Re: [tor-relays] Experimental DoS mitigation is in tor master - log entry

Hi everbody Am 31-Jan-18 um 10:16 schrieb Roger Dingledine: > now is a great time to try it and let us know of > problems and/or successes. Currently just success. NTor is still pretty high, circuits and TAP 'normal'. cpu is difficult to say, still pumping lots of circuits anyway. Settings are

Re: [tor-relays] #25110: warn on missing MyFamily

> On 1 Feb 2018, at 11:36, nusenu wrote: > >>> If you are the relay operator, please set a working contactInfo and proper >>> MyFamily configuration >>> and drop an email to bad-rel...@lists.torproject.org. >> >> We added this advice to the man page in 0.3.2.9. > >

Re: [tor-relays] What's the priority right now?

Conrad Rockenhaus: > I’m ready to get node #3 up right now…so what’s the priority for high speed > nodes right now, exits or relays? Just wanted to know before I brought it > online. > > This one is based in the great land of Canada :D. If you can, run exit relays, there are less exits than

Re: [tor-relays] What's the priority right now?

I'd say exit :-) > On Jan 31, 2018, at 18:59, Conrad Rockenhaus wrote: > > I’m ready to get node #3 up right now…so what’s the priority for high speed > nodes right now, exits or relays? Just wanted to know before I brought it > online. > > This one is based in the

[tor-relays] What's the priority right now?

I’m ready to get node #3 up right now…so what’s the priority for high speed nodes right now, exits or relays? Just wanted to know before I brought it online. This one is based in the great land of Canada :D. Thanks, Conrad ___ tor-relays mailing

Re: [tor-relays] #25110: warn on missing MyFamily

>> If you are the relay operator, please set a working contactInfo and proper >> MyFamily configuration >> and drop an email to bad-rel...@lists.torproject.org. > > We added this advice to the man page in 0.3.2.9. #24526 did not make it into 0.3.2.9 but it will be in the next 0.3.2.x release.

Re: [tor-relays] 75 Exit Relays (48 currently running) - AS 197226 SPRINT SA (PL) - No Contact/MyFamily

> On 1 Feb 2018, at 05:31, nusenu wrote: > > If you are the relay operator, please set a working contactInfo and proper > MyFamily configuration > and drop an email to bad-rel...@lists.torproject.org. We added this advice to the man page in 0.3.2.9. But many people

Re: [tor-relays] 0.3.2.9 not reporting bandwidth in atlas

> Is it me or is there some issue. > Since I've upgraded to version 0.3.2.9 there has been no update to the bandwidth graphs. It is not only you. The metrics for bandwidth are not being reported as often anymore for privacy reasons - in particular for protecting identities of onion guards. Trac

Re: [tor-relays] 0.3.2.9 not reporting bandwidth in atlas

Paul Templeton: > Is it me or is there some issue. > Since I've upgraded to version 0.3.2.9 there has been no update to the > bandwidth graphs. see: https://lists.torproject.org/pipermail/tor-relays/2018-January/014254.html -- https://mastodon.social/@nusenu twitter: @nusenu_

[tor-relays] 0.3.2.9 not reporting bandwidth in atlas

Is it me or is there some issue. Since I've upgraded to version 0.3.2.9 there has been no update to the bandwidth graphs. family:867B95CACD64653FEEC4D2CEFC5C49B4620307A7 Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

On Wed, Jan 31, 2018 at 3:08 PM, Vinícius Zavam wrote: > what about those using *only* > PGP key fingerprints as ContactInfo? valid keys, publicly available (with > working email address, and personal info from the admin). > > will these relays be removed from the network,

Re: [tor-relays] Experimental DoS mitigation is in tor master

On 01/31/2018 10:16 AM, Roger Dingledine wrote: > the sort who enjoys running code from git, now is a great time to try it > and let us know of problems and/or successes. > tor-0.3.3.1-alpha-58-ga846fd267 is bad here, the inbound connections stays at 5-10 tor-0.3.3.1-alpha-42-g2294e330b works

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

Vinícius Zavam: > considering that MyFamily is perfectly fine, what about those using *only* > PGP key fingerprints as ContactInfo? valid keys, publicly available (with > working email address, and personal info from the admin). > > will these relays be removed from the network, or tagged as

Re: [tor-relays] Experimental DoS mitigation is in tor master

On 01/31/2018 08:57 PM, Tyler Johnson wrote: > with or without additional firewall *with* additional firewall rules currently. -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

On Jan 11, 2018 19:09, "nusenu" wrote: Hi, hi, I'd like to highlight that today the following two sentences requiring ContactInfo and MyFamily for operators running multiple relays got added to the tor manual page [1]: > ContactInfo **must** be set to a working

Re: [tor-relays] Experimental DoS mitigation is in tor master

at a first glance master (tor-0.3.3.1-alpha-42-g2294e330b) works like a charm here at a hardened stable Gentoo with vanilla kernel 4.14.16 at both Tor exit relays Is that with or without additional firewall rules to combat the abundant connection issues?

Re: [tor-relays] Experimental DoS mitigation is in tor master

On 01/31/2018 10:16 AM, Roger Dingledine wrote: > but if you're > the sort who enjoys running code from git, now is a great time to try it > and let us know of problems and/or successes. at a first glance master (tor-0.3.3.1-alpha-42-g2294e330b) works like a charm here at a hardened stable Gentoo

[tor-relays] 75 Exit Relays (48 currently running) - AS 197226 SPRINT SA (PL) - No Contact/MyFamily

Dear anonymous relay operator, thank you for adding so many exit relays this month in AS 197226 SPRINT SA (PL) (netblocks 185.234.218.x and 77.87.79.x) we would really like to keep these relays on the network, but they do not have any contact information and MyFamily configuration set - which is

Re: [tor-relays] High number of simultaneous connections from a single host

> > > > However I'm still interested in how to block this kind of abuse outside of > tor > itself. I'm looking to implement some iptables limiting and I'm wondering > how > the limits should be so that I don't deny normal tor traffic. > > Would a 10 connections per IP limit be OK? Should be higher

Re: [tor-relays] High number of simultaneous connections from a single host

În ziua de miercuri, 31 ianuarie 2018, la 17:32:15 EET, Roger Dingledine a scris: > On Wed, Jan 31, 2018 at 05:21:38PM +0200, zless wrote: > > I was inspecting my node and just saw that it has a very high number of > > connections. > > > > It jumped from the normal 6000-7000 to more than 17000

Re: [tor-relays] High number of simultaneous connections from a single host

> I was inspecting my node and just saw that it has a very high number of > connections. > > It jumped from the normal 6000-7000 to more than 17000 simultaneous > connections. > > Looking at the connections with `ss` I see some hosts with over 1000 > connections while the majority is usually

Re: [tor-relays] High number of simultaneous connections from a single host

On Wed, Jan 31, 2018 at 05:21:38PM +0200, zless wrote: > I was inspecting my node and just saw that it has a very high number of > connections. > > It jumped from the normal 6000-7000 to more than 17000 simultaneous > connections. > > Looking at the connections with `ss` I see some hosts with

[tor-relays] High number of simultaneous connections from a single host

Hello everyone, I was inspecting my node and just saw that it has a very high number of connections. It jumped from the normal 6000-7000 to more than 17000 simultaneous connections. Looking at the connections with `ss` I see some hosts with over 1000 connections while the majority is usually

Re: [tor-relays] Tor uses up all available memory and eventually quits

Thank you to all who responded to my question! The memory issue seems to be fixed now, and I would like to share what worked (and what didn’t). I first tried setting MaxMemInQueues to 512, then 384, while still running Tor 0.2.5.16. This didn’t help. Adding the option DisableOOSCheck 0 caused

Re: [tor-relays] unreplied conntrack sessions

> > It is probably still the best solution to change provider - if you are > still considering it. > Yep, changing provider is 98% complete. I have a new instance running at online.net since last night: https://atlas.torproject.org/#details/45A9735BE83ECE864B23621B8D266E6A1AEA96F6 Q --

Re: [tor-relays] Experimental DoS mitigation is in tor master

teor: > > >> On 31 Jan 2018, at 20:37, nusenu wrote: >> >>> We've merged https://bugs.torproject.org/24902 into tor git master. >>> ... > > If you compile using clang, there are some warnings that appear to be > harmless: >

Re: [tor-relays] Experimental DoS mitigation is in tor master

> On 31 Jan 2018, at 20:37, nusenu wrote: > >> We've merged https://bugs.torproject.org/24902 into tor git master. >> ... If you compile using clang, there are some warnings that appear to be harmless: https://trac.torproject.org/projects/tor/ticket/25094 The overall

Re: [tor-relays] Experimental DoS mitigation is in tor master

nusenu: > And packages for Debian-based OSes are probably in the next nightly master > builds > available at https://deb.torproject.org/torproject.org/dists/ I just added support for tor nightly build repos to ansible-relayor (Debian/Ubuntu only), to make it very easy to test bleeding edge

Re: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network

Roger Dingledine: > On Wed, Jan 31, 2018 at 11:41:00AM +, nusenu wrote: >>> Comment (by arma): >>> >>> I continue to think that teaching exit relays to avoid allowing exit >>> connections to known relays (IP:ORPort) is a good and useful step. >>> >>> We keep running across messy

Re: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network

On Wed, Jan 31, 2018 at 11:41:00AM +, nusenu wrote: > > Comment (by arma): > > > > I continue to think that teaching exit relays to avoid allowing exit > > connections to known relays (IP:ORPort) is a good and useful step. > > > > We keep running across messy situations where letting

[tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network

> Comment (by arma): > > I continue to think that teaching exit relays to avoid allowing exit > connections to known relays (IP:ORPort) is a good and useful step. > > We keep running across messy situations where letting somebody connect to > a relay from an exit relay's IP address turns

Re: [tor-relays] Experimental DoS mitigation is in tor master

Woo, for sure! > On Jan 31, 2018, at 03:16, Roger Dingledine wrote: > > Hi folks, > > Thanks for your patience with the relay overload issues. > > We've merged https://bugs.torproject.org/24902 into tor git master. We'll > be putting out an 0.3.3.2-alpha release in not too long

Re: [tor-relays] unreplied conntrack sessions

>> On 31 Jan 2018, at 05:54, Quintin wrote: >> >> nusenu wrote: >>> If your hoster suspends your server if you exceed 10k concurrent connections >>> I'm afraid it is probably not suitable for an exit relay >> >> The response from the hoster was: >>> Your server

Re: [tor-relays] Experimental DoS mitigation is in tor master

> Thanks for your patience with the relay overload issues. > > We've merged https://bugs.torproject.org/24902 into tor git master. We'll > be putting out an 0.3.3.2-alpha release in not too long for wider testing, > and eventually backporting it all the way back to 0.2.9, but if you're > the sort

[tor-relays] Experimental DoS mitigation is in tor master

Hi folks, Thanks for your patience with the relay overload issues. We've merged https://bugs.torproject.org/24902 into tor git master. We'll be putting out an 0.3.3.2-alpha release in not too long for wider testing, and eventually backporting it all the way back to 0.2.9, but if you're the sort