Re: [tor-relays] Log warning : possible (zlib) compression bomb on middle relays

[Paul Geurts]

same here,

my 4 relays (guards) all had this log entry, with one of them the log
entries are spread over a quarter of an hour (2 tor instances runnnig on
this one):
(this one is on Central European time zone, CET)

Nov  2 05:15:22 : Possible compression bomb; abandoning stream.
Nov  2 05:15:23 : message repeated 2 times: [ Possible compression bomb;
abandoning stream.]
Nov  2 05:16:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:16:21 : Possible compression bomb; abandoning stream.
Nov  2 05:17:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:17:21 : Possible compression bomb; abandoning stream.
Nov  2 05:19:21 : message repeated 5 times: [ Possible compression bomb;
abandoning stream.]
Nov  2 05:19:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:19:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:20:21 : Possible compression bomb; abandoning stream.
Nov  2 05:22:21 : message repeated 4 times: [ Possible compression bomb;
abandoning stream.]
Nov  2 05:22:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:22:21 : Possible compression bomb; abandoning stream.
Nov  2 05:23:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:23:21 : Possible compression bomb; abandoning stream.
Nov  2 05:23:21 : Possible compression bomb; abandoning stream.
Nov  2 05:24:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:24:21 : Possible compression bomb; abandoning stream.
Nov  2 05:24:21 : Possible compression bomb; abandoning stream.
Nov  2 05:25:21 : Possible compression bomb; abandoning stream.
Nov  2 05:26:21 : message repeated 3 times: [ Possible compression bomb;
abandoning stream.]
Nov  2 05:26:21 : Possible zlib bomb; abandoning stream.
Nov  2 05:26:23 : Possible compression bomb; abandoning stream.
Nov  2 05:27:21 : Possible compression bomb; abandoning stream.
Nov  2 05:29:39 : Possible compression bomb; abandoning stream.
Nov  2 05:29:44 : message repeated 3 times: [ Possible compression bomb;
abandoning stream.]




gr. Paul


On Mon, Nov 2, 2020 at 9:28 PM Chris Dagdigian  wrote:

> Same on my US exit relay:
>
> Nov 02 04:03:50.000 [warn] Possible zlib bomb; abandoning stream.
> Nov 02 04:03:50.000 [warn] Possible zlib bomb; abandoning stream.
>
>
>
>
> Christoph Graf 
> November 2, 2020 at 11:59 AM
>
> Same here on my bridge:
>
> Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning
> stream.
> Nov  2 06:21:04 raspipfupf Tor[2556]: Possible zlib bomb; abandoning
> stream.
>
> Time is UTC+1, nothing before and after
>
> Cheers, Christoph
> On 02.11.20 11:05, Guinness wrote:
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> Guinness 
> November 2, 2020 at 5:05 AM
> Hi all,
>
> We are at least 3 users running middle relays from 0.4.4.5 and after having
> some logs like those :
> ```
> Nov 02 05:30:55.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:30:55.000 [warn] Possible zlib bomb; abandoning stream.
> Nov 02 05:30:56.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:00.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:55.000 [warn] Possible compression bomb; abandoning stream.
> Nov 02 05:31:56.000 [warn] Possible compression bomb; abandoning stream.
> ```
>
> I'm wondering if this is an attack or a new feature (haven't checked
> yet) but I'd like to know how many users are impacted.
>
> The interesting informations are :
> * Number of warnings
> * What kind of relay it is (middle, exit, entry)
>
> After your answers, I'll complete the issue I have opened on the bug
> tracker.
>
>
> Cheers,
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] relay got suspended

[Paul Geurts]

hi y'all,

one of my relays got suspended today, because of heavy ddos traffic.


*Hello,*


*Today your VPS IP address was heavily attacked by a large DDoS, so we were
forced to suspend the VPS and null the IP for the time being, since it had
overloaded our upstream provider. We are keeping an eye on the situation,
however in the meantime you will want to get your site behind a DDoS filter
such as CloudFlare.*

*Let us know if you have any further questions.*


*Thank you!*

*Adam*

has any of you see this behauvior? I think there is no use in putting a
relay behind a ddos filter, or is there? In that case I'll just spin up
another one.

relay in question is this one, almost 7 months with no interuption what so
ever, no indication in the (munin) monitoring for high or higher traffic...
because the vps is suspended I don't have the latest syslog so I don't know
for sure whether anything has shown up there, but I am quite sure that
yesterday there were no abnormal logging entries on this server.

https://metrics.torproject.org/rs.html#details/CDE4149F0DC65A7BE1AE440340BE1C7A18135E29


rgds,. Paul
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What is the command to view the tor log file on Debian?

[Paul Geurts]

hi Keifer,

some options:

tor is not running as the default instance (This is what Matt allready said
in his mail, for example because you use something like ansible rules to
set it up), you could try using:
sudo journalctl -eu tor*

on debian the logging from tor is in some cases put in /var/log/syslog
(this depends on how you have installed tor, again, if you used ansible
rules to setup tor this could be the case). So if you edit this file you
can find the relevant tor line items. There are lots of other options to
look at syslog, simple way to start could be:

cd /var/log
more syslog | grep Tor
(this shows only line items from syslog that contain 'Tor' in it)

or

sudo more syslog | grep Tor
(depends on the account you are using)




gr. Paul


On Thu, Jul 30, 2020 at 8:38 AM Keifer Bly  wrote:

> Hey so upon running the command Matt suggested, this is the return:
>
> It says there are no logs to display. Thanks. Wonder how else to do it?
> --Keifer
>
>
> On Wed, Jul 29, 2020 at 10:15 AM Matt Traudt 
> wrote:
>
>> Assuming you didn't add any `Log` lines to the torrc and assuming you
>> are using the `default` tor instance,
>>
>>journalctl -eu tor@default
>>
>> -e to jump to the end
>> -u to specify the unit, tor@default
>>
>> Logs end up here by default because
>> /usr/share/tor/tor-service-defaults-torrc has `Log notice syslog`. I
>> think (but don't know for sure) adding a `Log` line in your torrc would
>> override this, since this appears in the defaults torrc.
>>
>> Matt
>>
>> On 7/29/20 1:09 PM, Keifer Bly wrote:
>> > Hello,
>> >
>> >
>> >
>> > So I am trying to view the tor log file (for how much traffic was sent,
>> > etc) on my relay since start? I am trying using the “less
>> > /var/log/tor/torrc.txt” command but this only shows a blank screen with
>> > the word END and nothing else on Debian Linux.
>> >
>> >
>> >
>> > Thanks very much.
>> >
>> >
>> >
>> > --Keifer
>> >
>> >
>> >
>> >
>> > <
>> https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=emailclient_term=icon
>> >
>> >   Virus-free. www.avast.com
>> > <
>> https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=emailclient_term=link
>> >
>> >
>> >
>> > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>> >
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Call for Testing - New Feature: Relay IPv6 Address Discovery

[Paul Geurts]

hi Gerard,

you can find the instructions via the link provided in the original email:

[2] https://2019.www.torproject.org/docs/debian.html.en

gr. Paul


On Thu, Jul 23, 2020 at 11:48 PM Dr Gerard Bulger 
wrote:

> Where do we get daily builds?
>
> -Original Message-
> From: tor-relays  On Behalf Of
> David Goulet
> Sent: 22 July 2020 20:55
> To: tor-relays@lists.torproject.org
> Subject: [tor-relays] Call for Testing - New Feature: Relay IPv6 Address
> Discovery
>
> Greetings everyone!
>
> We've very recently merged upstream (tor.git) full IPv6 supports which
> implies many many things. We are still finalizing the work but most of it
> is
> in at the moment.
>
> This is a call for help if anyone would like to test either git master[1]
> or
> nightly builds[2] (only Debian) to test for us a specific feature.
>
> The feature we would love for some of you to test is the IPv6 address
> discovery. In short, with this new feature, specifying an ORPort without an
> address will automatically bind tor to [::]: and attempt to find the
> IPv6 address by looking at (in this order):
>
>   1. "Address" from torrc
>   2. "ORPort address:port" from torrc
>   3. Interface address. First public IPv6 is used.
>   4. Local hostname, DNS  query.
>
> If all fails, the relay will simply never publish an IPv6 in the descriptor
> but it will work properly with the IPv4 (still mandatory).
>
> The other new thing is that now tor supports *two* "Address" statement
> which
> can be a hostname or IPv4 or IPv6 now.
>
> Thus this is now valid:
>
>   Address 1.2.3.4
>   Address [4242::4242]
>   ORPort 9001
>
> Your Tor will bind to 0.0.0.0:9001 and [::]:9001 but will publish the
> 1.2.3.4 for the IPv4 address and [4242::4242] for IPv6 in the descriptor
> that is the address to use to reach your relay's ORPort.
>
> Now, if you happen to have this configuration which I believe might be
> common at the moment:
>
>   ORPort 9001
>   ORPort [4242::4242]:9001
>
> The second ORPort which specifies an IPv6 address will supersede the
> "ORPort
> 9001" which uses [::] and thus you will bind on 0.0.0.0:9001 and
> [4242::4242]:9001. You should get a notice log about this.
>
> Thus the recommended configuration to avoid that log notice would be to
> bind
> to specific addresses per family:
>
>   ORPort :9001
>   ORPort :9001
>
> And of course, if you want your relay to _not_ listen on IPv6:
>
>   ORPort 9001 IPv4Only
>
> In your notice log, you will see which address is used to bind on the
> ORPort
> and then you will see the reachability test succeed or not on the address
> that tor either used from the configuration or auto discovered that is the
> address you are supposedly reachable from.
>
> Man page has NOT been updated yet, it will arrive once we stabilize the
> IPv6
> feature and everything around it.
>
> Please, do report (on this thread) _anything_ even slightly annoying about
> this like logging or lack of logging and so on. This is a complex feature
> and errors can be made thus any testing you can offer is extremely
> appreciated.
>
> Thanks!!
> David
>
> [1] https://gitweb.torproject.org/tor.git/
> [2] https://2019.www.torproject.org/docs/debian.html.en
>
> --
> EeJVrrC/dHQXEXYB1ShOOZ4QuQ8PMnRY2XGq4BYsFq4=
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] directory servers working on updates?

[Paul Geurts]

hi Roger et al,

thanks for your extensive reply, I appreciate this.
I am a relatively small relay operator with more of an infrastructure
background than a software development background, but nevertheless trying
to understand and learn from the bug reports and follow up. So I am afraid
I can't help you out on details regarding the tor clients that are putting
load on the directory authorities.

kinds regards, Paul





gr. Paul


On Sun, Jun 14, 2020 at 11:58 PM Roger Dingledine 
wrote:

> On Sun, Jun 14, 2020 at 07:27:55PM +0200, Paul Geurts wrote:
> > anything up this weekend?
> >
> > [image: image.png]
>
> Yes. There is a mysterious alternative Tor client out there, which is
> programmed to do uncompressed directory fetches just from the directory
> authorities. It easily overloads directory authorities if they don't use
> the defenses we put in for it over the past few months:
> https://bugs.torproject.org/33018
>
> This alternate set of Tor clients recently came back, and you can see
> its impact in e.g. the bandwidth graph for gabelmoo:
>
> https://metrics.torproject.org/rs.html#details/F2044413DAC2E02E3D6BCF4735A19BCA1DE97281
>
> Now, fortunately, it doesn't ask for directory information in the same
> way as any of the Tors that we've ever built, so the fix in #33018 was
> to keep answering the Tors that we built, while declining to answer
> these other requests when we're low on bandwidth.
>
> But even still, some of the directory authorities are having trouble
> under the load, and the resulting desynchronization means that not every
> directory authority succeeds at participating in every consensus round.
>
> That's probably what you're seeing with the inconsistencies on
> https://consensus-health.torproject.org/
>
> If somebody knows some details of what these other Tor clients actually
> are, that would be really helpful to know!
>
> --Roger
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] directory servers working on updates?

[Paul Geurts]

hi,

anything up this weekend?

[image: image.png]


gr. Paul
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Does this mean upgrades are working?

[Paul Geurts]

yes, for as far as I know this is normal if you configure unattended
upgrades, only thing is that there is currently nothing to upgrade on your
system.
the last line means that there is no mailserver installed on this specific
machine, so there is probably not a way to send an automated mail telling
you the status of unattended upgrades. I normally not use this myself so I
am not completely sure, but that is the most logical thing.

rgds. Paul


On Sun, May 17, 2020 at 7:24 PM Keifer Bly  wrote:

> Hi, upon configuring unattended upgrades, I am getting this on testing.
> Does this mean the upgrades are working properly? How will running upgrades
> every day effect my uptime? Thx.
>
>
>
>
>
>  unanttended upgrades.PNG
> 
>
>
> --Keifer
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge down

[Paul Geurts]

Option: Dynamic internal ip address so the FW rule does point to the right
internal ip address?
Machine has been off for a week so the lease could be expired.

On Fri, May 8, 2020, 18:19 Anonforpeace  wrote:

> Apologies for the length but detail is important.  My bridge pc's internal
> power supply had to be replaced, and was down for a week.  After the
> replacement, I restarted the daemon and the tor service.  Everything seemed
> normal except that it's not reachable from outside. No configurations have
> been changed.  The only difference I see is a message in the log indicating
> that the network speed has changed/slowed down.  The forwarded port in the
> router is the same. The torrc file has not changed. I can surf the web.
> Literally the only change is the replaced power supply.  Any ideas?
>
> Thanks
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Any tor relay watchdog services?

[Paul Geurts]

I use uptime robot, but there are probably lots of others to do it.

On Fri, Mar 13, 2020, 09:44 Layer13  wrote:

> Hello,
>
> I'm writing to query about tor relay watchdogs and ask if there are any
> services to check if tor reachable from the internet and if not it would
> send me an automated email telling me that my relay is down.
>
> A little bit of backstory on why I need this: so a couple of days ago
> (13 to be exact) my server had an issue and rebooted, since that reboot
> I didn't start my relay node and it was down for 13 days until I noticed
> it today.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor 0.4.2.5 - Unable to Run Tor Relay on Ubuntu 18.04 LTS VPS

[Paul Geurts]

 On Mon, Dec 23, 2019 at 5:12 PM Clément Février 
wrote:

>
> On 23/12/2019 14:50, r1610091651 wrote:
> > Have a look in the log fie: /var/log/tor/notices.log
> > What is in there?
>
> If we are talking about the same issue than the first message of this
> thread, I have nothing in this folder.

on Ubuntu (if you haven't changed it in torrc) the logging is default in
syslog (to be found in /var/log/). There are other entries there as well,
so something like ' grep Tor syslog* ' should give you most or all of the
Tor logging that is in there (or in the already rotated files).

rgds, Paul

On Mon, Dec 23, 2019 at 5:12 PM Clément Février 
wrote:

>
> On 23/12/2019 14:50, r1610091651 wrote:
> > Have a look in the log fie: /var/log/tor/notices.log
> > What is in there?
>
> If we are talking about the same issue than the first message of this
> thread, I have nothing in this folder.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Improving Relay IPv6 - RIPE Grant

[Paul Geurts]

hi Johathan,

this question was already addressed last week by Teor.
email on this mailing list doesn't always seem to arrive in a logical
sequence possible due to spam filters and so on.

gr. Paul
teor t...@riseup.net via
 lists.torproject.org
Fri, Dec 13, 8:26 AM (3 days ago)

We won't be disabling IPv4 on relays any time soon.

The RIPE grant covers IPv6 address autodetection and self-testing.
If the feature is reliable enough, we may turn on IPv6 on dual-stack relays
by default. (When autodetection and self-testing both pass.)

We don't have any plans to disable IPv4 on relays. We'd need most relays
to be dual-stack first. (Or we'd need research about privacy in non-clique
networks.) And we'd need to write code that allows relays to turn off IPv4.

When that's all deployed, we would have to make an engineering decision
about the capacity of current IPv4-only relays, and the potential capacity
of IPv6-only relays.

One possible transition strategy is to allow IPv6-only bridges and exits.
But to do that, we need more dual-stack guards and middles. That's why
we are improving support for dual-stack relays with this funding.

T

On Mon, Dec 16, 2019 at 12:33 PM Jonathan Sélea  wrote:

> I am unable to see why this is a good idea actually.
> As someone said already, I too would be unable to provide bridges and
> relays thanks to my ISP (Telia) does not provide an IPv6.
> But removing IPv4 only nodes from the network - you are basically removing
> a large chunk of relays from the network without any real reason.
>
>
> On 12/12/2019 5:49 PM, NOC wrote:
>
> Great,
>
> than lets drop all IPv4 only relays from consensus 2020 finally.
>
> P.S. whitelist me so it doesn't take days till my emails appear on the
> mailing list.
>
> Thank you
> On 11.12.2019 03:20, teor wrote:
>
> Dear relay operators,
>
> I just wanted to let you know that RIPE has announced funding for The
> Tor Project to improve IPv6 support on relays. (RIPE is the European
> internet infrastructure organisation.)
> https://www.ripe.net/support/cpf/funding-recipients-2019
>
> We'll have more details early in 2020, when we've worked out an
> implementation plan and a start time.
>
> Thanks for your patience with our current IPv6 support. And thanks
> to all those volunteer coders who have worked hard to get us this far.
>
> T
>
> --
> teor
> --
>
>
>
> ___
> tor-relays mailing 
> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing 
> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Setting up tor/relay

[Paul Geurts]

hi,

I guess there are multiple ways of doing it so I would suggest to start at:
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

don't know whether you can run tor directly on a win10 box, an option I use
is to run a (or multiple) linux box on oracle vm virtual box manager. I am
definitely not an expert but acquired some experience throughout my own
setup ;-)
so let me know if I can help you out.

rgds, Paul



On Wed, Oct 30, 2019 at 10:56 PM hawkeye 
wrote:

> Hello everybody!
>
> I am using a windows ten computer on my home network. I would like to
> donate some of my bandwith but dont know how to do it.
>
> As i read in the tor wiki, as I have a static IPadress I should use a
> bridge. But I have no idea how so if anyone got a good tutorial please let
> me know.
>
>
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays