Re: [tor-relays] Performance issues/DoS from outgoing Exit connections

> Toralf Förster hat am 22.10.2022 22:40 CEST > geschrieben: > > IMO a "reload tor" is fully sufficient and should be preferrred over > "restart", or ? A "reload" will update the ExitPolicy, but not drain existing connections very quickly, at least on our servers. Feel free to use whatever

[tor-relays] Performance issues/DoS from outgoing Exit connections

Hello, on the evening of 2022-10-18, we (Artikel10) started getting alerts about our Tor servers, while our traffic declined sharply. When we investigated, we found that there were hundreds of thousands of TCP connections (per server) open to a single address, orders of magnitude more than

Re: [tor-relays] Next Tor Relay operator meetup + MCH activities

The Relay Operator Meetup will take place on Sunday, 21:00 at the c-base tent (please bring a chair): https://wiki.mch2022.org/Session:Tor_Relay_Operator_Meetup Kind regards, Alexander > gus hat am 22.07.2022 16:00 CEST geschrieben: > > > Hi everyone, > > This month we won't have our

Re: [tor-relays] Ripped off relay name

> Georg Koppen hat am 20.09.2021 18:38 geschrieben: > > This happens from time to time. It could be someone trying to > impersonate your relay. Feel free to contact > > bad-rel...@lists.torproject.org > > with your relay nickname/fingerprint and we can take care of that and > investigate.

Re: [tor-relays] ipv6 ORPort + DIRPort too ?

> Petrusko hat am 27.03.2021 11:05 geschrieben: > > Is it allowed to add something like this, to advertise on ipv6 too ?? : > DIRPort [::xxx:x::::xxx]:9030 You can only advertise one DirPort, according to "man tor": > all but one DirPort must have the NoAdvertise flag set

Re: [tor-relays] Active MetricsPort logs "Address already in use"

> David Goulet hat am 24.03.2021 13:07 geschrieben: > > At the moment, the only metrics exported are those of onion services. We still > need to implement exporting relay and client metrics. > > If you set an onion service, you should get more stuff :) else we have a bug! I just checked, an

Re: [tor-relays] Active MetricsPort logs "Address already in use"

> David Goulet hat am 22.03.2021 13:24 geschrieben: > > > Sending GET requests to the address returns empty responses. > > You should be able to get the metrics with a GET on /metrics. > > Let us know if this works for you! The empty 200 response is returned from "/metrics", I guess due to

[tor-relays] Active MetricsPort logs "Address already in use"

Hello, when I activate the "MetricsPort" feature, the Tor log reports that it is going to open the port, then it says "Address already in use". According to "netstat", the address is indeed in use, but by "tor". Sending GET requests to the address returns empty responses. Any ideas? Kind

Re: [tor-relays] IPv6 Support or Uptime?

Hi Josh, the Tor network is still mostly IPv4 (https://metrics.torproject.org/relays-ipv6.html), so I would say it's ok to turn IPv6 off on your relay for now, especially if there's a problem with stability. Kind regards, Alexander > Josh Lawson hat am 21.08.2020 00:59 > geschrieben:

Re: [tor-relays] Possible to run multiple tor instances from one machine?

> Imre Jonk hat am 13.08.2020 09:13 geschrieben: > > On Wed, 2020-08-12 at 22:42 -0700, Keifer Bly wrote: > > Is it possible to run more than one tor instance on the same machine? > > I imagine that something equally simple can be done for > systemd-based systems as well. > > Imre The Debian

Re: [tor-relays] Install on Tor on fresh Debian 10 failed (gpg key invalid)

Hi Olaf, this: > '2019-10-17 20:34:32 (1.01 MB/s) - > ‘A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc’ saved [19665/19665] looks like output from wget rather than curl. Is there some weird configuration calling wget instead of curl on your system? What do "alias curl" or "which curl" say? If I

Re: [tor-relays] obfs4 bridge stuck at 0% bootstrap

You can use "deb.torproject.org" in Raspbian: https://support.torproject.org/apt/tor-deb-repo/ > Volker Mink hat am 8. Oktober 2019 um 08:29 geschrieben: > > Could be, i am not so deep into this whole linux-magic. > Its raspian stretch with kernel 4.19.66 on a PI2B, which is -as far as

[tor-relays] A Tor association for Hamburg / Tor-Meetup Summary

Hi everyone, at our Tor meetup in August 2018 we announced plans to found a Hamburg-based Tor association, and now we did it: Artikel10 was established by 12 founding members on Friday evening! Our purpose is supporting secure communication media like Tor, as well as doing digital rights

[tor-relays] Tor Meetup in Hamburg, April 26th

English: We would like to invite people interested in the Tor project and relay operators in the Hamburg area to meet at University of Hamburg, Department of Computer Science. There will be an introduction to Tor, a Q session and a brief announcement about a newly founded Hamburg-based Tor

Re: [tor-relays] 35C3 Tor Relay Operators Meetup

Another update: we have moved the meetup to 2018-12-28 (Day 2), 12:00: https://events.ccc.de/congress/2018/wiki/index.php/Session:Tor_relay_operators_meetup Kind regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB On 2018-12-24 23:16, 35C3 35C3 wrote: On December 24,

Re: [tor-relays] Tor Meetup Hamburg, August 31st

On 2018-08-22 10:59, Alexander Dietrich wrote: When: Friday, August 31st, 6:00 PM Where: CCC Hamburg, Zeiseweg 9 ( https://hamburg.ccc.de/#wegbeschreibung ) WWW: https://hamburg.ccc.de/2018/08/20/tor-meet-up-beim-ccchh-index/ A few notes from the Meetup: There were about 15 participants

[tor-relays] Tor Meetup Hamburg, August 31st

Hi everyone, we would like to invite people interested in the Tor project and relay operators in the Hamburg area to meet at the CCC Hamburg. There will be an introduction to Tor, a Q session and a brief announcement about a future Hamburg-based Tor association. We would love for relay

Re: [tor-relays] ExtOrPort settings for obsf4, obfs3 and firewall

On 2018-07-31 16:27, Cristian Consonni wrote: so I am assuming that to test my bridge it is not sufficient to know which pluggable transport is running, the IP address and the port. I need the cert string and the iat-mode number. So, how can I found those values? And, most importantly, is this

Re: [tor-relays] ExtOrPort settings for obsf4, obfs3 and firewall

On 2018-07-23 16:03, Cristian Consonni wrote: ``` [notice] Registered server transport 'obfs4' at '[::]:46396' ``` Remember the random port associated to your bridge needs to be open for incoming connections. You can find it from the logs: it's 46396 in this example. --- I can assume that

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

On 2018-05-11 14:52, Ralph Seichter wrote: Assuming you can install whatever software you like, I recommend running your own instance of Unbound on your exit node machines. Current Unbound versions support DNSSEC validation, QNAME minimisation, etc. While using your ISP's resolvers works as a

Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation

On 2018-04-11 04:10, Paul Templeton wrote: When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if its working. Just to be safe, you could also check the rest of the dig output and /etc/resolv.conf (or

Re: [tor-relays] getrelays

If you are looking for bridge relays, please send email to brid...@torproject.org from a GMail, Yahoo or Riseup account. More information: https://bridges.torproject.org/ Kind regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB 34C3: +49464438299-5789 On 2017-12-23

Re: [tor-relays] ISP is aking me to send a selfie holding my identity card

On 2017-12-08 13:24, niftybunny wrote: >> On 8. Dec 2017, at 10:23, Alexander Dietrich <alexan...@dietrich.cx> wrote: >> >> I have no experience with Hetzner, but no ISP in Germany (or elsewhere) has >> ever asked me for a copy of my passport. I'd rathe

Re: [tor-relays] ISP is aking me to send a selfie holding my identity card

I have no experience with Hetzner, but no ISP in Germany (or elsewhere) has ever asked me for a copy of my passport. I'd rather spend my money elsewhere. (For German readers: it's illegal to create photocopies of the latest generation of ID cards, except for government agencies, banks and such,

Re: [tor-relays] Decline in relays

On 2017-10-24 03:30, nusenu wrote: It appears to have started earlier than July if you graph metrics' csv file for better granularity. Maybe somewhere in mid May 2017 (maybe when tor 0.2.9.x -> 0.3.0 started to spread? -> correlate it with the relays by version graph) I had a dead relay

Re: [tor-relays] Tor 0.3.1.7 - bug report

On 2017-10-21 01:25, diffusae wrote: Oct 21 01:09:10.000 [warn] tor_bug_occurred_: Bug: src/common/compress.c:576: tor_compress_process: Non-fatal assertion !((rv == TOR_COMPRESS_OK) && *in_len == in_len_orig && *out_len == out_len_orig) failed. (on Tor 0.3.1.7 6babd3d9ba9318b3) Oct 21

Re: [tor-relays] Tor relay operators at SHA2017 ?

There is a self-organized session now: https://wiki.sha2017.org/w/Session:Tor_Relay_Operators_Meetup Cheers, Alexander Sent from my toasterOn Aug 5, 2017 5:46 PM, Alexander Færøy wrote: > > On 1 August 2017 at 21:24, Schroedinger wrote: > > if

Re: [tor-relays] Problem starting 0.3.0.7 on Ubuntu?

On 2017-05-22 10:23, nusenu wrote: Please post your configuration file /etc/tor/torrc (without sensitive content like password hashes) It's not very exciting, with all comments removed: -- HeartbeatPeriod 1 hours SOCKSPort 0 HiddenServiceDir /var/lib/tor/SERVICE_NAME/

Re: [tor-relays] Problem starting 0.3.0.7 on Ubuntu?

On 2017-05-22 04:07, teor wrote: The permissions on /var/lib/tor/SERVICE_NAME/ are "rwx--S---" and it's owned by debian-tor, which worked for 0.2.9.10. What user is your tor process running as? The Ubuntu packages from d.t.o run Tor as "debian-tor". I would expect 0.3.0.7 to do the same,

[tor-relays] Problem starting 0.3.0.7 on Ubuntu?

Hello, did anyone else run into a problem when upgrading from 0.2.9.10 to 0.3.0.7 on Ubuntu? Tor is no longer starting, with these messages in syslog: [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". [notice] Read configuration file "/etc/tor/torrc". [warn]

Re: [tor-relays] Raspberry Pi + Raspbian GNU/Linux 8.0 (jessie) + bind errors

On a Pi 3 the official packages seem to work, so you can simply follow the instructions on the Tor website: https://www.torproject.org/docs/debian.html.en Use "Option two" and ignore the "Raspbian is not Debian" paragraph. Best regards, Alexander --- PGP Key: https://dietrich.cx/pgp |

[tor-relays] Current pluggable transport recommendation

Hi, the obfs2 pluggable transport was deprecated a while ago since it was easy to detect, but obfs3 was still considered safe, IIRC. Has anything changed here? I was just wondering if new bridges should only run obfs4, or if it's fine to run obfs3 at the same time. Best regards, Alexander

Re: [tor-relays] EOMA68 as a platform for trustworthy computing? / was: Exploiting firmware

Can you please move these discussions to a more appropriate mailing list (i.e. tor-talk or maybe tor-dev)? Thank you, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB On 2016-12-08 12:11, Christian Pietsch wrote: On Thu, Dec 08, 2016 at 10:41:46AM +0500, Roman Mamedov

Re: [tor-relays] Wrong mode on /var/run/tor

On 2016-08-31 14:33, Peter Palfrader wrote: On Wed, 31 Aug 2016, Alexander Dietrich wrote: When I checked, the /var/run/tor directory had the mode "rwxr-sr-x". After removing the permissions for "other", tor started without problems. This most likely means that you

[tor-relays] Wrong mode on /var/run/tor

Hello, I just had a tor instance exit with these error messages: [warn] Failed to parse/validate config: Failed to bind one of the listener ports. [err] Reading config failed--see warnings above. For usage, try -h. [warn] Restart failed (config error?). Exiting. Above that, the log contains

[tor-relays] ExoneraTor down

Hi, I just tried to use ExoneraTor, but it seems to be down: https://exonerator.torproject.org/ Best regards, Alexander -- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB ___ tor-relays mailing list tor-relays@lists.torproject.org

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

Actually not - you are right Alexander! But then the question are: - why do I need a user "_tor-tor" since the last update, when I didn’t need that before - why is it not self creating - what do I have to do - really creating "_tor-tor" with the same privileges as "_tor-tor2"? Thank

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

The error message "Ungültiger Anwender „_tor-tor“" appears several times in your log, while there are no error messages about user "_tor-tor2". Does the first user exist? Best regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB On 2016-08-06 14:56, pa011 wrote: Thank

Re: [tor-relays] Search warrant and house search because of an exit in DE

On 2016-05-01 11:35, Toralf Förster wrote: On 05/01/2016 01:20 AM, Moritz Bartl wrote: Maybe it is simply too crazy for many jurisdictions to believe, but police in Germany in most cases actually treats you well and is not your enemy. There's no point in turning every occasion into a combat

Re: [tor-relays] Subpoena received

Sounds like they don't know what Tor is, or they didn't notice your host is a Tor exit node. Might be a good idea to address both issues by sending them a link to the Tor documentation and configuring a better reverse DNS record for your IP address. Best regards, Alexander --- PGP Key:

Re: [tor-relays] simple relay setup

If you want this to run mostly hands-off, please install and properly configure the Debian package unattended-upgrades. Make sure all the packages on the system are updated automatically, not only Tor! Verify that this actually happens. (One thing I learned in the past is that without the

Re: [tor-relays] keeping tor relays operational

at 12:12, Alexander Dietrich alexan...@dietrich.cx wrote: On Ubuntu, service tor reload should also work. There's not a lot you can do about updates that require a restart (other than to restart). You can automate the restarts though, install unattended-upgrades and update-notifier-common

Re: [tor-relays] keeping tor relays operational

On Ubuntu, service tor reload should also work. There's not a lot you can do about updates that require a restart (other than to restart). You can automate the restarts though, install unattended-upgrades and update-notifier-common, then check out the config files in /etc/apt/apt.conf.d.

Re: [tor-relays] PGP-Key for Debian Repo

On 2015-03-12 18:55, Sven Reissmann wrote: strange ~ # ping keys.gnupg.net PING pool.sks-keyservers.net (144.76.120.109) 56(84) bytes of data. 64 bytes from encrypt.to (144.76.120.109): icmp_req=1 ttl=56 time=6.71 ms 64 bytes from encrypt.to (144.76.120.109): icmp_req=2 ttl=56 time=6.84 ms

Re: [tor-relays] [tor-assistants] Running obfs4proxy on Debian Stable

://trac.torproject.org/projects/tor/ticket/13716 Best regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B On 2015-02-21 14:23, Alexander Dietrich wrote: A couple of posts later in that thread, Lunar points out that obfs4proxy is in the Tor Project's package repo: http

Re: [tor-relays] [tor-assistants] Running obfs4proxy on Debian Stable

| 0x727A756DC55A356B On 2015-02-17 02:09, isis wrote: Alexander Dietrich transcribed 0.9K bytes: Ok, I'll bite: what would somebody have to know to make this happen? I know nothing of Ubuntu's policies for package inclusion in their distribution channels; you might try asking their developers. However

Re: [tor-relays] [tor-assistants] Running obfs4proxy on Debian Stable

/f7RYslrMHfkqIQSCtulIq3fI7CQpFjtoRYCfcG5nF0IziU3lHB0cRB7uL0n zKwPYW3CiQz0O8HDCg0sdp1iuYr6yahr1WsnpBoc1AGWASTqdVgRELXHgCL6 ZMyT =FL9d -END PGP SIGNATURE- On 3 February 2015 at 18:33, Alexander Dietrich alexan...@dietrich.cx wrote: Is it possible to install the obfs4proxy package securely

Re: [tor-relays] Relay operators: help improve this hardening document?

On 2015-02-06 18:08, Andreas Krey wrote: Hmm, perhaps I should get my credit card and see how the amazon cloud tor nodes are preconfigured. ;-) You can check it out here (if that's the correct repository): https://gitweb.torproject.org/tor-cloud.git/tree/ec2-prep.sh On the other hand, if

Re: [tor-relays] High speed exit question

In case you haven't already seen it, you should only run two Tor processes per IP address: https://www.torservers.net/wiki/setup/server#multiple_tor_processes Best regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B On 2015-01-02 17:06, Kura wrote: Thanks

Re: [tor-relays] Tor Relay Operators Meetup at 31c3 - 28.12. 14:15

Will you post a summary to this list afterwards? I only run a non-exit-relay (and there's a scheduling conflict with Food Hacking Base, sigh), but would definitely like to know what's up (if there's anything still up at that point, ha ha). Thanks, Alexander --- PGP Key:

Re: [tor-relays] Time information

On 2014-09-05 03:43, grarpamp wrote: I wonder how to get them to notice more consistently? Simple, either mail their contact (if any) and they fix it, or blacklist their fingerprints. There is no reason any relay should not be able to sync time. Other possibilities: - extend the Tor

Re: [tor-relays] OnionTip.com distributes Bitcoin donations to all BTC addresses set in ContactInfo

On 2014-08-14 23:46, Tim wrote: Also not being a lawyer, if BTC isn't legal tender in your country (if such a concept exists), are you really accepting money? I guess a more precise description would involve the words monetary value. But again, I'm not a lawyer, that's why I asked. Using

Re: [tor-relays] OnionTip.com distributes Bitcoin donations to all BTC addresses set in ContactInfo

On 2014-08-14 10:25, Mike Cardwell wrote: On the other hand. It costs you nothing to stick a bitcoin address in a config file to find out. Not being a lawyer, does accepting money for running a Tor relay make it a commercial operation (in some countries) and put you in a different legal

Re: [tor-relays] Init.d script for two simultaneous Tor instances

AFAIK, arm connects to the control port of a single instance at a time. You would have to configure different ControlPort settings for each instance and connect to them one by one. I posted this multi-instance script a short while ago: https://gist.github.com/7adietri/9122199 It's very close

Re: [tor-relays] any action required for AWS cloud relays?

The Tor Cloud AMIs (if that's what you're using) are configured to auto-update and restart if necessary. But it probably can't hurt to check that you have the fixed OpenSSL package. Best regards, Alexander --- PGP Key: 0xC55A356B | https://dietrich.cx/pgp On 2014-04-09 20:05, lee

Re: [tor-relays] new fingerprint after update

Is it possible that either the DataDirectory setting changed due to the update or the directory content? Best regards, Alexander --- PGP Key: 0xC55A356B | https://dietrich.cx/pgp On 2014-03-22 15:26, Oliver Schönefeld wrote: Hi guys, i updated from Tor 0.2.3.25 (relay

Re: [tor-relays] tor relay recommended upgrade procedure?

You should probably use the Tor project's package repository. See this page for details: https://www.torproject.org/docs/debian.html.en#ubuntu Best regards, Alexander --- PGP Key: 0xC55A356B | https://dietrich.cx/pgp On 2014-03-18 13:57, Zenaan Harkness wrote: Currently running Debian's

Re: [tor-relays] Named status

It's managed by a script and a few rules: https://tor.stackexchange.com/questions/1032/when-does-a-relay-get-the-named-flag So, any day now? Best regards, Alexander --- PGP Key: 0xC55A356B | https://dietrich.cx/pgp On 2014-02-26 17:45, John Ricketts wrote: All, At what point does the router

[tor-relays] Multi-instance Tor init script

Hello, the recent thread on this topic prompted me to make a multi-instance init script: https://gist.github.com/7adietri/9122199 It's basically the current official init script and torservers.net's instances mechanism frankensteined together. Maybe other people will find it useful too.

Re: [tor-relays] Trying Trusted Tor Traceroutes

Hi, I've seen this error message twice now within about 12 hours: ssh_exchange_identification: Connection closed by remote host If I read the script correctly, it tries to upload the data and then deletes it without checking for successful upload. Since the data is probably lost, should I

Re: [tor-relays] Relay bandwidth

Those settings are kilobyte per second, so you're currently allowing 4 megabit per second as burst. So unless there's many concurrent 2 Mbps connections, sounds ok. Best regards, Alexander --- PGP Key: 0xC55A356B | https://dietrich.cx/pgp On 2014-02-08 15:28, Tora Tora Tora wrote: I have

[tor-relays] How effective is NumCPUs?

Hello, a relay I'm running is currently at about 0.80 load average. It has a dual-core CPU and I have configured NumCPUs 2. I'm still in the process of finding the bandwidth limit. Should I keep increasing RelayBandwidthRate on the single Tor process, or is it a better idea to start a

Re: [tor-relays] How effective is NumCPUs?

://dietrich.cx/pgp On 2014-01-24 10:49, Alexander Dietrich wrote: Hello, a relay I'm running is currently at about 0.80 load average. It has a dual-core CPU and I have configured NumCPUs 2. I'm still in the process of finding the bandwidth limit. Should I keep increasing RelayBandwidthRate on the single Tor

Re: [tor-relays] Relay, bridge, and family members

://dietrich.cx/pgp On 2014-01-15 18:29, Patrick ZAJDA wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Alexander, Yes, I was talking about the MyFamily setting. So I'll only put the relay in the bridge configuration. Thanks, Patrick Le 15/01/2014 17:59, Alexander Dietrich a écrit

Re: [tor-relays] [Feedback?] Multiple Tor processes on one host

I wrote a short HowTo on running multiple Tor processes on one host [1]. Feedback and improvements are greatly appreciated! Johannes Link(s): [1]: https://gist.github.com/wargh/8271499 Sounds pretty straight-forward to me! A few things: - Line 15: do you really need 5 IP addresses for 4