Re: [tor-relays] VPS w/FDE suggestions?
IONOS is good - just keep the data throughput around 25%, and they should leave you alone. Paul 137CF322859E400455E457DB920F65FFDD222CDF - Original Message - From: "MRob via tor-relays" To: tor-relays@lists.torproject.org Cc: "MRob" Sent: Wednesday, February 21, 2024 10:18:28 AM Subject: [tor-relays] VPS w/FDE suggestions? Hello- Im looking for <= $6/mo VPS suggestions for general non-tor server and also for tor. Some super-cheap hosts pre-install O/S and give root but I want to install O/S myself so can put in FDE. Hard to see which hosts can do this. I tried Linode before and yes, could get FDE ($5 1GB, 1CPU, 25GB, 1TB) Is IONOS any good? Can I get FDE there?? ($2 1GB, 1CPU, 10GB, ?TB) ($3 2GB, 2CPU, 80GB, ?TB) ($6 4GB, 2CPU, 160GB, ?TB) Others caught my eye: hudsonvalleyhost ($3.95 1GB, 1CPU, 25GB, 20TB) ($6.95 2GB, 2CPU, 50GB, 20TB) liquidweb ($5 1GB, 1CPU, 30GB, 1TB) digitalocean ($6 1GB, 1CPU, 25GB, 20TB) ovhcloud ($4.20 2GB, 1CPU, 20GB, 100Mbps unmetered) ($5.50 2GB, 2CPU, 40GB, 500Mbps unmetered) brownrice ($5.95 3GB, 1CPU, 10GB, unlimited) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] This is not me
the relay with fingerprint B8D95BB1AAFB6F234EC50A100F46E4CC8E8E90FB (coffswifi5)is not me... coffswifi4 is mine so don't ask me to add as a family... Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit node in spain
Hi Irr4Z, I note you sent an email directly to me via the contact details from the exit node. attached... Hola Paul, Te escribo porque he visto que eres el único nodo activo de salida en tor, en españa. Estoy interesado en contribuir con un exit node en españa, y quería conocer tu experiencia, ya que entre mi asociación hay ciertas dudas de si esto podría ser un problema legal. Muchas gracias! Response... I will say I have never had a problem running an exit in Spain. I get 5 to 7 abuse emails a year. I respond to the complaints within 24 hours and have had no recourse. I'm a resident of Australia and run it in Spain as it is cost effective compared to here. I hope this helps. Regards, Paul PS - hmm beer... 137CF322859E400455E457DB920F65FFDD222CDF - Original Message - From: "irr4z" To: tor-relays@lists.torproject.org Sent: Wednesday, December 2, 2020 7:25:07 PM Subject: [tor-relays] Exit node in spain >Hello, everybody, >Quickly, I write from Barcelona, I am interested in contributing to tor with exit nodes, but I am concerned about legal issues. >I see that there is only 1 active exit node in Spain, and I wonder if it is so dangerous in my country :-) >Any comment or feedback is welcome. >Thanks and beers to everyone! >Irr4z ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] FYI - DNS
Just an FYI on a problem I found with two DNS of 1and1 ionos. The affected DNS are 212.227.123.16 and 212.227.123.17 which both are not responding to *.torproject.org domain or sub domains. I found this out as my system reverted back to the default DNS after a system crash. I'm now using bind on the local system and all is fine. Just thought to let all know just in case they are using these DNS. Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor relay ipv6
> It can be hard to set up IPv6 for a relay, we're working on a grant to make > it easier. It could be helpful to do a request/survey to relay operators to find out their experiences. That is those who have ipv6 configured what was the process and if there were any problems in the process. For those who haven't yet configured ipv6 what is the barriers preventing them from using ipv6. For me it was a problem at the ISPs end then it wasn't clear how to get network config to use ipv6. I got the shits with it in the end and just used iface eth0 inet6 dhcp. It works... LOL Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Strength in numbers (of $$)
> the tor project mob just asked me to give money to support their effort to > protect free communication and privacy. > i thought my contribution to the 'community' goal paying for space of > numerous virtual computers in numerous places was sufficient. > how many relays do each of them run out of their pocket? This request for donation is for the NGO side - Tor Project not the Tor network. I contribute to the network like you but the development and advocacy costs as well. I'm great full to all who contribute in there own way and say thanx to all. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New exit node
> Aren't Russia, China, North Korea and Malaysia somewhere near? Australia is now in EuroVision so its somewhere near... P ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Lets increase Routing Security for Tor related BGP Prefixes
OVH Final responce. I've been informed that RPKI ROA is indeed a very nice security mechanism for BGP and prevent BGP hijacking and we totally agree that the popularity grew since the recent months. We definitely will consider this solution as BGP hijacking protection. For now, we do not have specific ETA for this implementation, however, it will be looked into. Interesting info for statistics: https://rpki-monitor.antd.nist.gov For any other questions or concerns, please feel free to contact us through a support ticket or through our toll-free line at 1-855-684-5463. We’re here 24/7 to help you! We thank you again for choosing OVH, ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Lets increase Routing Security for Tor related BGP Prefixes
OVH response so far. " Thank you for contacting OVH regarding your concern about BGP hijacking. We first would like to apologize for the delayed response! We are experiencing an unusual amount of requests at this moment. This is why the response time is longer than usual. That being said, I have forwarded this question to our specialists and will update this ticket once I've received a response. We thank you for your patience. For any other questions or concerns, please feel free to contact us through a support ticket or through our toll-free line at 1-855-684-5463. We’re here 24/7 to help you! We thank you again for choosing OVH, " Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] SSH login attempts
> Since 14:00 my logs (middle node) are spamed with around 100 faild > ssh login attemps from different ips. > Is there anybody else affected? Yes - it's constant 3-5 attempts per second - that's normal. Use some tool like fail2ban and/or ssh key authentication. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] The Assistance and Access Bill 2018
> Before getting into a death-spiral of geek solutions to political problems: > what makes you believe that > relay operators would get classed (under a legal definition) as > "communications providers"? A communications provider is "the provision by the person of an electronic service that has one or more end - users in Australia" ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] The Assistance and Access Bill 2018
On a satire note - https://www.youtube.com/watch?v=eW-OMR-iWOE But seriously - https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018 And - https://www.homeaffairs.gov.au/about/national-security/five-country-ministerial-2018 The thing that worries me is that this bill will probably go through and it can hoover up relay operators. That is they can force you to add/develop tools to eavesdrop on you. Is there any real defense against this bill? IE having a parameter in the torrc that would act like a canary? Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Abuse Complaints
Question: are exit operators seeing many abuse complaints now days? I have only had one in the last two months from 5 exits. I used to see a lot now nothing really. I just find it weird. Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Individual Operator Exit Probability Threshold
> About finding sponsors for high speed exits, it could be nice > to gather ideas. Can I ask what is a high speed/capacity exit? For me it would be >10MiB/s am I correct? Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Lets increase Routing Security for Tor related BGP Prefixes
> If you are an OVH SAS or Digital Ocean customer (directly or indirectly just > on the same AS) > it would be great if you could ask your customer support when they are planing > to deploy RPKI ROAs (like other big hosters already did). Do you have a template email that can be sent? I will lodge a helpdesk ticket here in AU for my service (OVH) - Still trying to get the IPv6 working... SIGH. Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Individual Operator Exit Probability Threshold
> Is there any help for setting up new high capacity exit relays ? > Livak If you have questions there are many who will answer them in this list. There are s many factors that come into play. How much are you willing to spend How to communicate to the ISP What hardware you are going to need IPv6 support ISP firewall rules DNS - running your own I found it hard working out what the threshold was for data - all the ISPs I have been using seem to wack you if there is too much bad traffic and/or too much bandwidth used. I now have throttled to 10MbiT/s at this point. I will slowly ramp them up over the next 12months. Teor and Nusenu gave me a lot of help and suggestions. There is no right or wrong answer, just takes time getting it right and stable for you. Just post any questions and it will be answered. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Albania Hosting suspended my two relays
This is sad, but is becoming more common. I just spent three days getting a relay back up after it was locked because of abuse complaint. In the end I had to ring them and explain - they seemed to have come on board. If you have a backup you could find a new hosting service - won't do much for the back directory though. Keep smiling :-), Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Will have to keep a close eye on this...
In the Bill at https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Emails
137CF322859E400455E457DB920F65FFDD222CDF > I'm suddenly without my tor-relays emails and I'm beginning to > withdrawal test 1...2...3? I feel Sad for you... P ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DNS Time Outs
> Exits don't get dropped from the consensus for DNS failures. > The directory authorities only check ORPort connectivity. Then I have two separate problems... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DNS Time Outs
Crap - Just found out I have a problem - DNS The Tor service runs and doesn't stop but the DNS stops working. The DNS service is running but not returning lookups. I run Bind9. Even fail over DNS fails. If I restart the Tor service all is good again. Any idea's? P 137CF322859E400455E457DB920F65FFDD222CDF - Original Message - From: "Paul Templeton" To: tor-relays@lists.torproject.org Sent: Monday, July 9, 2018 8:55:39 AM Subject: [tor-relays] DNS Time Outs Hi all, how often does the site https://arthuredelstein.net/exits/ update. 'coffswifi4' was reporting 60% timeouts but I have setup a stand alone DNS for it and would like to know if its resolved the problem. I think this is why it kept on being dropped from the consensus... For nusenu - Yes I have setup DNSSEC :-) Regards, Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] DNS Time Outs
Hi all, how often does the site https://arthuredelstein.net/exits/ update. 'coffswifi4' was reporting 60% timeouts but I have setup a stand alone DNS for it and would like to know if its resolved the problem. I think this is why it kept on being dropped from the consensus... For nusenu - Yes I have setup DNSSEC :-) Regards, Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is a relay on mobile broadband possible in Australia?
> Would anyone have had any luck running a relay via mobile broadband in > Australia? > The DirPort 9030 and the ORPort 9001 are blocked. > Is it impossible to work around the port blocking? What provider - I used to run one on iiNet broadband. P ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Coordinated raids of Zwiebelfreunde at various locations in Germany
> They seized most of our electronical storage equipment (disks, laptops, PCs, GnuPG Smartcards/Yubikeys), but it is safe to assume that they will not be able to break the encryption (or the smartcards). They also took our mobile phones, but even if they were to break into them, no login data or anything else affecting our infrastructure or communications is stored on those phones. I wonder how long its going to be before new laws are sort (Again)... encryption. P ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] multiple OutboundBindAddressExit IPs
>nusenu: >> feature request for prefixes is on my >> todo list >https://trac.torproject.org/projects/tor/ticket/26646 This would be good. The scenario for me is I have two exists that fall out of the census because of ISP firewall rules (Haven't figured it out yet). The nodes stay up and running and you can connect to them but the outbound seems to be block (Typically three hours). I do not know if would be better to rotate IP Addresses per circuit or just to rotate every so many minutes. Long lived circuits could persist though. There seems to be a threshold in the amount of traffic that I push through the node before it gets flagged. With a feature like this I could double the throgh put. P 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] OutboundBindAddressExit
Can you only bind one address or is there a way to use multiple? P 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Coordinated raids of Zwiebelfreunde at various locations in Germany
I feel sorry for these guys. I hope they had backups off shore as they probably won't see their stuff returned for some time or at all as investigations can take years. If they need funds for legal support I'll chip in if they require it. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Exit Node Winter Shutdown
> I regret to inform you all that I will be shutting down my Tor Exit node - > Winter [ 0] after more than five years. Makes me sad :-( Keep a backup - you may find hope else where... You never know. P 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] A general question for relay operators
> You can rent a relay anywhere in the world. (I rent a few machines in > other countries, because internet in my country is slow.) pfft - Does they live in AU - LOL - If they do then its expensive as well... But teor is right plenty of systems out there in the world - some really cheap. P 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Alleged Family Members
> How long is the timeout for 'Alleged Family Members' to disappear on > 'metrics.torproject.org'? Can I force it? Shouldn't take long, but did you leave the relay finger print in the MyFamily section in the torrc file? P 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I get sad when :-(
>>I have two systems one a VPS the other bare metal and both will drop out of >>the consensuses about once a day(2 to 3 hours) but are running the whole >>time. >Hmm, that's weird. >Does your provider have a reliable connection? Both systems are hosted in Spain - Some of the Auths lose connectivity. I will keep an eye out to see if it is the same ones. >> I have 4 bare metal systems but none are at capacity and would like to find >> the best approach to get more out of them. Consensus is one issue that's >> limiting capacity usage. >We have a troubleshooting guide for slow relays: >https://trac.torproject.org/projects/tor/wiki/doc/MyRelayIsSlow >Let us know how it goes. I was thinking of running a second instance on an under weighted node in AU. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I get sad when :-(
> I get sad when I pay a USA 'business' for 15 VPS exits and they fly away. I'm sad that you get sad... > BOINCing is good in a winter in Coffs. It was pretty crisp this morning until > the cpu gets going. Reminds me of the Bitcoin mining days, used to heat the flaming shed 30+. 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] I get sad when :-(
I get sad when I lose control over one of the bare metal systems I run and help desk is slow to respond over the weekend. Then you have to throw in the time differences, then the language - its a wonder anything runs... Just wanted to know if there is anyone I can hook up with to talk about some config/stability issues. I have two systems one a VPS the other bare metal and both will drop out of the consensuses about once a day(2 to 3 hours) but are running the whole time. I have 4 bare metal systems but none are at capacity and would like to find the best approach to get more out of them. Consensus is one issue that's limiting capacity usage. I would love to meet up but in a remote part of AU and I just quit my job after 15 years so haven't time to fly anywhere at this time... P 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Spam Emails Received From This Mailing List
I note that you do not receive any spam until you post to the list. So is it a bot subscribed to the list or is it reading the piper mail? Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] metricsbot broken
Who ever looks after the @metricsbot@botsin.space its stopped working... Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New DNS related fields in the ContactInfo Sharing Specification
>>> https://github.com/nusenu/ContactInfo-Information-Sharing-Specification paul: >> or will there be a key available to specify? I.e. 25%BW and/or >> 50%CPU. >> I'm just saying as I have three bare metal systems two that have >> 1gbit Ethernet no data cap but they only use 15%... nusenu: >Due to this last sentence I'm not sure if you >want to convey availability (only xx% of resources are available to tor) >or usage (tor uses only xx% of the resources it has available)? The latter - Tor uses only xx% of the resources it has available. It might help by knowing where capacity is available for extra services if and when required by the Tor Project. Just Saying. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New DNS related fields in the ContactInfo Sharing Specification
> https://github.com/nusenu/ContactInfo-Information-Sharing-Specification Is there an assumption that a 100% of the system is dedicated to Tor or will there be a key available to specify? I.e. 25%BW and/or 50%CPU. I'm just saying as I have three bare metal systems two that have 1gbit Ethernet no data cap but they only use 15%... Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Secret Google and Microsoft Blacklists affecting non tor IPs if on same server.
> Really annoying that my email server IP has never sent anything, no relay, no > spam, almost no traffic so what is stated is not true and even their own > tools reports nothing. > Is Google looking at MAC addresses to do this? How can we stop it? I really > do not want to run another server just for tor as that costs! I don't think its you Tor node - it just google. I note that your DMARC, SPF, etc are set and valid. You mail server is not an open relay. I maintain a few mail servers and run into these types of problems. There is no real reason for them. Microsoft is the worst - no logic what so ever. Do others use your server and has one of those accounts been compromised? Had one last week - a user followed a spam link and gave out their username and password - we sent 30 emails out in an hour... You don't need to be on black lists to be blocked by the major players. You might want to relax your DMARC to see what happens. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
Thanx Alexander > Just to be safe, you could also check the rest of the dig output and > /etc/resolv.conf (or relevant resolver configuration on your system) to > make sure your BIND is being used. The flags look fine, though. resolv.conf only has 127.0.0.1 and Dig responds from 127.0.0.1 - Caching works as well. I'll update the rest of my exits now. Thanx All Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
Hi All, Is there anyone who uses Bind9? I'll setup DNSSEC on all Exits but I would like to validate the config. I have done this on 41781FDC57238DAB955DF6D6E8400CEC5ACBE706 options { directory "/var/cache/bind"; dnssec-enable yes; dnssec-validation yes; auth-nxdomain no;# conform to RFC1035 listen-on-v6 { ::1; }; listen-on { 127.0.0.1; }; allow-recursion { 127.0.0.1; ::1; }; }; include "/etc/bind/bind.keys"; When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if its working. There is no forwarding. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
Thanks teor > I would recommend using a caching resolver, it puts much less load on the > remote resolvers you are using. Went down this path - its working. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
Thanks nusenu > I'd say this is broken network and ask them to fix it. Ticket has been lodge but it takes for ever to get something done - The node has been off line for two weeks now (After a power issue in the rack). There has been issue after issue getting the system up again and now this. Was just wondering if you can force DNS requests on ip's 95.130.12.251 and/or 95.130.12.252 as they are not affected. If not I can run it as a middle for now... SIGH Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
> Can you elaborate on your network topology and NAT? Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then out to the real world. In bound traffic comes via 95.130.8.11 then 9.130.8.120 It's NATted at 95.130.8.11 and all I see is this address connected to the system(ie all connections show as 95.130.8.11). My /etc/network/interface - the DNS server is temporary for testing. auto lo iface lo inet loopback auto enp4s0 iface enp4s0 inet static address 95.130.9.210 netmask 255.255.255.255 network 95.130.9.210 broadcast 95.130.9.210 dns-nameservers 95.130.8.8 95.130.8.9 #Route statique vers la passerelle up ip route add 95.130.9.1 dev enp4s0 up ip route add default via 95.130.9.1 up ip addr add 95.130.12.251/24 dev enp4s0 up ip addr add 95.130.12.252/24 dev enp4s0 # iface enp4s0 inet6 static # address 2a02:a80:0:1210::2 # netmask 64 # gateway 2a02:a80:0:1210::1 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
> and has screwed DNS resolution. ;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.8#53 ;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.9#53 This is the problem I'm having... 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] ISP Nat
Hi All, I have an ISP who has started NATting inbound traffic and has screwed DNS resolution. Is there a way to bind DNS requests to use a specific IP address (Have multiple) that is not affected with this NATting problem. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 for the nifty?
> I was wondering if you have any plans to get IPv6 connectivity? At three of the ISPs i use have IPv6 available but my skill set is vastly lacking. I would love to find a mentor to assist with configs. IPv6 is the future. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] torproject.org outages? (was Re: Tor Relay Setup)
> Tor Project infra. is being DDoSed right now. What little that can be > done, is being done. Maybe you could update your DNS records to create a round robin with some of the trusted mirrors to take the load off? Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] 0.3.2.9 not reporting bandwidth in atlas
Is it me or is there some issue. Since I've upgraded to version 0.3.2.9 there has been no update to the bandwidth graphs. family:867B95CACD64653FEEC4D2CEFC5C49B4620307A7 Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Question: systematic hacking on my social media accounts
Hi all, Just wondering if anyone else has had this problem over the last week. I have had attempts (one successful) on my social media accounts. Just found it strange that it was more than one. They got into my Facebook page (Haven't used it for years) - Seems that they got access via really old personal questions that family have provided them via their online posts - ie happy birthday now that you are this old... and hows your dog m doing and my mum listing her maiden name etc. I can't get it through to people to stop them from having public profiles... SIGH. Mean while they have to put up with girly pics or unfriend me as i'm not interested in the account. A lesson for all. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] >30% of the Tor network runs outdated version: Consider enabling auto-updates
I can not add technical advice but it reads well. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] what are these spikes
Hi all, just a query - I get these unusual spikes on https://atlas.torproject.org/#details/867B95CACD64653FEEC4D2CEFC5C49B4620307A7 (have a look at the three month chart) and I notice some of the other AU relays do the same. can anyone tell me what they are Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Become a Fallback Directory Mirror
You can throw 867B95CACD64653FEEC4D2CEFC5C49B4620307A7 into the mix - its my only stable server with little load. I would have IPv6 but OVH AU has some sort of problem - have had a ticket open for two weeks now. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Issues with faravahar?
Yup - Me Too... - Original Message - From: "Aneesh Dogra"To: tor-relays@lists.torproject.org Sent: Tuesday, December 12, 2017 8:47:30 PM Subject: Re: [tor-relays] Issues with faravahar? On Tue, Dec 12, 2017 at 3:06 PM, r1610091651 < r1610091...@telenet.be > wrote: Hi I'm seeing regular issues with faravahar in logs lately. Is somebody working on this? Logs: Dec 12 10:32:56.000 [warn] HTTP status 502 ("Bad Gateway") was unexpected while uploading descriptor to server ' 154.35.175.225:80 '. Possibly the server is misconfigured? Dec 12 10:33:56.000 [warn] Received http status code 502 ("Bad Gateway") from server ' 154.35.175.225:80 ' while fetching "/tor/server/d/706E3C29265BD073DF77DC457A3CD8B1BC16C6E6+E223A1B036E3F7315DCADE32F6A4428F15148987.z". I'll try again soon. Thanks Hey, I am getting the same warnings in my log files. Running an exit relay. Thanks -- Regardless, I hope you're well and happy - Aneesh ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP is aking me to send a selfie holding my identity card
Have three servers around the globe and never been asked for ID. Even in Australia where your have to identify your self with ID. It must be the type of system yo are purchasing as I have found all of mine are under the banner of corporate. paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Pretty sure our exit was being synflooded.
Happening to middles as well - I get black hold all the time - ISP has auto rules. Paul - Original Message - From: t...@t-3.net To: tor-relays@lists.torproject.org Sent: Saturday, November 25, 2017 10:23:24 AM Subject: [tor-relays] Pretty sure our exit was being synflooded. Was anyone else's exit being synflooded yesterday and today? I put some iptables code in to help, it might have mitigated it. I'm pretty sure our exit "Libero" was being synflooded. Managed to lose all our flags shortly after the instability was (finally) resolved, go figure =p ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Test
got it... - Original Message - From: "Alessandro Lo Mo"To: tor-relays@lists.torproject.org Sent: Thursday, November 16, 2017 3:49:42 PM Subject: [tor-relays] Test Test ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Thank you to directory operators
Here Here - Original Message - From: "Tor Node Admin @ SechsNullDrei.org"To: tor-relays@lists.torproject.org Sent: Monday, October 30, 2017 9:58:49 PM Subject: [tor-relays] Thank you to directory operators Good morning, Relay operators often receive gratitude on this list for running relays, but let’s not forget the directory operators – those individuals/organizations who are more central to The Tor Network and run their directory servers at a higher personal risk level than the relay operators. Sincerely, Isaac, t...@sechsnulldrei.org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] UbuntuCore
These nodes are popping up everywhere - is this some sort of malware being deployed on systems around the globe? Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Balancing throughput versus getting Black-Holed
> How long is your relay blackholed for? Usually 12Hrs - I'll look at a second IP to see if it helps a bit. Having the ability to rotate address would be good... :) Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Balancing throughput versus getting Black-Holed
> What do you mean when you write "Black Holed" ? Are you referring to large sites online automatically blocking users, or your traffic being shut down by your provider? Yes and no - The carrier is doing it - so no traffic can get through to the providers system (My node- even me). It's automated and can be initiated by any entity using the carriers infrastructure. It's a simple Null Route - Someone is proberble oing a massive DDos... Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Balancing throughput versus getting Black-Holed
Hi All, I have a question. I would like to know other peoples experiences for exit nodes and the methods of mitigating getting black holed. I have a node that gets black-holed all the time now - it runs at 18Mibt - 41781FDC57238DAB955DF6D6E8400CEC5ACBE706 I have noticed smaller relays/exits on the same AS don't seem to run into the same problem. I was thinking of running two to three smaller exits at around 4MiBt or just going for a larger faster middle. Thoughs/Comments. I have been emailing the provider and their carrier but know one ever responds/reply's. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] atlas.cogentco.com Is blocking
> Whoever runs that node will need to talk to their ISP support team to get it unblocked. Thanks Andy - the reason I asked because its not with the Service Provider it's there upstream carrier - I have lodged a ticket with the carrier and waiting to here back. The ISP doesn't know anything. I haven't received any notification - it was dropped with no indication... Plus when have major international carriers started to drop IP address??? I'll keep you all posted... Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] atlas.cogentco.com Is blocking
Has anyone come across a scenario where a carrier blocks IP traffic? atlas.cogentco.com is the point which drops any packet to 95.130.9.210 The server is up and running internal monitoring says its OK. The ISP doesn't provide an interface to the Server so I can not log on to do any other validating. Trace routes to any IP with the ISP (active or not)terminates in the ISP's network. Trace route from any point on the planet times out as soon as you hit atlas.cogentco.com Any thoughts... **IPonU could you ping from one of your servers at Digicube please and let me know. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Just got my first Abuse email :-)
Thanks Roman, > I believe in such case you are supposed to reply to your provider I will > There was a mini discussion recently on that, with the general consensus > seeming to be that keeping it open is more trouble than it's worth. > https://lists.torproject.org/pipermail/tor-relays/2017-October/013188.html I'll drop port 22 Regards, Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Just got my first Abuse email :-)
It makes me happy but alas it was forwarded to me by the provider and didn't include an email address... so now I can not reply, SIGH Question: this has come from port 22 usage - how important is this port to the general population? Thoughts... Regards, Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AU Relays and data retention
Thanx Teor, I did speak to a lawyer and there is no requirement to retain any data if you run a node. It's treated as a VPN. My question that I sent was more about whether a service (non commercial service) was exempt. They don't delineate. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] AU Relays and data retention
Hi All, I have asked the Attorney Generals Department about data retention and got the following response. If you run a relay/bridge here you seem to be exempt from retaining data. If your not an ISP and you run a service from home the ISP/carrier will retain the data though. This just general information. Regards, Paul UNCLASSIFIED Dear Mr Templeton Thank you for your enquiry to the Office of Communications and Cybercrime. I am re-sending our reply to your original enquiry that we sent on 12 September 2017 that seems to have not arrived. The extent of data retention obligations for your relevant service would relate to the extent to which elements of the data set “visible” to you. For example, where a provider does not have “visibility” of a customer’s IP address, it is likely that the IP address was assigned as part of a different relevant service. For example, if you have a record of the MAC addresses of users who access your network then this information must be retained for the required period. You are not obliged to retain the identity of the user if this is not information to which you have access. Whether the service is being offered on a commercial basis or is free is irrelevant in determining a service provider's obligations. In your email you noted that "The true origin of a connection and the true destination will never be known and there will be no way of obtaining the information. That also pertains to the ports used in the circuit and all data passing through the circuit will be encrypted." This sentence appears to suggest that you may be looking to offer some kind of an internet access service, in which case the destination is not required to be retained. Your reference to encrypted content suggests a VPN. If this is the case and this service is not operated you, obligations do not apply. Also, data retention would not require you to store the contents of the communications. Please do not hesitate to contact our office if you require further information. Regards Kerry Office of Communications Access & Cybercrime Intelligence and Identity Security Division T: (02) 6141 2884 The information contained in this email is intended as guidance only. It does not constitute legal advice and should not be relied upon as such. If you require legal advice, you should consult an independent legal adviser. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Any IP allocations available out there?
> So, in Australia, if you're running a Tor relay, it's actually easier to > *not* be an ISP. I'm testing this with AGs department - I have put in a request to see if Tor falls outside of the scope - That is it's not a commercial service. The law only states commercial services that you charge for or make money from. They are taking their time to respond. Paul PS - I didn't state what services I was deploying just it wasn't a commercial service and I'm trying to find a lawyer to help navigate. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Any IP allocations available out there?
> Could you please define “Metadata”? Server connections? That would be quite a > bit with a high traffic tor relay … https://www.ag.gov.au/dataretention Should answer your questions. Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Any IP allocations available out there?
> If you're interested in becoming your own ISP (obtaining your own ASN, > IPv6 and IPv4 scopes), you'll need to apply via APNIC, as I did in the > US with ARIN. Here is an example: Would if I could - but here in AU you have to log all metadata for two years if you are an ISP. I either listen to what others have stated and host overseas or host overseas... I might be able to get a 20/20Mbs fibre for AU$250 - Just waiting to find out if they have data caps or not. Thanx all for your input. Paul PS - whats more important - More bandwidth for exit nodes or a faster presence in AU??? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Any IP allocations available out there?
OVH has this in AU 5.9 For security reasons, OVH reserves the right to proceed with the immediate suspension without notice, of any Server on which there is a public service Proxy, IRC, VPN or TOR which is available free of charge or for a fee, and for which OVH has knowledge of its fraudulent or illegal misuse. > with Tor's overall architecture, does it really make sense to > route e.g. EU clients exiting to EU destinations, True - Wanted to add to the diversity in location and OS. Will look at other jurisdictions for better service... Still looking but so far all have data caps. I really want a decent exit node here in AU but getting perplexed. I'll sleep on it... Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Any IP allocations available out there?
Thanx Tim, > * reverse DNS pointing to your domain, and I would do it anyway > * registration services like abuse.net. Will look into it > ovh.com.au Pricing ok - may be the better option - 100Mbs unlimited - [i'll give them a call and see what they have/can do.] - I just rang them they have data caps... *SIGH* Other hosting providers have TOS that are hostile and some have data caps:(. <- that's a pimple on my chin... 10/10Mb SHDSL - I should really say about 8Mbs symmetrical - that is with typical a ping of about 24-30ms across the country. Regards, Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Any IP allocations available out there?
Thanx niftybunny, It's more political than anything. With the constant changes in policy driving censorship I feel that having a strong presence is important. At the moment there are 50 nodes in Australia with the fastest running at 357Kbs and only two exit nodes - fastest is 100Kbs. Its a reflection on the state of politics and the level of service that is provided by ISP's. Yes I could run more nodes in VMs around the world but at this stage I would like to investigate a strong presence here in AU. Regards, Paul - Original Message - From: "niftybunny" <ab...@to-surf-and-protect.net> To: tor-relays@lists.torproject.org Sent: Thursday, August 24, 2017 10:41:12 AM Subject: Re: [tor-relays] Any IP allocations available out there? The smallest block you can advertise with your own AD is a /24 as far as I know. Getting a IPv4 /24 is …. expensive and hard to get. If you are not incredible rich and very tech savvy and a hardcore Tor supporter: Forget it. Get yourself a few virtual servers. niftybunny “For too long, we have been a passively tolerant society, saying to our citizens 'as long as you obey the law, we will leave you alone'” --David Cameron, 2015 On 24. Aug 2017, at 02:29, Paul Templeton < p...@coffswifi.net > wrote: Thanx to all here on the list for input to earlier posts. Helped a lot. Question I have is there anywhere where you can get a block of IP address or lease as I'm in the process of getting a 10/10Mb SHDSL service(No flaming data cap :-)) here in AU but I want an IP range that abuse questions can be forwarded to me. The service provider doesn't provide ARIN registration but said if I have my own block I can update the BG and manage it my self. Regards, Paul PS - the best price I can do at the moment is $550pm - *SIGH* - but worth it. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Any IP allocations available out there?
Thanx to all here on the list for input to earlier posts. Helped a lot. Question I have is there anywhere where you can get a block of IP address or lease as I'm in the process of getting a 10/10Mb SHDSL service(No flaming data cap :-)) here in AU but I want an IP range that abuse questions can be forwarded to me. The service provider doesn't provide ARIN registration but said if I have my own block I can update the BG and manage it my self. Regards, Paul PS - the best price I can do at the moment is $550pm - *SIGH* - but worth it. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays