Re: [tor-relays] DoS attacks on multiple relays

> connlimit per /24. it does more good than evil. Any guidance on the specifics? Like how many concurrent connections to allow per /24? Not sure what's expected from legitimate user traffic through the relay... don't want to make things worse. ___ tor-re

[tor-relays] UbuntuCore stats update

Hi all. I generate* the packages that make up those UbuntuCore relays and bridges you hear about some time in here. I intended it to be a low-friction way normal joes can help Tor. There have been a good number of volunteers. The automatic-update system of Snap means the security update of a few

Re: [tor-relays] DoS attacks on multiple relays

> Hi null > > Am 04-Dec-17 um 20:40 schrieb null: ... > Heavy action can be you purge them or tcpdrop(8) before they hurt. Or > connection limit by ip per firewall. > connlimit per /24. it does more good than evil. cheers x9p ___ tor-relays mailing

Re: [tor-relays] So long and thanks for all the abuse complaints

>> On Mon, Dec 4, 2017 at 10:57 AM, Ralph Seichter >> wrote: >>> On 04.12.17 11:59, James wrote: >>> >>> As a private individual, after just receiving my 4th abuse complaint >>> in as many days it's time to stop running my exit node. >> >> I've had an ongoing debate with a hosting service over

Re: [tor-relays] DoS attacks on multiple relays

Hi null Am 04-Dec-17 um 20:40 schrieb null: > $ ss -s > Total: 15855 (kernel 0) > TCP: 24520 (estab 23969, closed 305, orphaned 31, synrecv 0, timewait > 261/0), ports 0 imho the attempts have tcp state. I experienced similar from a minor number of non relays. It seems like you gather too many

Re: [tor-relays] So long and thanks for all the abuse complaints

On Mon, Dec 04, 2017 at 02:57:25PM -0500, Jonathan Proulx wrote: :The only reply ever required is a form letter stating this is a Tor :exit, here's a link to how to block tor exits if that's what you want. I recognize this doesn't help with "meta-complaints" from hosting providers, but has worked

Re: [tor-relays] So long and thanks for all the abuse complaints

On Mon, Dec 04, 2017 at 01:55:56PM -0500, Zack Weinberg wrote: :For the record, those daily complaints about abusive SSH scanning were :serious reports requiring a reply. And they were not all from the :same source. The only reply ever required is a form letter stating this is a Tor exit, here's

[tor-relays] DoS attacks on multiple relays

Hi, We're experiencing what looks like a DoS attack on multiple relays in our family: https://atlas.torproject.org/#search/family:CBEAE10CBBB86C51059246B2EF92EB2CB4E111BC The relays are currently running Tor 0.3.1.9 on Linux kernel 4.4.0 (although when the problem started the relays were running

Re: [tor-relays] So long and thanks for all the abuse complaints

On 04.12.17 20:00, Iain Learmonth wrote: > I do wonder how much of this is related to the scarcity of IPv4 > address space, prevalence of reputation systems and fear of ending > up being labeled as "bad". I remember that last year I was notified by said hoster that the IP address of one of my exi

Re: [tor-relays] So long and thanks for all the abuse complaints

Zack Weinberg: > On Mon, Dec 4, 2017 at 1:00 PM, s7r wrote: >> Zack Weinberg wrote: >>> With my exit node operator hat on, I too would like to see some sort >>> of port-scanning prevention built into the network. In my case, I had >>> to turn off exiting to the SSH port because we were getting da

Re: [tor-relays] So long and thanks for all the abuse complaints

Hi, On 04/12/17 18:19, Ralph Seichter wrote: > This is not about third party X complaining to the hoster about their > network being scanned. The hoster itself is automatically monitoring all > their machines for outgoing network scans, as these scans are prohibited > by their terms of use. I do

Re: [tor-relays] So long and thanks for all the abuse complaints

On Mon, Dec 4, 2017 at 1:00 PM, s7r wrote: > Zack Weinberg wrote: >> With my exit node operator hat on, I too would like to see some sort >> of port-scanning prevention built into the network. In my case, I had >> to turn off exiting to the SSH port because we were getting daily >> complaints abo

Re: [tor-relays] So long and thanks for all the abuse complaints

On 04.12.2017 19:00, s7r wrote: > > I've had an ongoing debate with a hosting service over a fresh exit > > node being abused for network scans (ports 80 and 443) almost hourly > > for the last few days. > > This is just a defective policy of that hoster. If a hoster goes mad > because it receives

Re: [tor-relays] So long and thanks for all the abuse complaints

Op 04/12/2017 om 13:39 schreef teor: > > On 4 Dec 2017, at 22:18, Tom van der Woerdt > wrote: > >> Hi James, >> >> Have you considered running a super restrictive exit policy? I had the >> same trouble you have, with EFF's restrictive exit policy. So I wrote my >> own, which

Re: [tor-relays] So long and thanks for all the abuse complaints

Zack Weinberg wrote: > On Mon, Dec 4, 2017 at 10:57 AM, Ralph Seichter > wrote: >> On 04.12.17 11:59, James wrote: >> >>> As a private individual, after just receiving my 4th abuse complaint >>> in as many days it's time to stop running my exit node. >> Thanks for running the exit and I am sorry

Re: [tor-relays] So long and thanks for all the abuse complaints

On Mon, Dec 4, 2017 at 10:57 AM, Ralph Seichter wrote: > On 04.12.17 11:59, James wrote: > >> As a private individual, after just receiving my 4th abuse complaint >> in as many days it's time to stop running my exit node. > > I've had an ongoing debate with a hosting service over a fresh exit node

Re: [tor-relays] So long and thanks for all the abuse complaints

On 04.12.17 11:59, James wrote: > As a private individual, after just receiving my 4th abuse complaint > in as many days it's time to stop running my exit node. I've had an ongoing debate with a hosting service over a fresh exit node being abused for network scans (ports 80 and 443) almost hourly

Re: [tor-relays] So long and thanks for all the abuse complaints

I so far have got away with no abuse with quite a wide range of ports open, avoiding obvious abuse ports and only allowing port 80 to a single Class A, chosen belonging to a benign country/service: x.x.x.x/8:80Gets the server listed as an exit. I have not seen, via arm, anyone use port 80

Re: [tor-relays] So long and thanks for all the abuse complaints

I was only allowing 80 and 443 anyway. https://atlas.torproject.org/#details/7723B1B4B2B4D9D161209F770079A6F0A5A929BC J ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Save the date! Thursday, Dec 07 - Tor Meetup in NYC

On 12/1/17 18:11, Eran Sandler wrote: > Any meetups in the bay area happening any time soon? > > Eran > Not that I know of. isabela ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-re

Re: [tor-relays] So long and thanks for all the abuse complaints

On Mon, Dec 4, 2017 at 12:39 PM, teor wrote: > Blocking port 80 isn't safe for users: it doubles the number of exits that > they must use, which doubles their risk of a malicious exit. The risk of using port 443 is much lower than the risk of using port 80, because information passed through 443

Re: [tor-relays] So long and thanks for all the abuse complaints

> On 4 Dec 2017, at 22:18, Tom van der Woerdt wrote: > > Hi James, > > Have you considered running a super restrictive exit policy? I had the > same trouble you have, with EFF's restrictive exit policy. So I wrote my > own, which also blocks port 80: > > ExitPolicy accept *:443 > ExitPolicy ac

Re: [tor-relays] So long and thanks for all the abuse complaints

Hi James, Have you considered running a super restrictive exit policy? I had the same trouble you have, with EFF's restrictive exit policy. So I wrote my own, which also blocks port 80: ExitPolicy accept *:443 ExitPolicy accept *:6667 ExitPolicy accept *:7000 ExitPolicy accept *:5222 ExitPolicy a

[tor-relays] So long and thanks for all the abuse complaints

As a private individual, after just receiving my 4th abuse complaint in as many days it's time to stop running my exit node. Prior to today I'd receive on average 1-2 complaints a month (I had a fairly strict exit policy). It saddens me that I have to shut it down, especially as it's one of very fe