Re: [tor-relays] [release] ExoneraTor 4.0.0

[ZEROF]

Can you explain me how this type of public information is good for any kind
of tor operators security, and tor network at all? For me this is so
against word "privacy", and respect to community. You're saving this
information for good of? Making this public put government money to your
pockets? Wauu.

Le ven. 14 sept. 2018 à 20:20, Karsten Loesing  a
écrit :

> Good evening,
>
> today we released and deployed version 4.0.0 [0] of the ExoneraTor
> service [1].
>
> This new version greatly reduces database size and variance of query
> response times. Changes in this version are heavily based on work done
> by Sebastian Hahn.
>
> Earlier ExoneraTor databases can be migrated by running the new psql
> script [2] that comes with a migration function.
>
> Please direct comments and questions to the metrics-team mailing list [3].
>
> All the best,
> Karsten
>
>
> [0] https://dist.torproject.org/exonerator/4.0.0/
> [1] https://metrics.torproject.org/exonerator.html
> [2]
>
> https://gitweb.torproject.org/exonerator.git/tree/src/main/sql/exonerator2.sql
> [3] https://lists.torproject.org/cgi-bin/mailman/listinfo/metrics-team
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nyx Project Ideas

[ZEROF]

Hi,

I use arm, but i wanted to test nyx and i have found install option "pip
install nyx", but install don't work, version 1.4.5. You can see logs:
https://paste.lugons.org/show/Ua6RdWzaMg8cI5cWsf0b/

;)

On 25 February 2016 at 03:10, Damian Johnson  wrote:

> Hi wonderful relay operators. It's GSoC season again, where students
> can be funded to make open source projects like Tor even better!
>
> Nyx (previously known as arm [1]) has been my main focus this last
> year and is inching ever closer to release. For those unfamiliar with
> it, Nyx is an ncurses monitor for Tor relays providing a bandwidth
> graph, event log, connections, config editor, and more.
>
> Rather than add new features my work has focused on making Nyx simpler
> and faster, but GSoC provides us an opportunity to do even more. So
> I'm curious - what do you want from an ncurses monitor? The answer may
> be 'keep it simple'. Feature creep does us no favors. But if there's a
> good fit I'd love to mentor a project that makes your lives even
> better!
>
> I'm not overly fond of the ideas I've had so far...
>
> * Windows support. This poses a few challenges. [2]
> * When running multiple tor instances on a single system connect to
> them all, aggregating the information.
>
> So anything come to mind?
>
> Cheers! -Damian
>
> [1] https://www.atagar.com/arm/
> [2] https://trac.torproject.org/projects/tor/wiki/doc/arm#Windows
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Keypair Error

[ZEROF]

Hi Alan,

If you just copied private key file, then you didn't do things right. But
before other dudes from community say something, pls read all :).

You need to backup folder keys and copy to new server or fresh
installation.

But this is not only your "issue", was mine as well, site information about
"how to move your tor server ..." are not up to date for some time now. Not
so long, that method was ok, but last few 0.2.x versions migration don't
work like before, and we can see much more files inside keys folder. That
was not a case before, you could see only two files if i remember well.

I saw some people saying it's just bug and it will be fixed, but i don't
like to see warnings either. In this time,or you copy all, or you wait for
upgrade and disable arm for now.

Hope it helps.

On 2 February 2016 at 00:20, Alan  wrote:

> I updated my relay and after installing the update, I pasted my private
> keypair in the right file... But in ARM it keeps saying "[WARN] http status
> 400 ("Looks like your keypair does not match its older value.”)"
>
> How do I fix this?
>
> Alan
>
> This message contains confidential information and is intended only for the 
> individual named. If you are not the named addressee you should not 
> disseminate, distribute or copy this e-mail. Please notify the sender 
> immediately by e-mail if you have received this e-mail by mistake and delete 
> this e-mail from your system. E-mail transmission cannot be guaranteed to be 
> secure or error-free as information could be intercepted, corrupted, lost, 
> destroyed, arrive late or incomplete, or contain viruses. The sender 
> therefore does not accept liability for any errors or omissions in the 
> contents of this message, which arise as a result of e-mail transmission. If 
> verification is required please request a hard-copy version.
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] The Onion Box: A web based status monitor for Tor relays

[ZEROF]

Hi Ralph,

I will first post url again because yours give me 404 error page:
https://github.com/ralphwetzel/theonionbox


I will check this week and see.

Thanks for your work and sharing.

On 30 December 2015 at 10:49, k0nsl  wrote:

> Good morning to you too Ralph!
> Thanks for the project; I will try it out later today.
> Best wishes,
> -k0nsl
>
> On 12/30/2015 10:36 AM, theonion...@gmx.com wrote:
> > Good morning!
> >
> > I've created a tool to monitor a Tor relay "in action". In the end it's
> > a web interface operating with Tor's ConfigPort data. Currently it's not
> > as powerful as arm... but it definitely looks better ;)!
> >
> > You can find the tool and some instructions to get it running at
> > GitHub: https://github.com/ralphwetzel/theonionbox
> > <
> https://3c.gmx.net/mail/client/dereferrer?redirectUrl=https%3A%2F%2F3c.gmx.net%2Fmail%2Fclient%2Fdereferrer%3FredirectUrl%3Dhttps%253A%252F%252Fgithub.com%252Fralphwetzel%252Ftheonionbox
> >
> >
> > I would be very happy if people gave it a try and provide feedback to
> > me, especially in case something fails... which probably might happen!
> >
> > Greetings,
> >
> > ralph
> >
> >
> >
> >
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] VPS/Tor Almost There

[ZEROF]

David, low ports numbers are not good idea, he can have same issues. For my
firewall i need to use something more then 9000 to make my exit/relay to
work with my ISP.

On 6 December 2015 at 17:46, David Schulz  wrote:

> Try other ports or ask the hoster, if he blocks ports?! Or try 80 and 443,
> if there are free at your server.
>
> ---
> Mit freundlichen Grüßen / Yours sincerely
>
> David Schulz 
>
>
> Am 06.12.2015 um 17:15 schrieb Kurt Besig:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Thanks again for all the support everyone has bee extremely helpful.
>> So, I reinstalled the OS on the VPS: lsb_release -d
>> Description: Ubuntu 14.04.3 LTS
>> uname -r  2.6.32-042stab102.9
>>
>> Finally solved all the permissions problems, paths are correct, tor
>> and arm open properly.
>> The problem now boils down to this:
>> The VPS isn't allowing Ports 9001 and 9030
>> Should I investigate further getting my iptables up and running or
>> just contact the admin and have them allow the ports?
>> As I mentioned previously even after saving the tables upon reboot
>> iptables -L shows no rules, the file is empty.
>>
>>   :~$ iptables -L
>> Chain INPUT (policy ACCEPT)
>> target prot opt source   destination
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source   destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source   destination
>>   Any further suggestions would be appreciated.
>>
>> Thanks
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2.0.22 (MingW32)
>>
>> iQEcBAEBAgAGBQJWZF8qAAoJEJQqkaGlFNDPO18H/2Axj4EeGf5joYQ3n2SH1cgs
>> HhDAawaiMaSKMcfC/Oc9TudwKAxkoY+QkhegZr5senNKXrXjNPeLucfejkRBiUoJ
>> 8KLOZabSGH2Uf89JNa4ZFbf9QVIiU8GdNJ0vSGy55iAuJQl14ZUpDRQeNnGkmwb5
>> uhADchwTVjK7Pq+ELyG6OI6l0jlQ69TWCpgH4lnMjQ5U+Nr1QKyApxXqr1ap5Heb
>> KJmlwchTv4zAxX2eBc1DPqAXdc9OsvEsPG/r/zp4Z/wPWxsUTGoZWoXsWv4xyjPQ
>> xzAzUKD+b+AvqGQ3ehQbdXtg423kO7/amVidAzux8mDmMeZuFoP3tpfqLd8cH+s=
>> =uoin
>> -END PGP SIGNATURE-
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unbelieveable

