDP flooding on middle relay

[Markus Koch]

Looks like DOS/DDOS.Is it even possible to DDOS over tor?


2016-08-01 15:04 GMT+02:00 pa011 <pa...@web.de>:
> yes about the same - sorry for the page brake dont get it solved in my
> thunderbird
>
>  h  rx (KiB)   tx (KiB)  h  rx (KiB)   tx (KiB)  h  rx (KiB)
> tx (KiB)
> 23  6.559.929  6.748.21507  4.697.285  4.845.89315 35.106.193
> 35.833.114
> 00  5.129.384  5.289.45608 12.317.567 12.605.72616  0
>   0
> 01  3.709.181  3.843.98809 14.913.172 15.278.07917  0
>   0
> 02  4.405.017  4.574.74510 22.218.874 22.738.50818102.138
> 144.732
> 03  4.670.091  4.817.78511 25.700.571 26.306.50519275.999
> 340.633
> 04  4.711.807  4.853.92112 32.840.796 33.571.99620271.278
> 382.087
> 05  4.269.354  4.408.41713 32.910.527 33.637.09221263.147
> 383.444
> 06  5.279.142  5.443.89014 40.052.678 40.824.13822176.040
> 258.865
>
>
> Am 01.08.2016 um 14:51 schrieb Markus Koch:
>> In and outgoing traffic is the same size?
>>
>>
>>
>> 2016-08-01 14:44 GMT+02:00 pa011 <pa...@web.de>:
>>> The ISP didn’t mention - I would have to ask.
>>>
>>> What I saw was that the traffic was up about linear from usually 30Mbits
>>> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and
>>> dropping.
>>>
>>>
>>> Am 01.08.2016 um 14:36 schrieb Markus Koch:
>>>> How many packets per second?
>>>>
>>>> Markus
>>>>
>>>>
>>>>
>>>> 2016-08-01 14:28 GMT+02:00 pa011 <pa...@web.de>:
>>>>> Hello,
>>>>>
>>>>> one of my middle relays got auto limited by the ISP because of
>>>>> "outgooing UDP flooding ".
>>>>>
>>>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
>>>>> so I highly doubt the give reason for the traffic limitation.
>>>>> Also I cant find anything in the log files.
>>>>>
>>>>> Anybody having experience with such an issue?
>>>>> What to check for please?
>>>>>
>>>>> Paul
>>>>>
>>>>> ___
>>>>> tor-relays mailing list
>>>>> tor-relays@lists.torproject.org
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>>
>>>> ___
>>>> tor-relays mailing list
>>>> tor-relays@lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] outgooing UDP flooding on middle relay

[Markus Koch]

In and outgoing traffic is the same size?



2016-08-01 14:44 GMT+02:00 pa011 <pa...@web.de>:
> The ISP didn’t mention - I would have to ask.
>
> What I saw was that the traffic was up about linear from usually 30Mbits
> to above 100 Mbits over about 6 hours, bringing the CPU to 100% and
> dropping.
>
>
> Am 01.08.2016 um 14:36 schrieb Markus Koch:
>> How many packets per second?
>>
>> Markus
>>
>>
>>
>> 2016-08-01 14:28 GMT+02:00 pa011 <pa...@web.de>:
>>> Hello,
>>>
>>> one of my middle relays got auto limited by the ISP because of
>>> "outgooing UDP flooding ".
>>>
>>> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
>>> so I highly doubt the give reason for the traffic limitation.
>>> Also I cant find anything in the log files.
>>>
>>> Anybody having experience with such an issue?
>>> What to check for please?
>>>
>>> Paul
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] outgooing UDP flooding on middle relay

[Markus Koch]

How many packets per second?

Markus



2016-08-01 14:28 GMT+02:00 pa011 :
> Hello,
>
> one of my middle relays got auto limited by the ISP because of
> "outgooing UDP flooding ".
>
> The VPS is pure debian8, fail2ban, pub key and nothing else installed -
> so I highly doubt the give reason for the traffic limitation.
> Also I cant find anything in the log files.
>
> Anybody having experience with such an issue?
> What to check for please?
>
> Paul
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] cheap unmetered non-exit VPS offers

[Markus Koch]

>
> no, that is why I put "non-exit" in the subject of my email.
>
> https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs#Italy1
>
> And yes, their support is poor, but as long as your servers run you won't 
> need them.

Looking it up:

SEFLOW Avoid it. they say it's against Italian law to have a Tor
relay, asked which law, they said to contact a lawyer. (atrent: do you
need a more articulate explanation? I'm the one who had the bad
experience, I have all the emails exchanged and I can translate them);
"i'm sorry but tor is not allowed in our service." (fusl, 02/2015)

No TOR at all is allowed?

>
> Another hoster with great bw/cost efficiency (non-exit!)
> https://itldc.com/en/vds/

Yeah, that was my fault :( He kicked my exit and is since then no more
accepting any exits ...

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] cheap unmetered non-exit VPS offers

[Markus Koch]

Just chatted with the Support and I highly doubt they are knowing what
they are doing, anyway setup one exit relay and will report back after
my first abuse mail. This will be fun :)

btw:
Jul 28 15:24:19.832 [warn] Failed to parse/validate config: Nickname
'niftychinchillarabbit' is wrong length or contains illegal
characters.

WTF? This is pure rassism! #allbunnynamesmatter



2016-07-28 13:59 GMT+02:00 tor relay :
>
> On July 28, 2016 at 9:11 AM Roman Mamedov  wrote:
>
> On Thu, 28 Jul 2016 08:09:12 +0100
> "Louie Cardone-Noott"  wrote:
>
> Am I right in thinking that even 2 TByte/month is fairly low? That's
> only 6 Mbit/s average (whether that's 6/6 or 3/3 depends on their
> accounting I suppose).
>
> That's correct, however I don't have any unmetered offers to recommend,
> which
> would be as cheap as those mentioned, and at the same time would not be at
> OVH
> or DigitalOcean (which, as recent discussions show, have "too many" relays
> already).
>
>
> I hope you are not wasting money for 2TB/month non-exit relay VPSes if you
> can get unmetered for 3.33 Euro / months doing ~40MBit/s in each direction.
>
> http://www.seflow.net/2/index.php/en/services/flexcloud/flexpricing
>
>
> munin graphs of a seflow relay:
>
> http://oi67.tinypic.com/2vd66on.jpg
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] cheap unmetered non-exit VPS offers

[Markus Koch]

exit allowed?


2016-07-28 13:59 GMT+02:00 tor relay :
>
> On July 28, 2016 at 9:11 AM Roman Mamedov  wrote:
>
> On Thu, 28 Jul 2016 08:09:12 +0100
> "Louie Cardone-Noott"  wrote:
>
> Am I right in thinking that even 2 TByte/month is fairly low? That's
> only 6 Mbit/s average (whether that's 6/6 or 3/3 depends on their
> accounting I suppose).
>
> That's correct, however I don't have any unmetered offers to recommend,
> which
> would be as cheap as those mentioned, and at the same time would not be at
> OVH
> or DigitalOcean (which, as recent discussions show, have "too many" relays
> already).
>
>
> I hope you are not wasting money for 2TB/month non-exit relay VPSes if you
> can get unmetered for 3.33 Euro / months doing ~40MBit/s in each direction.
>
> http://www.seflow.net/2/index.php/en/services/flexcloud/flexpricing
>
>
> munin graphs of a seflow relay:
>
> http://oi67.tinypic.com/2vd66on.jpg
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AWS abuse handling

[Markus Koch]

Okay, I knew I am not a normal person with over a petabyte a months across all 
my servers but seriously what service can you run on a vps with 15 gigz a 
month? 

Markus

Sent from my iPad

> On 27 Jul 2016, at 20:56, Snehan Kekre <sne...@minerva.kgi.edu> wrote:
> 
> 
> 
>> On Wed, Jul 27, 2016 at 11:48 AM, Markus Koch <niftybu...@googlemail.com> 
>> wrote:
>> 15 Gb? I think this must be typo.
>> 
>> Well they do say 
>> "Data Transfer
>> 
>> 15 GB of bandwidth out aggregated across all AWS services" on 
>> hxxps://aws.amazon.com/free
>  
> Best,
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] AWS abuse handling

[Markus Koch]

15 Gb? I think this must be typo.

Markus

Sent from my iPad

> On 27 Jul 2016, at 20:42, Snehan Kekre  wrote:
> 
> On 07/27/2016 11:04 PM, Toralf Förster wrote:  
> 
> >> (/capped/ at 15GB/month of traffic each way).
> >seems to be just 5 KB/sec, or ?
> 
> I've set RelayBandwidthRate to 300 KB and RelayBandwidthBurst to 400 KB. It 
> hibernates after it's exhausted the cap.
> 
> 
>> On Wed, Jul 27, 2016 at 11:34 AM, Toralf Förster  
>> wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>> 
>> On 07/27/2016 08:24 PM, Snehan Kekre wrote:
>> > (/capped/ at 15GB/month of traffic each way).
>> seems to be just 5 KB/sec, or ?
>> 
>> - --
>> Toralf
>> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>> 
>> iF4EAREIAAYFAleY/sUACgkQxOrN3gB26U62LwD+O9WPeZfBt3Ef4EGexfTGlODD
>> JCC+Qm+73q3YNNqlLY8BAI2ZRTETEAH6iSjM5yNQjNT1mIWh2OgIFBxqmRCUhxX5
>> =gFUb
>> -END PGP SIGNATURE-
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> 
> -- 
> Best,
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] switching between exit and guard

[Markus Koch]

Bad! I tried to run a relay with my german dsl isp (new ip every 24 hours) and 
tor didnt like it at all. I think vpn providers are more used to abuse than vps 
providers. I dont think digital ccean has many vps instances where people try 
to hack into banks ...

Markus


Sent from my iPad

> On 27 Jul 2016, at 12:06, Mirimir <miri...@riseup.net> wrote:
> 
>> On 07/27/2016 02:30 AM, Markus Koch wrote:
>> I am all in for a "hide the exit node with a VPN" solution. But pls
>> make it dummy proof for people like me :)
> 
> It's not such a great solution. The VPN service will get complaints,
> instead of the VPS host. And so you'll lose the VPN account. Maybe
> that's easier to fix than configuring a new VPS. But I don't know how
> Tor network handles relays with changing IPs.
> 
>> Markus
>> 
>> 
>> 2016-07-27 9:16 GMT+02:00 Dr Gerard Bulger <ger...@bulger.co.uk>:
>>> I have turned off all exits after worried ISP was forwarding too many abuse 
>>> notices.  This is pending a solution which, if possible would send all 
>>> exiting port data off to a local anonymous proxy or VPN server.
>>> 
>>> Anonymous proxies and VPN servers seem more impervious or tolerant to abuse 
>>> notices than the ISPs.
>>> 
>>> A mod I would like to see is to have a facility to send the all the data on 
>>> ports that are set to exit off to an external anonymous proxy server; https 
>>> and/or socks.   Currently the httpproxy command in torrc does not do that.
>>> 
>>> I have tried to get my VPS, which has a second IP, to connect to a VPN 
>>> server on that second IP for Tor to use for exit.  This is beyond my 
>>> networking skills and attempts cuts off the branch I am sitting on, with 
>>> mucked up routing for everything.
> 
> I'm not entirely sure what's happening for you. But it may be that you
> need to add a route exception to the config file for the VPN client:
> 
> route w.x.y.z 255.255.255.255 net_gateway
> 
> Where w.x.y.z is the the public IP address of the device that you're
> connecting to the VPS from. That's because VPN services typically
> configure clients to route everything through the VPN.
> 
> If you SSH through Tor, you'll need to set a specific exit. Or instead,
> create an SSH onion service in the VPS.
> 
>>> Anonymous VPNs and http proxies I have used are very cheap with no data 
>>> caps and very fast.
>>> 
>>> Gerry
>>> 
>>> 
>>> -Original Message-
>>> From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf 
>>> Of Markus Koch
>>> Sent: 27 July 2016 07:25
>>> To: tor-relays@lists.torproject.org
>>> Subject: Re: [tor-relays] switching between exit and guard
>>> 
>>> I do not think they will kick you or change policy now, I am just out of 
>>> luck with one of my exit nodes. Lots and lots of script kiddies trying to 
>>> hack banks and other websites over my exit node ... I have no clue why one 
>>> exit node attract them and others dont ... bad luck perhaps ...
>>> 
>>> 2016-07-27 0:43 GMT+02:00 Tristan <supersluet...@gmail.com>:
>>>> Oh dear, I'll take this as a warning since I just spun up a Tor
>>>> droplet with DO not too long ago.
>>>> 
>>>> 
>>>>> On Jul 26, 2016 4:48 PM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>>>> 
>>>>> Hi there,
>>>>> 
>>>>> now I am getting abuse mails nearly every day and digital ocean looks
>>>>> like getting pissed off. Is it technical possible to switch between
>>>>> exit and guard so I only run an exit for 14 days a months (less abuse
>>>>> mails per month if it is a exit only 14 days). Or is this a really
>>>>> bad idea?
>>>>> 
>>>>> Markus
>>>>> 
>>>>> PS: I am also getting my first bullet proof exit note tomorrow ...
>>>>> lets see how this works out ...
>>>>> ___
>>>>> tor-relays mailing list
>>>>> tor-relays@lists.torproject.org
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>> 
>>>> 
>>>> ___
>>>> tor-relays mailing list
>>>> tor-relays@lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> 
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] switching between exit and guard

[Markus Koch]

My problem with Solar VPS is: 2 TB Traffic, I will burn 2 TB in 3-4
days and I am not willing to pay for a 8 core 8 gigz ram and 120 gigz
ssd for $80 I do not need. My tor exit nodes run with 512 mb ram and a
shitty cpu and lots and lots of traffic.

Markus




2016-07-27 4:00 GMT+02:00 Jacob Gillespie <jacobwgilles...@gmail.com>:
> Have you taken a look at Solar VPS?  I found it on the TOR wiki and then
> subsequently found https://gist.github.com/foozmeat/a073a07a4aff40aecdc8 -
> they seem to be exit node friendly, I just got mine online yesterday.
>
> On Tue, Jul 26, 2016 at 5:43 PM Tristan <supersluet...@gmail.com> wrote:
>>
>> Oh dear, I'll take this as a warning since I just spun up a Tor droplet
>> with DO not too long ago.
>>
>>
>> On Jul 26, 2016 4:48 PM, "Markus Koch" <niftybu...@googlemail.com> wrote:
>>>
>>> Hi there,
>>>
>>> now I am getting abuse mails nearly every day and digital ocean looks
>>> like getting pissed off. Is it technical possible to switch between
>>> exit and guard so I only run an exit for 14 days a months (less abuse
>>> mails per month if it is a exit only 14 days). Or is this a really bad
>>> idea?
>>>
>>> Markus
>>>
>>> PS: I am also getting my first bullet proof exit note tomorrow ...
>>> lets see how this works out ...
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] switching between exit and guard

[Markus Koch]

I looked 8 hours for a better home and after 8 hours I was exhausted
from laughing of offers like "VPS 25 gigz traffic and $120 price tag
in panama". I simply have not the money to host on expensive
datacenters and most of the offers out there are max 1 terrabyte...
thats a joke for any of my tor nodes ...

Markus

PS: half mad sound not s bad, right? RIGHT?



2016-07-26 23:54 GMT+02:00 Green Dream :
> Seems like a bad idea. Among other issues, I kinda doubt Digital Ocean is
> gonna be any happier. They'll still get abuse emails half the month, right?
> Do you think that's gonna make them like... half mad? ;-) Just run a good
> guard there full time and find a better home for the exit.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] switching between exit and guard

[Markus Koch]

Hi there,

now I am getting abuse mails nearly every day and digital ocean looks
like getting pissed off. Is it technical possible to switch between
exit and guard so I only run an exit for 14 days a months (less abuse
mails per month if it is a exit only 14 days). Or is this a really bad
idea?

Markus

PS: I am also getting my first bullet proof exit note tomorrow ...
lets see how this works out ...
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] wubthecaptain1 relay is no longer an exit

[Markus Koch]

running 3 exit nodes with HTTP + HTTPS (niftymouse,niftygerbil and
niftyguineapig) on cheap VPSs and can confirm: There are heavily used
and meaningful. Even with only HTTP + HTTPS. I got 12 abuse mails ...
so you wont get rid of this issue but I will be way less. Please think
about using less ports.

Markus



2016-07-12 21:58 GMT+02:00 Toralf Förster :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 07/12/2016 09:29 PM, Juuso Lapinlampi wrote:
>> They would have allowed me to continue having an exit on ports 80 and
>> 443, but I didn't see that to do much good so I've turned my relay into
>> a middle relay
> Why ?
> And didn't you consider to run an exit w/ minimal # of exit ports (eg. 443 
> and 6667) and then open step by step few more of those listened hre:
>  https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ?
>
> IMO it is not necessary to open all 65535 ports, 1 or 2 dozen are enough to 
> cover a majority of the needs of the users.
>
> - --
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iF4EAREIAAYFAleFS/UACgkQxOrN3gB26U6hfgD/dIRRwKG3HOV5t1OO0coygbob
> dWEQe/xn49In8dhj6YkA/AxvedZTMq/Xm2ssjdNVyGH6tb1CANZjrD6T2mrOvrQ5
> =f7dm
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] VPS for Exits

[Markus Koch]

I am testing www.hostwinds.com and www.digitalocean.com right now,
both work fine atm.

Markus



2016-07-06 10:19 GMT+02:00 tor relay :
>> Well, I'm still sticking with CoolHousing/Virtual Server Lite because I
>> hardly ever get abuse
>> complaints. For ITL, I may leave after my term expires.
>
>> But a few other companies I found were:
>
>> https://hostmaze.com/
>
> tested it, made really bad experience with them, network performance was
> almost unusable <10MBit/s
> lately, they had an outage of 2 days ("because voxility upstream added two
> new uplinks", than I canceled)
>
>> https://blazingfast.io/
>
> made also bad experience with them, like "fatal" said, their network
> performance isn't the best <20MBit/s (per direction) weekly average
>
>
> If anyone can recommend any other hosters, please come forward.
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DDOS

[Markus Koch]

Or you get e-mails ...

---

Hi there,

Our system has automatically detected an inbound DDoS against your
droplet named niftyguineapig with the following IP Address:
178.62.71.57

As a precautionary measure, we have temporarily disabled network
traffic to your droplet to protect our network and other customers.
Once the attack subsides, networking will be automatically
reestablished to your droplet. The networking restriction is in place
for three hours and then removed.

Please note that we take this measure only as a last resort when other
filtering, routing, and network configuration changes have not been
effective in routing around the DDoS attack.

Please let us know if there are any questions, we're happy to help.

Thank you,
DigitalOcean Support

--

Still wondering why someone ddosed 80% of my TOR servers and nobody
else here got it too ...




2016-06-14 15:08 GMT+02:00 Toralf Förster :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 06/14/2016 02:59 PM, Petrusko wrote:
>> So if the server is attacked, I think it will show some big spikes in
>> those graphs...?
>
> My ISP provides traffic data/graphs.
> And I do use sysstat[1] to monitor my server, which gives among other 
> statistics something like [2]
>
>
> [1] http://pagesperso-orange.fr/sebastien.godard/
> [2] https://www.zwiebeltoralf.de/torserver/ddos_sysstat_example.txt
>
> - --
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iF4EAREIAAYFAldgAbEACgkQxOrN3gB26U5n3AD/bPEsnbv9BWhHMY1AxRuh7qVW
> eixYqbSEoOppY9tDeLoBAI+JLiTnkIYcuAAHJuYGArnXbNqeQyzfOwrnR1ROWlMO
> =P5H8
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] DDOS

[Markus Koch]

4 of my 5 tor servers are under a incoming DDOS attack. Am I the only
one or is anyone else feeling the "love"?

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Weather has been discontinued

[Markus Koch]

http://imgur.com/4knvU6F

2016-06-12 23:29 GMT+02:00 Green Dream :
> Do you guys really run relays just for the t-shirt? Aren't there more
> important reasons to run a relay, like serving the community, being an
> advocate for privacy, and acting against surveillance and censorship?
>
> Is this t-shirt issue *really* a problem that needs to be solved? The Tor
> Project has many other problems that need attention, and their time is a
> limited resource. Can we please just stop worrying and complaining about the
> damn t-shirts?
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] TOR router install without access to root

[Markus Koch]

The hosting staff in every hosting company has physical access to the
servers (even dedicated) and if you have physical access to a server
think about it as compromised.

I dont really see the difference between shared hosting and my other
bare metal servers. As a CCNP I can compromise them both without much
hassle with physical access to them.

It´s not: Shared hosting = sharing my private keys to the world.

Markus



2016-05-25 21:02 GMT+02:00 Nils Vogels <bacardic...@gmail.com>:
> So just out of curiosity: if a lot of relays run on hardware of a single
> hosting company, that hosting company has access to many secret keys, which
> might be an interesting attack vector for an adversary.
>
> Given that these nodes have a different administrator, MyFamily won't be
> set.
>
> Does the relay selection algo take this into account in any way?
>
> Greetings!
>
> Op 25 mei 2016 7:45 p.m. schreef "Markus Koch" <niftybu...@googlemail.com>:
>>
>> My experience is: This is the best hosting companyI ever had and I am
>> doing this for over 20 years. I will not run an exit node and I am
>> sure I will be fine.Btw, there are already alot of hight traffic non
>> exit nodes running on feral.
>>
>> Markus
>>
>> PS: I am not working for feral and I am not a family member or any
>> other connection :)
>>
>>
>>
>> 2016-05-25 12:55 GMT+02:00 pa011 <pa...@web.de>:
>> > Hi Markus,
>> >
>> > on your hint I was just checking feralhosting.com. They are quoting:
>> >
>> > "We do not allow Tor exit nodes to be run on our servers. They're open
>> > invitations for trouble, and while Tor serves a useful purpose our
>> > network is not the place for it.
>> > Tor relays are fine provided they strictly only act as an intermediary.
>> >
>> > We will make an exception to this rule if you bring your own RIPE IPs
>> > and handle abuse directly while taking full responsibility. "
>> >
>> > Is this your experience as well?
>> >
>> > Paul
>> >
>> >
>> > Am 25.05.2016 um 10:16 schrieb Markus Koch:
>> >> Linux, would like to upgrade my accounts at feralhosting.com with tor
>> >> nodes. It must be possible because there are a lot of TOR nodes on
>> >> feral. No clue what kind of linux they are using but you are right, I
>> >> needed root for my other 6 TOR servers and I am just wondering if
>> >> there is a way around it, if not I just ask them to install it for me
>> >> :)
>> >>
>> >>  Markus
>> >>
>> >>
>> >> 2016-05-25 10:10 GMT+02:00 Petrusko <petru...@riseup.net>:
>> >>> Like a portable version so ?
>> >>>
>> >>> Windows, Linux, which operating system are you using ?
>> >>>
>> >>> On Linux world, I'm usually using Debian and as I know you will need a
>> >>> root access to the server.
>> >>> It will create a debian-tor group, write into the system...
>> >>>
>> >>> Or if your user is in the "sudo" group, it can be ok.
>> >>>
>> >>> On windows, I'm not sure if there's a portable version of Tor...
>> >>> portable = no need to install
>> >>>
>> >>>
>> >>>
>> >>> Le 25/05/2016 10:03, Markus Koch a écrit :
>> >>>> possible or do I have to ask my hosting company for the install on a
>> >>>> shared server?
>> >>>>
>> >>>> Markus
>> >>>> ___
>> >>>> tor-relays mailing list
>> >>>> tor-relays@lists.torproject.org
>> >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >>>
>> >>> --
>> >>> Petrusko
>> >>> PubKey EBE23AE5
>> >>> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>> >>>
>> >>>
>> >>>
>> >>> ___
>> >>> tor-relays mailing list
>> >>> tor-relays@lists.torproject.org
>> >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >>>
>> >> ___
>> >> tor-relays mailing list
>> >> tor-relays@lists.torproject.org
>> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >>
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] TOR router install without access to root

[Markus Koch]

My experience is: This is the best hosting companyI ever had and I am
doing this for over 20 years. I will not run an exit node and I am
sure I will be fine.Btw, there are already alot of hight traffic non
exit nodes running on feral.

Markus

PS: I am not working for feral and I am not a family member or any
other connection :)



2016-05-25 12:55 GMT+02:00 pa011 <pa...@web.de>:
> Hi Markus,
>
> on your hint I was just checking feralhosting.com. They are quoting:
>
> "We do not allow Tor exit nodes to be run on our servers. They're open
> invitations for trouble, and while Tor serves a useful purpose our
> network is not the place for it.
> Tor relays are fine provided they strictly only act as an intermediary.
>
> We will make an exception to this rule if you bring your own RIPE IPs
> and handle abuse directly while taking full responsibility. "
>
> Is this your experience as well?
>
> Paul
>
>
> Am 25.05.2016 um 10:16 schrieb Markus Koch:
>> Linux, would like to upgrade my accounts at feralhosting.com with tor
>> nodes. It must be possible because there are a lot of TOR nodes on
>> feral. No clue what kind of linux they are using but you are right, I
>> needed root for my other 6 TOR servers and I am just wondering if
>> there is a way around it, if not I just ask them to install it for me
>> :)
>>
>>  Markus
>>
>>
>> 2016-05-25 10:10 GMT+02:00 Petrusko <petru...@riseup.net>:
>>> Like a portable version so ?
>>>
>>> Windows, Linux, which operating system are you using ?
>>>
>>> On Linux world, I'm usually using Debian and as I know you will need a
>>> root access to the server.
>>> It will create a debian-tor group, write into the system...
>>>
>>> Or if your user is in the "sudo" group, it can be ok.
>>>
>>> On windows, I'm not sure if there's a portable version of Tor...
>>> portable = no need to install
>>>
>>>
>>>
>>> Le 25/05/2016 10:03, Markus Koch a écrit :
>>>> possible or do I have to ask my hosting company for the install on a
>>>> shared server?
>>>>
>>>> Markus
>>>> ___
>>>> tor-relays mailing list
>>>> tor-relays@lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>> --
>>> Petrusko
>>> PubKey EBE23AE5
>>> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] TOR router install without access to root

[Markus Koch]

Thank you. What about the config filez in /etc/tor/ ... /etc/ should be root 
only?

Sent from my iPad

> On 25 May 2016, at 10:24, Sebastian Niehaus <nieh...@web.de> wrote:
> 
>> Am 25.05.2016 um 10:16 schrieb Markus Koch:
>> Linux, would like to upgrade my accounts at feralhosting.com with tor
>> nodes. It must be possible because there are a lot of TOR nodes on
>> feral. No clue what kind of linux they are using but you are right, I
>> needed root for my other 6 TOR servers and I am just wondering if
>> there is a way around it, if not I just ask them to install it for me
>> :)
> 
> tor does not require root permission to be run properly. I just started
> it as user on my debian maschine. Make sure not to use port numbers
> below 1025.
> 
> 
> 
> Sebastian
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] TOR router install without access to root

[Markus Koch]

Linux, would like to upgrade my accounts at feralhosting.com with tor
nodes. It must be possible because there are a lot of TOR nodes on
feral. No clue what kind of linux they are using but you are right, I
needed root for my other 6 TOR servers and I am just wondering if
there is a way around it, if not I just ask them to install it for me
:)

 Markus


2016-05-25 10:10 GMT+02:00 Petrusko <petru...@riseup.net>:
> Like a portable version so ?
>
> Windows, Linux, which operating system are you using ?
>
> On Linux world, I'm usually using Debian and as I know you will need a
> root access to the server.
> It will create a debian-tor group, write into the system...
>
> Or if your user is in the "sudo" group, it can be ok.
>
> On windows, I'm not sure if there's a portable version of Tor...
> portable = no need to install
>
>
>
> Le 25/05/2016 10:03, Markus Koch a écrit :
>> possible or do I have to ask my hosting company for the install on a
>> shared server?
>>
>> Markus
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> --
> Petrusko
> PubKey EBE23AE5
> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] TOR router install without access to root

[Markus Koch]

possible or do I have to ask my hosting company for the install on a
shared server?

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls

[Markus Koch]

Port 6667 ... long time no see
thank you for the information!

markus


2016-05-22 16:10 GMT+02:00 Felix Eckhofer <fe...@tribut.de>:
> Hey.
>
> Am 22.05.2016 16:00, schrieb Markus Koch:
>>
>> Yes, but how many ports do I have to open to be "useful"? In an
>> extreme case: Would it help just to forward port 80 and 433?
>
>
> It would still be useful and receive the "Exit" flag:
>
>"Exit" -- A router is called an 'Exit' iff it allows exits to at
>least two of the ports 80, 443, and 6667 and allows exits to at
>least one /8 address space.
>
>  -- https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2133
>
>
>
> felix
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls

[Markus Koch]

2016-05-22 16:30 GMT+02:00 Random Tor Node Operator <t...@unterderbruecke.de>:
> On 05/22/2016 04:00 PM, Markus Koch wrote:
>> Yes, but how many ports do I have to open to be "useful"? In an
>> extreme case: Would it help just to forward port 80 and 433?
>
> I think the most spartanic Exit Policy is at the bottom of [1]:
>
> ExitPolicy accept *:53# DNS
> ExitPolicy accept *:80# HTTP
> ExitPolicy accept *:443   # HTTPS
> ExitPolicy reject *:*
>
>
> What is useful and what isn't is probably a matter of the eye of the
> beholder.
>
> In my opinion, a http/https/dns-only exit is surely still more useful
> than not exiting at all.

Good point. Stupid question: Do we know what services the users use most?

>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor authorities blocked by Cisco Senderbase

[Markus Koch]

As a CCNP: WELCOME TO CISCO!

*sigh* I need more booze for this ...

2016-05-12 23:47 GMT+02:00 Zwiebel :

>
> I've contacted them about this via [1] and explained that these hosts are
> most likely not malicious and got a replay via e-mail saying that they will
> remain blacklisted.
>
> - Zwiebel
>
> [1] http://www.senderbase.org/support/#problem=other
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] https://itldc.com/

[Markus Koch]

This isp was exit friendly 2 weeks ago. It was posted around 3 weeks ago (look 
at up) in (this mailing list) and they were fine with it. Now they are not, 
just letting you guys know that they changed their minds. 

Sent from my iPad

> On 01 May 2016, at 19:02, Xza <yandere...@riseup.net> wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Did you ask them what they say about Tor exit nodes?
> It's common that they don't want Exit nodes on their VPS services.
> Should always ask ISPs beforehand and how they deal with abuse complains.
> 
> 
>> On May 1, 2016 6:12:29 PM GMT+02:00, Markus Koch <niftybu...@googlemail.com> 
>> wrote:
>> its fair to say they are fed up and dont want to have any Tor Exit
>> Nodes anymore. Just revieved:
>> 
>> Subject: Lots of abuse reports (ID 234162)
>> 
>> Hi,
>> 
>> We receive abuse reports regarding your VDS from our colleagues.
>> 
>> At least:
>> 
>> 1) Registrations and ordering service from another companies for spam
>> sending
>> 2) Fraud
>> 3) Malicious activity like scans and hacking.
>> 
>> Some of these incidents already resolved, some still under
>> investigation.
>> 
>> I need to note that we unable to provide service to you. We expect
>> normal usage of our services, but (as I see) this is not possible in
>> your case.
>> 
>> Your VDS's will be stopped within next few hours.
>> 
>> I am less pissed on the ISP and much more pissed on the user ...
>> 
>> Markus
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> - --
> PGP : 29A4CE52
> -BEGIN PGP SIGNATURE-
> 
> iQI4BAEBCgAiGxxEbyA8eWFuZGVyZXNvbkByaXNldXAubmV0PgUCVyY2lAAKCRBI
> of/XNyszSn31D/47zKuHHIkvNSPsMYUNL/Np7iVUBRdi2oBMnFuQrg12ZlgMAE7P
> yRQPTFZbwznmlwQU/ZZjZXroiT4QNMPjShR/C7gTnyBVMROnZOfwGxcc5ASeXgcz
> 7GexNZUI82rv+PkVg3OW5rrdR5g+I0U14lN2w4ewbGaunDkLiSP3GBoqoSc6WbAj
> JoPUT03Hj920G8+QqRNiPyWGWMnCEEB08xv5wfOcBTvw72hFcvp8hLiE/yXM1BRN
> vB8RC18AGsj46H2h4yoqVdU+Y1gWxs/XrhtQw6zF8ERINnE2ErLjpCm3vcqKYIo6
> ZDXEWBGnt1xJJlpsPlDuh1ix0KfwIrW6ODD5ON6cv7wpmOuxaELSJrcOClw7a8ND
> NltKvuyuMMTj6pwJDbTGz6HliyGhq7CkWzbCORs7DPxYURxzUzpnHC8U5111xjNH
> LzI7L4S8TTD8+U+Q69d/5FKuVBrsfmK2JcuOLZ8QqE3c2jTjw6mUhSMfkHkXAlpe
> wtb6nbUJG20H35FkltHV5mdKS4qew1Yd7D7CsWNVZ1uIhJPdMqoAi82TO+zUvRj8
> N48jfhB89ihHFy3ja0cDQqa6rBR4iIS4UCWdKTLq9UJBxNznIkXwpqQMgkjDwiPs
> MBVECM55in87wZ8V/QuuNe9euhawaUIJEuKORWAmdwbkigTJ4FurnrFMvw==
> =nhzL
> -END PGP SIGNATURE-
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays