Re: [tor-relays] Dutch Relays
Dear nifty, thank you for the valuable feedback. <3 Let's continue the discussion off-list. ### Dear all, I think ColoClue is a great place to run relays. It's self-organized infrastructure and not some Hetzner foo where everyone else is running relays. They run a reliable colo and they are great people. Only drawback is that we (Artikel10) were capped at 500Mbit/s. But there might be ways around this limit that we never tried. Thank you @ all ColoClue people for housing our first colocated Artikel10 exit relay. Much appreciated :) -- please reach out to me if you are attending 37C3. Best kantorkel Am 12/18/23 um 14:59 schrieb ab...@relayon.org 2023: These are complete and utter shit. avoid like the plague! nifty On 11. Dec 2023, at 09:06, Jordan Savoca via tor-relays wrote: On 12/10/23 2:41 PM, Christopher Sheats wrote: Emerald Onion is looking for co-location and IP transit opportunities in the Netherlands for deploying new exit relays. We have our own ASN, v4 and v6 IP space. Hi yawnbox, You may want to check out ColoClue[1], they're a volunteer-based not-for-profit association operated by folks in the commercial ISP space who needed a way to host their own systems. Today they support ~200 engineering hobbyists with low-cost infrastructure. They have cross-connects to AMS-IX and NL-IX[2] and diverse transit connectivity[3] in their racks. Job Snijders has given a couple talks at NLNOG and NANOG about operations-related things, like effective DDoS mitigation[4] with fastnetmon and automated peering solutions[5]. I'm not a member personally, but if I lived in the area I'd definitely include them in my list of potential options. ^^ [1]: https://coloclue.net/en/ [2]: https://github.com/coloclue/peering/blob/master/peers.yaml [3]: https://bgp.tools/as/8283#connectivity [4]: https://www.youtube.com/watch?v=0ahdxp_btHY [5]: https://www.youtube.com/watch?v=C7pkab8n7ys -- Jordan Savoca https://jordan.im/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit relays abused to attack Google services
Am 2/2/22 um 01:19 schrieb UDN Tor via tor-relays: Google is now sending abuse reports complaining of DDoS attacks against their services. While they believe the IPs are participating in a botnet, it is clear that they are Tor exit relays. I don't know why they are sending us the report after the attacks have ended. Besides, since Google services are unusable over Tor, this should not have caused them much damage. I suspect the attacker is trying to get relays shut down by triggering Google reports that would scare off the ISPs. If you are an ISP and you have received the same report, please let me know. I'd like to know if this was global or if we've been "selected". We received 2 DDoS reports in Oct 2021 and 3 automated scraping notices in Nov and Dec 2021. We are seeing automated scraping of Google Web Search from a large number of your IPs/VMs. Automated scraping violates our /robots.txt file and also our Terms of Service. We request that you enforce your Acceptable Use Policy against these customers. Best kantorkel, Artikel10 From: ddos-repo...@google.com To: ab...@urdn.com.ua Subject: [#zMto] DDoS from your IPs to Google from 2022-01-28 to 2022-01-31 Date: Tue, 01 Feb 2022 20:22:42 + We observed IPs under your control participating in DDoS attacks targeting Google services, including a prolonged DDoS attack from January 28-31 against the Google Search Console. The attacks were Layer 7 / HTTP request floods. Your participating IPs are listed below, along with the stop time in UTC and targeted Google IPs. We request that you enforce your Acceptable Use Policy against these customers. +-+-+--+-+ | Source | Destination | DestPort | Time_UTC| +-+-+--+-+ | 193.218.118.62 | 142.250.180.227 | 443 | 2022-01-31 15:55:01 | | 193.218.118.90 | 142.250.180.195 | 443 | 2022-01-31 15:53:28 | | 193.218.118.100 | 172.217.19.99 | 443 | 2022-01-31 14:43:09 | | 193.218.118.101 | 142.250.180.227 | 443 | 2022-01-31 17:32:54 | | 193.218.118.125 | 142.250.180.227 | 443 | 2022-01-31 15:55:28 | | 193.218.118.145 | 142.250.180.195 | 443 | 2022-01-31 15:55:30 | | 193.218.118.147 | 142.251.39.35 | 443 | 2022-01-31 15:41:36 | | 193.218.118.155 | 142.250.180.195 | 443 | 2022-01-31 13:45:43 | | 193.218.118.156 | 142.250.180.227 | 443 | 2022-01-31 15:57:52 | | 193.218.118.158 | 142.250.180.227 | 443 | 2022-01-31 18:41:34 | | 193.218.118.167 | 142.250.201.195 | 443 | 2022-01-31 15:56:53 | | 193.218.118.182 | 142.251.39.3| 443 | 2022-01-31 17:31:57 | | 193.218.118.183 | 142.250.180.227 | 443 | 2022-01-31 17:42:40 | | 193.218.118.231 | 142.250.180.227 | 443 | 2022-01-31 17:43:08 | +-+-+--+-+ Note we believe some of these IPs are part of the Meris or Dvinis botnets. If you are a residential Internet service provider, it is possible that your customers' routers themselves have been compromised. You should research the Meris botnet and take appropriate actions to have them secure their CPE (customer-premises equipment). -- Security Reliability Engineering :: Google :: AS15169 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running Tor exit nodes on university networks
Hey. Am 6/9/21 um 9:51 PM schrieb Andreas Kempe: We have this page with some tips: https://community.torproject.org/relay/community-resources/tor-relay-universities/ I read through the page before mailing the list and I especially appreciate the template letter from EFF. I am hoping that a system of standardised response e-mails can be realised to lessen the burden of handling complaints. Maybe with some degree of automation? That is totally possible. At Artikel10 (https://artikel10.org/), we use Zammad to realize some degree of automation. We ignore some mails, some receive our standard reply. Here's a project that other members of our community have used in the past and that you could adapt for your university: https://www.overleaf.com/project/541e42eddb749944790bd16d And as Matthias said, you can find more relays outside .EDU, for example, this non-exit node hosted by our friends in University of Campinas, in Brazil: https://metrics.torproject.org/rs.html#details/1E7BDE03151AAB779CB4AFEAEEA52536FFAA9400 Here you find our experiences from running Tor exits at two German universities: https://arxiv.org/abs/2106.04277 I don't think running a non-exit node would be an issue since they won't generate nearly as much abuse. I have considered looking at running normal nodes or possibly bridges if we hit a wall regarding exit nodes. (My relay at university is a low-bandwidth relay but...) If abuse is an issue, you could allow fewer ports or even ports 80, 443 only. In the past months, most abuse mails that I received were about port 22. Best, kantorkel ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I was banned from PayPal
Hello again, did you talk to the hosting companies? Maybe they know about other customers facing the same issue. Best kantorkel Am 3/13/21 um 4:33 AM schrieb potlatch: Hello kantorkel and Tor ops, To put a little meat on the bone of this situation, I did not receive an email from PayPal--I was informed that I was banned when I tried to make a payment for VPS hosting. During the week before this ban, I had sent funds to both Flokinet for an exit relay in Finland and to ITLDC.com for VPS hosting in Poland--both exit relays. I used the PayPal support email to ask for the reason I was banned and to ask for re-instatement. I have heard nothing back. I had surmised that someone was monitoring payments to off-shore hosting companies and maybe they assumed I was supporting a news agency--I don't know really. If that is the case, why haven't the hosting sites been banned as well? The message in my PayPal account referred to a violation of the user agreement. Here is the full text of the message: -We're unable to continue offering our services -Thank you for using PayPal as your payment partner. -Unfortunately, we are unable to continue offering our services -to you at this time due to the nature of your business and/or -activity in your account and the risk it poses to PayPal. This -decision can't be overturned. -If you owe refunds to any of your buyers, you can use the money -in your PayPal account to refund them. -Money in your PayPal account will be held for 180 days. After -180 days, we'll email you information on how to withdraw your -money. The only transactions on this account over the past 3-months were VPS lease payments off-shore. I looked up the user agreement to determine where I had violated the rules and found only a single reference to operating servers: -Service Requiring Pre-Approval: -Providing file sharing services or access to newsgroups; or -selling alcoholic beverages, non-cigarette tobacco products, --e-cigarettes or prescription drugs/devices. I have a zoom meeting with two attorneys from EFF.org on March 18. Stay tunedand maybe ban PayPal. --potlatch Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Thursday, March 11, 2021 12:06 AM, Matthias Marx wrote: Hi Potlatch, would you mind sharing PayPal's email / full message with me? Regards from Hamburg kantorkel Am 3/11/21 um 12:42 AM schrieb potlatch: Today I received a message from PayPal that paying for Tor relay server leases was a direct violation of my usage agreement. I have been paying off-shore VPS hosts for my Tor server leases with PayPal for at least ten years. Very interesting that they act now. They specifically state the ban was for: Providing file sharing services or access to newsgroups; or selling alcoholic beverages, non-cigarette tobacco products, e-cigarettes or prescription drugs/devices. They further state that the ban is permanent and not reversible. I liked using PayPal because it was a safe way to pay and didn't expose my credit card information. Before PayPal I used a prepaid card which I will probably go back too. --Potlatch Sent with ProtonMail https://protonmail.com Secure Email. tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay operators meetup @ rC3: today 22:00 UTC+1
To avoid confusion: We will meet today at 21:00 UTC, that is 22:00 CET https://www.starts-at.com/event/2603308559 On 12/29/20 12:30 PM, kantorkel wrote: Hi all, the meetup will take place today, 2020-12-29, at 10pm UTC+1. In rC3 world, we will meet in the bottom right corner of the Jena hackerspace "Krautspace" (https://rc3.world/rc3/room/5edc1329-f55c-46e1-a739-b0d642c2c80f/). Please use https://jitsi.rc3.world/torrelayops-724b5 to join from the outside world. Thanks to qbi for organizing the room. Best kantorkel On 12/27/20 10:54 PM, Stefan Leibfarth wrote: Hello Tor friends and relay operators, I haven't heard of a relay operators meetup at the ongoing rC3. Are there any plans? If not, who of you is interested? It would be my pleasure arrange a session. Please get back to me. Cheers Leibi ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay operators meetup @ rC3: today 22:00 UTC+1
Hi all, the meetup will take place today, 2020-12-29, at 10pm UTC+1. In rC3 world, we will meet in the bottom right corner of the Jena hackerspace "Krautspace" (https://rc3.world/rc3/room/5edc1329-f55c-46e1-a739-b0d642c2c80f/). Please use https://jitsi.rc3.world/torrelayops-724b5 to join from the outside world. Thanks to qbi for organizing the room. Best kantorkel On 12/27/20 10:54 PM, Stefan Leibfarth wrote: Hello Tor friends and relay operators, I haven't heard of a relay operators meetup at the ongoing rC3. Are there any plans? If not, who of you is interested? It would be my pleasure arrange a session. Please get back to me. Cheers Leibi ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 35C3 Tor Relay Operators Meetup
Hi all, > > If so, it would be great if we could get > - a slightly bigger room than we had last year > - a room with a beamer > since the number of rooms is very limited, I have reserved a slot for the Relays Operators Meetup: 2018/12/27 16:30, 90 minutes, lecture room M2. The room has 48 seats and a beamer. Feel free to change any details: https://events.ccc.de/congress/2018/wiki/index.php/Session:Tor_relays_operators_meetup Best, kantorkel ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