[ZEROF]

Just build new torrc, that fixed my issue.

cd /etc/tor/
cp torrc torrc.bak
touch torrc

Use this for torrc (nano torrc), replace some info to match your relay

http://0bin.net/paste/tdUuzTHwZI-BRWQy#JPmufzd+g0W0cx0WyB4g0iU12jU0WFpZRWtKVg6iDbS

When you are done:

sevice tor restart

Then,

sudo -u debian-tor arm

I use screen session for this.

On 5 December 2015 at 20:18, Kurt Besig  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 12/4/2015 8:25 PM, Damian Johnson wrote:
> > For what it's worth process permissions aren't at play here. Arm
> > is failing to talk with the control port - permissions could cause
> > us to be unable to read the authentication cookie, but that would
> > be a different message.
> >
> > Cheers! -Damian
> >
> >
> > On Fri, Dec 4, 2015 at 5:36 PM, Manager Bahia del Sol LLC
> >  wrote:
> >>
> >> No worries,
> >>
> >> Are you sure the user or group is debian_tor? The default is
> >> debian-tor in Ubuntu.
> >>
> >> If that isn't the problem,
> >>
> >> First I would be sure tor is actually running. top or top -u
> >> debian-tor The second will show if tor is actually running as the
> >> user you think it is.
> >>
> >> If it is, then see if it is listening on the control port sudo
> >> netstat -ntlp | grep LISTEN
> >>
> >> If it is I would suspect that either a firewall is blocking that
> >> port. If you have one running try shutting it down for a few
> >> minutes while you try to start arm.
> >>
> >> Or maybe it is a permissions issue where arm is not running as
> >> the same user as tor. You could try starting arm as root to see
> >> if it would start. But, do not run arm as root full time. Only
> >> try to start it as a test.
> >>
> >>
> >>
> >> -- Manager of Bahia del Sol LLC
> >>
> >>
> >> ___ tor-relays
> >> mailing list tor-relays@lists.torproject.org
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >>
> > ___ tor-relays mailing
> > list tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> > Dec 05 21:17:46.000 [notice] Your IP address seems to have changed
> > to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000
> > [notice] Our IP Address has changed from 142.4.217.95 to
> > 167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE).
> > Dec 05 21:18:42.000 [notice] Your IP address seems to have changed
> > to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com).
> > Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed
> > from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source:
> > METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Dec 05
> > 21:18:43.000 [notice] Self-testing indicates your ORPort is
> > reachable from the outside. Excellent. Publishing server
> > descriptor. Dec 05 21:38:37.000 [warn] Your server
> > (142.4.217.95:9030) has not managed to confirm that its DirPort is
> > reachable. Please check your firewalls, ports, address, /etc/hosts
> > file, etc. Dec 05 21:58:37.000 [warn] Your server
> > (142.4.217.95:9030) has not managed to confirm that its DirPort is
> > reachable. Please check your firewalls, ports, address, /etc/hosts
> > file, etc.
> I've gotten this far, not being much good at networking I can't tell
> where the problem lies.. do I need to forward something?
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJWYzh6AAoJEJQqkaGlFNDPCeYIAJln5C5Z+7n69zcoW1/RdUxi
> iduyKB/lnXc1Be190dSsHikjXVWv2hYvbnwvn3RuGOAft29WHd/OJi+GK9qBAB57
> qdL+sl4PvlJVlWYH8hDK65FHqmZ85UYRX0nP5KsvRLbzKlNiX1rGSJPfpVSeOlK8
> 2bvSG/b4+Y4ZqmlxmLyJW5eJnMMzOHJdTf/OgUefnqic5KB1BLXygFi566lYYNMC
> d8R8RObw8Rez/9H4+cKXcbNfnN2Yh0RMwpHF8nqpU8D292kO+Koz/xhfsu9VXRfe
> DBKhCSfKdDJBNiP0zI13Y1OB5tq4SG0sKhhGCCavW+3oelT2ujyTBgB4xAyszkY=
> =U+4y
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nagios/Icinga plugin check_tor_bandwidth for gathering bandwidth data

[ZEROF]

Hi,

Nice work, but in this time i use vnstat to get global traffic info from my
servers. Doing great job, but i will check your solution as well. Sharing
is carring. Have a nice day.

On 26 November 2015 at 09:02, Tim Wilson-Brown - teor 
wrote:

>
> On 26 Nov 2015, at 18:07, Josef 'veloc1ty' Stautner 
> wrote:
>
> Hi Tim,
>
> you hit me hard today because I didn't think about the privacy of the
> users :-)
>
>
> Sorry about that :-(
>
> But the data points for read and write are just average values and the
> time series database also only stores the average values. So I don't think
> that just by looking at the graph you can track specific Hidden Services or
> make other attempts. They would get better precision if they trace the IP
> of the server.
>
>
> I think you're right, but it depends on your threat model:
> * an adversary with access to a router/IXP near your server could get
> precise bandwidth figures (bytes/second) that way;
> * an adversary anywhere in the world could see averaged bandwidth figures
> (kilobytes?/minute) using your graph.
>
> I could imagine your users facing either type of adversary.
>
> But there might be ways to work around that:
> * a public graph could average bandwidth over the time period used on
> Globe (6 hours), or
> * a private graph could provide as much detail as you like, and be made
> available over password-protected HTTPS, or as a hidden service with client
> authentication.
>
> Tim
>
> Am 25.11.2015 um 23:33 schrieb Tim Wilson-Brown - teor:
>
>
> On 26 Nov 2015, at 05:36, Josef Stautner < 
> he...@veloc1ty.de> wrote:
>
> Hello @all,
>
> (I'm not sure if you guys are interested in a topic like this)
> I wrote a perl script to gather bandwidth data from my Tor exit relay.
> The script connects to the Tor control socket, fetches the running
> config to extract the bandwidth limits and the reject rule count.
> Afterwards the last 60 bw-cache entries are fetched and average values
> are built for bandwidth in and out.
> All this performance data is then forwarded to Nagios/Icinga where you
> can do anything with that values.
>
> Every 30 minutes a cronjob renders the graph showing the datapoints of
> the last 6 houres and uploads the resulting image to my website. You can
> find the image here (Hint: The values for in and out are stacked):
> https://blog.veloc1ty.de/bandwidth-large.png
>
> The source of the script can be found here on GitHub:
> https://github.com/vlcty/check_tor_bandwidth
> It's released under the GPLv3
>
> Maybe somebody will find it usefull :-)
>
>
> Hi Josef,
>
> Thanks for creating this tool - it looks like a great way for operators to
> keep an eye on their relay.
>
> But I wonder about the privacy implications of making a relay's
> high-resolution bandwidth figures public.
> For example, attacker can correlate a traffic-based attack on a hidden
> service, with a traffic peak on its Guards.
> (I am not sure if any similar attack applies to Exits, or any other role
> Exits may have.)
> We previously moved to a bandwidth statistics interval of 6 hours for this
> reason.
> (That's why the 3 days and 1 month bandwidth graphs are empty on Globe.)
>
> You lose a certain amount of precision moving to a graph, rather than
> reporting exact figures in a data file.
> But I'm not sure if that's enough to avoid the attack I described above.
>
> Tim
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
>
>
> ___
> tor-relays mailing 
> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How to prevent netscan usage?

[ZEROF]

Hi,

First rule is to use some firewall, 2nd is to disable that port for few
days. You will not lose exit flag becuase of this, just will give you time
to learn more about how to secure your node. Few friends
using FirewallBuilder to learn how to build their firewall system, maybe
you can start with that as well (http://www.fwbuilder.org/). Check and
learn about flood attack and using iptables to block them. Good luck, maybe
other node admins will have better solution for your case.

On 25 November 2015 at 23:21, Roland 'ValiDOM' Jungnickel <
vali2...@validom.de> wrote:

> hi,
>
> I'm operating a tor exit with a relatively high bandwith rate for more
> than 3 years.
>
> My ISP receives more and more abuse tickets about my server regarding
> netscans. These netscans are executed with dest. port 80 so I'm not able
> to block them easily.
>
> Any idea how to prevent netscans using my exit node? Below you find an
> extract of such an abuse mail.
>
> Thanks a lot!
> ValiDOM
>
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41518 =>46.20.92.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41545 =>46.20.92.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41575 =>46.20.92.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45219 =>59.192.63.xx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45218 =>59.192.63.xx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45217 =>59.192.63.xx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 42460 =>59.203.179.x 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 42517 =>59.203.179.x 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 42569 =>59.203.179.x 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 57564 =>   59.211.15.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 57596 =>   59.211.15.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 57631 =>   59.211.15.xxx 80
> Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 58022 =>   59.228.86.xxx 80
> Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 58046 =>   59.228.86.xxx 80
> Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 58081 =>   59.228.86.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 37123 =>64.238.74.xx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 37178 =>64.238.74.xx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41003 =>65.20.53.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45785 =>  65.186.130.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45850 =>  65.186.130.xxx 80
> Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45907 =>  65.186.130.xxx 80
> Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 60607 =>   66.87.185.xxx 80
> Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 60611 =>   66.87.185.xxx 80
> Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 60613 =>   66.87.185.xxx 80
> Wed Nov 18 12:55:14 2015 TCP   88.198.14xxx 52693 =>  69.191.200.xxx 80
> Wed Nov 18 12:55:14 2015 TCP   88.198.14xxx 52740 =>  69.191.200.xxx 80
> Wed Nov 18 12:55:14 2015 TCP   88.198.14xxx 52783 =>  69.191.200.xxx 80
> Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 35453 =>71.54.215.xx 80
> Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 35464 =>71.54.215.xx 80
> Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 39263 => 101.249.145.xxx 80
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Keep smiling only - i dont expect any answer

[ZEROF]

This is what i call:

Happy April 1, 2015

On 1 April 2015 at 18:58, Teófilo Couto undert...@protonmail.ch wrote:

 Same old, same old story, again and again...
 They operate badly developed, badly implemented sites, full of well
 known vulns, but the issue, the bad guy on set, is a tor relay...


 Typical...


  Original Message 
 Subject: [tor-relays] Keep smiling only - i dont expect any answer
 Time (GMT): Apr 01 2015 14:02:00
 From: cmar...@yandex.com
 To: tor-relays@lists.torproject.org

 nice abuse :)


 From:i...@kftc.or.kr
 To:  ab...@wedos.com
 Date:01.04.2015 08:42:07
 Subject: [KF/ISAC] Warning! Unauthorized Access Trial!

 Dear Network Manager :

 I am a network security manager of Korea Financial Telecommunications and 
 Clearings Institute(KFTC).

 My job is to protect Korean financial organizations from illegal intrusion 
 attacks.
 We have received a report of unauthorized access trial originating from your 
 site as shown below.

 
 Date/Time(GMT+9): 2015-04-01 12:47:46 ~ 2015-04-01 12:47:46
 Source IP : 37.157.192.208
 Destination IP : 59.11.68.197
 Attack Type : FCKeditor_Vul
 

 We are seriously considering notifying these illegal attempts to the related 
 authorities of both your and our countries and requesting proper legal 
 actions.

 So, please take appropriate measures to identify and stop the attacker. And, 
 please inform us of the results. (i...@kftc.or.kr)

 Thank you for your cooperation.

 p.s. : If you are not the correct person to deal with this incident, please 
 forward this to the proper person and inform us for future convenience.




 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 7 relays gone because of spammers

[ZEROF]

Hi man,

I will try to explain you how things got in wrong direction for you. OVH
don't lie, but they don't have best support that you can find around.
Anyway. Last 15-25 days a lot of attacks was made on French ISP's and
attacker used Tor IP list to do one part of his sick idea. One of my nodes
in my home was infected as well. As Linux devs need some time to patch
packages that make us vulnerable, we are just attack objects to them. In my
case they used exim4 security issue, and as this sh.. comes preinstalled
with server ISO i didn't even look to it.

Your are victim of same thing I guess. Classic server side infection from
some bot net. Better question is what you can do to protect your servers in
the future.

1. Allow logging to your server from one country or IP, for that i use
geoip : http://www.axllent.org/docs/view/ssh-geoip/
2. Add simple 2 min settings to fail2ban:
https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-6
(this settings can be used on debian as well etc.)
3. Remove ssh password logins from your servers, use only keys
4. Setup honey-pot on your server and play their game (10-15 job):
http://linuxdrops.com/how-to-set-up-a-honeypot-using-smart-and-simple-artillery-debian-6-0/

In the future I will write ansible play-book for this, or some bash or
python script to do this on every server i use for Tor nodes.

I run one exit node from 2014 with OVH cloud (runabove) and thanks to all
security measures I made (using some firewall setting as well) i don't have
issue with them, and they respect that i take care about my servers
security.

Try same and you will see. Block port 25 as well.

On 26 February 2015 at 02:35, I beatthebasta...@inbox.com wrote:

 OVH says no to Tor exits openly doesn't it?

  Quote:
  Rest assure that, in case of an abuse, we will not terminate your
  account without notice. In fact we may not even terminate your VPS. You
  will receive a warning from our Abuse department giving you a choice to
  resolve the abuse case
 
  Has OVH contacted you before because of an abuse complaint?
 
 


 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] TOR: Inbound, Outbound, Exit connections

[ZEROF]

Inbounds:


Servers configured to receive inbound connections only through Tor are
called hidden services. Rather than revealing a server's IP address (and
thus its network location), a hidden service is accessed through its onion
address https://en.wikipedia.org/wiki/.onion. 

Outbound:

Trrafic going out from your server. To allow only tor to use it:
https://trac.torproject.org/projects/tor/wiki/doc/BlockNonTorTrafficDebian

Exit:

Your server will be used as public ip for end user.

On 2 February 2015 at 23:39, Ralph Bolliger ia.tor.re...@gmail.com wrote:

 *Good evening ladies and gentleman*

 I'm running a TOR Exit for a few days now (
 https://globe.torproject.org/#/relay/06BA80D9E1143CFAD835442142A3FA5A1E4FD910).
 I'm also using TOR ARM in order to monitor TOR's performance, log messages
 and connections.
 When I have a look at the connections page on TOR ARM I read about
 «Inbound», «Outbound» or «Exit» connections. I searched the web already.
 But I wasn't able to find a site that explains in simple words what's the
 difference between «Inbound», «Outbound» or «Exit» connections.

 Is there anybody who is able to tell me what «Inbound», «Outbound» or
 «Exit» connections are?

 Greetings from Switzerland

 Information Architect

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays not listed

[ZEROF]

Hi Felix,

Same here, atlas and globe went down for me at that period.

On 11 January 2015 at 11:40, Felix zwie...@quantentunnel.de wrote:

 Hi

 most of my relays are no longer listed on Torstatus* and Consensus**.
 But they perform like they should.

 out $E388F7BD196F5195AEF114552585152EA6942329
 out $2691AE47D3E1D5702520F2792951927C9FE82C67
 out $8d1a618c523a8cc761b7253e96c6d19285c47029
 out $05d54acea361a57b16cd461340bd32f39383470e
 out $1E64DACE137A4A6223E7A4A73060A22ECA46D7B3
 out $772C86361E276271665579621815F43311A29DA6
 out $A53F5920B86F8190569BDFD59F7818BA73966CC3
 out $9FBD26A8EB88126FCEF76205255571E450170949
 out $BF4FFC4EE4D56AD6506D6FA96BA9EBD8001744BB
 in  $5B3B9A0EA1DC16F6348C57FCC83BBB43D1013F4A

 I found Atlas was down between 21:30 ans 01:30 yesterday night.
 Any ideas ?

 Cheers, Felix

 *   http:  jlve2y45zacpbz6s.onion/index.php
 **  https:  consensus-health.torproject.org/consensus-health.html
 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Fast Exit Node Operators - ISP in US

[ZEROF]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I'm not using opendns. OpenNic and OpenDNS are not same thing.


On 23 November 2014 at 23:59, Seth  wrote:
On Sat, 22 Nov 2014 19:13:17 -0800, ZEROF  wrote:

I saw some info just yesterday, but it's not in actual server
configuration. Can you provide some good resource for setting
dnscrypt-proxy? And no logging DNS's is good to protect end users
A caveat: You should probably avoid using the default OpenDNS servers
with dnscrypt-proxy.

From the 'Bad Relays' wiki page
https://trac.torproject.org/projects/tor/wiki/doc/badRelays

 The most common misconfiguration I have seen is using ​OpenDNS as a
host's nameserver with what I think is the OpenDNS default config.
Services such as OpenDNS lie to you, under the name of protecting you.
The result is for instance getting redirected to their webpage when
you want to visit evil sites such as ​https://www.torproject.org/.;

___
tor-relays mailing
listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




- --http://www.backbox.orghttp://www.pentester.iz.rs

-BEGIN PGP SIGNATURE-
Version: OpenPGP.js v0.7.2
Comment: http://openpgpjs.org

wsFcBAEBCAAQBQJUcoEyCRDHWR777fxuEQAAT7EP/A+lRfEQ/p2id19oJDhM
3JZZQZaTdUPv0elzrllzhse/pErPTcTzu6uoghyVE7sLbdalcFZ5HATg2RR0
+DpI3czxd9TuOCj3k+kz8vfSxj3J0IDBvIQM+z3d4B7xfbp5DmMrJVxm+OOF
J8TsN+yfspw6g3GJaBMzC7ZlrVGlAsgo47nYSjgMZy8082te6XFVNclAZ76Q
PRT3IQyovTGHVKtx4WTnO5w2oxdPefEzjn4z5LvqR6eQGOw4vpJZUX99zDKL
XQnBWhmhhprLW7wyVo7qLRFUpT6A/HY9GJBPz+j9LNDKCi1962Ajgo5Fl2iP
a76iv/v+jAgEiRJY+XrmVI1vgWYDYaegiMHdH82JExgbA0O717s1/2IPix3k
OEd3wS7iA9veXcrq7EMquyPDuKxAdsOhJTaAE50w74jfYx3a637p59VI9yzB
HdERrwdcfiTRnQVcf+KmKjmYXU+7WjxVE0ebjvJIPFTNC7VMlKrn/Vfmhhl9
Pn4Lm57FNgy2z9ah6VTGEVHLmgxtprGIxt14r10m2GyZFbKR8twO5DU5FXgE
XN1a956m+mh35dUQwlE6QIt7IefgrEvH/h6Pau9NTv2PMxxRlCj1ooR6w+Kn
Cvu9QYxeuXfDpgxZdGBmUOhWl5DG4xsiRVNM3JFWMPuLVGTtWTpSF/1uQjiZ
Brvw
=hwKy
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Fast Exit Node Operators - ISP in US

[ZEROF]

If you are looking for good solution, I'm testing right now
http://roundabove.com, running one exit node with exit rules provided
from https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy.

Tor's uptime is 11 days 12:00 hours, with 194 circuits open. I've sent
182.16 GB and received 178.18 GB.

Only what you need to do on your system is to set new hostnames in
/etc/rc.local. I use servernames without logging from this this list
http://wiki.opennicproject.org/Tier2 (France).


-BEGIN PGP SIGNATURE-
Version: OpenPGP.js v0.7.2
Comment: http://openpgpjs.org

wsFcBAEBCAAQBQJUcUZVCRDHWR777fxuEQAAA6QP/jvqWdTKTH0mOJ3Nc2Fz
AwkT1lmRFf1/TOUl1DAK4JNIXloK33LAJ7sOnessSJ4g6tVqZL552nwMIAHK
dJ3UQntKWR+fmPb8rpgvAwFcTY6Yk3oKqZv8xRZTveFgvhpUsbhialDwBdSq
dB6/47IogkCekQVX8pbUus4uAUSsE83KFACTIWeStFWZ0ltpM5eQheW6kPjm
kp3MuQwawHYj5XCwj/l/ZaceOyzEoSAbAI9v/IMw1cuZvCX1jzShU7K4Tlgs
/I0Mk+vYNuI/eDvg/NFMJUza/YWRMDx5WxlNYJqZ6mNdYZXyZIakEpWAihoX
5GDl5UluFmBZwn5k+lI1lr9nl67hcR3YFfF1EXaZZq4WuOyrpy3vh0mzTpf/
6FtFjqC9275NfR7OmaNyd5vFJh9aUsvlr+2oq8hDG+4raTX0OFFiYSuePPxW
pEhb7UD6ngIJK2zK/m5mdiWWdU1pH3Kr4NdBTlDN6yvg7JT03dS1mIaYcioT
btQNZCJ5sr1FAHQpOScx0tJtqIROA35bZINnqpLvc5eoSyBQGhTiggstgAcL
qxmOBvvYTaWaWknpTRbekKlTaZzTH6pJRKoK2Lj2htbCusAM7NWnUi9TdtBh
rDgBkEmfqV+zy9u7sa40CtGnNxZ0Q4i0y8vNtREK3xI+VTZY6zssq6fOZ2A8
9i0X
=cD5N
-END PGP SIGNATURE-


On 23 November 2014 at 02:58, Seth l...@sysfu.com wrote:

 On Sat, 22 Nov 2014 17:05:53 -0800, s7r s...@sky-ip.org wrote:

  I am concerned if they will sustain Tor exits on the long term. If the
 Tor relay will consume more bandwidth they might start shouting about
 it since more virtual machines share a network port, and they will
 want to maximize how many VMs they can assign to a port in order to
 maximize profit. Not to mention if the relay will be under DDoS attack.


 I share all these concerns and s'pose we'll find out eventually.

 The Choopa (VULTR parent company) network infrastructure is fairly robust
 from what I gathered reading many many posts about the service on
 lowendtalk.com.

  I saw many cheap cloud providers which claimed to support Tor, yet
 after little time just when the relay was becoming popular and known
 in the consensus, service terminated. Hope VULTR will not follow this way.


 I think the VPS providers are more likely to fold in the face of pressure.
 Too big and they're likely gutless and/or compromised.

 There's probably a sweet spot that's willing to Throw down for freedom
 somewhere in the middle. (Sonic.net for example)

 I should have also mentioned in my previous post I put the following in
 /etc/tor/torrc

 # Bandwidth and data caps
 AccountingStart day 19:45 # calculate once a day at 7:45pm
 AccountingMax 33 GBytes # 33GB X 30 days = 10GB shy of 1000GB/mo.
 RelayBandwidthRate 3000 KBytes
 RelayBandwidthBurst 3750 KBytes # allow higher bursts but maintain average

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays