[tor-relays] update obfs4proxy if you run a bridge
Hello, TL;RD: if you are a bridge operator please update obfs4proxy to a version>=0.0.12. There is a new version of obfs4proxy (>=0.0.12) which fixes a security issue[0]. Tor Browser has already updated to the new version, which reduces a bit the security problem, but introduces a partial incompatibility between versions[1]. Because of that updating to the latest version greatly will help bridge users. If you use debian you can find the latest version bullseye-backports[2]. If you use docker there is a new version of the official docker image that you can upgrade to[3]. Thank you for running bridges, let me know if you need any help upgrading it. [0] https://lists.torproject.org/pipermail/anti-censorship-team/2022-January/000213.html [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40804 [2] https://packages.debian.org/stable-backports/obfs4proxy [3] https://hub.docker.com/layers/thetorproject/obfs4-bridge/0.11/images/sha256-87cd986d98a76c8af93f5b84ee07b0ae232fd013b6122dfaef188900ac36d968 -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan. signature.asc Description: signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Connection burst
Hi everybody Just to let you know. Yesterday between 21:26 and 21:31 utc the relay 03C3069E814E296EB18776EB61B1ECB754ED89FE (Tor 0.4.7.4-alpha, LibreSSL 3.4.2) received a connection burst of 2k+ source addresses out of 174 /8 ip4 nets (1-223/8). They were kicked off by the packetfilter because the max conn per ip rate was above my applied max threshold. The notice level DoS mitigation entry remained untouched while sitting behind the pf. Beautiful! -- Cheers Felix pgp1I4_GKArH1.pgp Description: Digitale Signatur von OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Connection burst
On 3/20/22 17:14, Felix wrote: They were kicked off by the packetfilter IMO it is a bad idea to filter Tor traffic. -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Which is the most useful: relay or bridge
Hi, IMHO, this is not a good idea. Tor relay IPs are public, so they are likely to be blocked as part of censorship in some countries. This will greatly reduce the usefulness of the bridge running on the same IP. Running both at the same time on the same public IP does not add much value. If you are running this on your home network, I recommend running a bridge only. Now the problem is that your public IP is already known as a Tor node, so switching to running just a bridge at this point will not help that much. Running a non-exit relay from your home is also mostly (legally) safe, but be prepared to encounter problems with some websites. Some sites/CDNs block all Tor node IP addresses, not just exits, out of laziness/stupidity/etc. Best regards, KA. --- Original Message --- On Saturday, March 19th, 2022 at 12:06 AM, Thoughts wrote: > Currently running both a guard relay and a bridge, one each on two > > different systems, but both behind the same firewall and static IP. > > Curious if this is a good idea, or if one or the other is of much > > greater value. > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor 0.3.5.x is unsupported, please upgrade
Georg Koppen: Hello! It's time again to get relays upgraded running an EOL Tor series (0.3.5.x). We'll start reaching out to operators with valid contact information this week and plan to start reject relays which are still on 0.3.5.x about 4 weeks from now on at the begin of March. You can follow along that process in our bug tracker[1] if you want. Alright, I just pushed a commit to get relays rejected by fingerprint which are still running an unsupported Tor version (be it a 0.3.5.x or an unsupported 0.4.x one). This will take effect once a majority of our directory authorities has picked it up (which can take a couple of hours). I've sent our bridge authority operator all the fingerprints of bridges running an unsupported Tor version for rejection as well. We'll run further rejection rounds in the coming weeks to deal with new relays/bridges popping up with unsupported Tor versions. You can follow along this process by tracking our respective ticket in Gitlab.[1] Thanks, in particular to those operators who keep their relays/bridges up-to-date or updated them recently! Georg [1] https://gitlab.torproject.org/tpo/network-health/team/-/issues/210 OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays