Re: [tor-relays] Publishing bridge contact information

2018-03-04 Thread Roger Dingledine
On Tue, Feb 20, 2018 at 05:51:44PM +0100, Karsten Loesing wrote: > FWIW, we collected all feedback from this thread, discussed this change > in the metrics team, and forwarded our planned change to the Tor > Research Safety Board. I don't know how fast that will move, but I could > imagine it's a m

[tor-relays] Disk encryption for relays [was: FreeBSD 11.1 ZFS Tor Image]

2018-03-02 Thread Roger Dingledine
On Tue, Feb 27, 2018 at 12:09:36PM -0500, Otheontelth wrote: > Why would it be important to encrypt the storage of your tor server? > For me this looks like it only complicates things if law enforcement wants > to take a look at your server and the cloud provider should be able to break > the en

Re: [tor-relays] less than 3 bw auths available: self-measurement (with 10k cap in effect)

2018-03-02 Thread Roger Dingledine
On Tue, Feb 27, 2018 at 02:02:19PM -0500, Roger Dingledine wrote: > Yep! We had 4 running, but 2 of them had problems, and we need 3 > for the authorities to want to use the values from them. > > moria1 is one that had problems, so I'm hoping to have that resolved > shortly.

Re: [tor-relays] Port not rechable

2018-03-02 Thread Roger Dingledine
On Fri, Mar 02, 2018 at 07:42:11PM +, Matthew Finkel wrote: > Are you running this relay at your home? If yes, then that is not > recommended, but For the record, it's running *exit* relays at home that is not recommended. Running non-exit relays at home is typically fine -- the most likely pr

Re: [tor-relays] less than 3 bw auths available: self-measurement (with 10k cap in effect)

2018-02-27 Thread Roger Dingledine
On Tue, Feb 27, 2018 at 06:47:00PM +, nusenu wrote: > Hi, > > if your relays behave strangely in terms of bandwidth seen, than this > might be due to the fact that there are less than 3 bw auth votes available. > > If you run a fast relay it is capped to 10k cw. > > This affects currently t

Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests

2018-02-21 Thread Roger Dingledine
On Wed, Feb 21, 2018 at 01:13:00PM +, Vasilis wrote: > I see a number of warning log messages on a dedicated server: > [WARN] Your computer is too slow to handle this many circuit creation > requests! You get that warning message when there are too many create cells coming in, and your relay

Re: [tor-relays] New Relay

2018-02-18 Thread Roger Dingledine
On Sun, Feb 18, 2018 at 04:41:42PM +, Gary wrote: > My 2nd relay has a dirport set, 9030, it does not seem to be listed as a > dir authority yet, is this again because of the new relay thing (wait a few > weeks for it to be measured)? Two answers: (1) If you set AccountingMax, or if you have

Re: [tor-relays] torservers are not rechable

2018-02-11 Thread Roger Dingledine
On Sun, Feb 11, 2018 at 04:24:26PM +0100, TorGate wrote: > Hi to all, > i have started my servers again and changed the wan ip adress. > But the servers have the old ip after uptime of 2 times. > Can i update manualy the wan ips ? > The dns names are changed to the new ipadresses. Thanks for runni

Re: [tor-relays] Exits lost their function

2018-02-11 Thread Roger Dingledine
On Sun, Feb 11, 2018 at 11:55:44AM +0100, Paul wrote: > > (A) Correct, we recently changed it so both 80 and 443 are required: > > https://bugs.torproject.org/23637 > > Thank you for that explanation - how long should it take to get the >exit flag back when opening port 80 ? How long *should* it

Re: [tor-relays] Exits lost their function

2018-02-10 Thread Roger Dingledine
On Sat, Feb 10, 2018 at 11:37:00PM +, nusenu wrote: > | 0.3.1.9 | Bifroest | > | 0.3.2.9 | bastet | bridge dirauth Careful, it's Bifroest that's the bridge auth. bastet is just a normal v3 auth. > I'm curious: > Why did this change come into effect after only 3/9 hav

Re: [tor-relays] Exits lost their function

2018-02-09 Thread Roger Dingledine
On Fri, Feb 09, 2018 at 07:37:09PM +0100, niftybunny wrote: > Minimum is: > > accept *:53 > accept *:80 > accept *:443 (A) Correct, we recently changed it so both 80 and 443 are required: https://bugs.torproject.org/23637 (B) Port 53 has nothing to do with the exit flag, and it goes mostly unuse

Re: [tor-relays] High number of simultaneous connections from a single host

2018-01-31 Thread Roger Dingledine
On Wed, Jan 31, 2018 at 05:21:38PM +0200, zless wrote: > I was inspecting my node and just saw that it has a very high number of > connections. > > It jumped from the normal 6000-7000 to more than 17000 simultaneous > connections. > > Looking at the connections with `ss` I see some hosts with o

Re: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network

2018-01-31 Thread Roger Dingledine
On Wed, Jan 31, 2018 at 11:41:00AM +, nusenu wrote: > > Comment (by arma): > > > > I continue to think that teaching exit relays to avoid allowing exit > > connections to known relays (IP:ORPort) is a good and useful step. > > > > We keep running across messy situations where letting someb

[tor-relays] Experimental DoS mitigation is in tor master

2018-01-31 Thread Roger Dingledine
Hi folks, Thanks for your patience with the relay overload issues. We've merged https://bugs.torproject.org/24902 into tor git master. We'll be putting out an 0.3.3.2-alpha release in not too long for wider testing, and eventually backporting it all the way back to 0.2.9, but if you're the sort w

Re: [tor-relays] A lot of Warn messages when bootstrapping Tor 0.3.2.9 (stable)

2018-01-28 Thread Roger Dingledine
On Fri, Jan 26, 2018 at 08:16:20PM +1100, teor wrote: > Your relay has probably chosen some overloaded guards. > The problem comes from the extra load on those machines, not your relay. > Your relay will eventually try other guards. > > > Jan 25 18:31:54.000 [warn] Problem bootstrapping. Stuck at

Re: [tor-relays] hidden service performance

2018-01-21 Thread Roger Dingledine
On Sun, Jan 21, 2018 at 10:55:16AM -0800, Igor Mitrofanov wrote: > I'd like to call out the apparent hidden service performance slowdown: > https://metrics.torproject.org/torperf.html?start=2017-04-23&end=2018-01-21&source=all&server=onion&filesize=50kb > > I hope the dev team is looking into it.

Re: [tor-relays] Question about downtime

2018-01-21 Thread Roger Dingledine
On Sun, Jan 21, 2018 at 03:52:27AM -0600, Conrad Rockenhaus wrote: > Anyway, I had a quick question, on the relay side I run ConradsOVHRelay01 > (Relay) and ConradsOVHRelay02 (Exit). They???re running on CentOS, so I have > to manually install the latest version of tor to keep up with the securit

Re: [tor-relays] Has the storm passed?

2018-01-16 Thread Roger Dingledine
On Mon, Jan 15, 2018 at 01:44:25PM +0100, Ana Lucia Cortez wrote: > About 36 hours ago I tentatively disabled all my firewall rules who > where limiting connections to my relay. > > Everything looks pretty normal, I see no spikes, no errors, no failures. I think things have gotten a little bit be

Re: [tor-relays] could Tor devs provide an update on DOS attacks?

2018-01-16 Thread Roger Dingledine
Hi everybody, Thanks for your patience. Here is quick update -- hopefully we'll have another update in the upcoming days too. On Sat, Dec 30, 2017 at 06:25:28PM -0500, Roger Dingledine wrote: > (0) Thanks everybody for your work keeping the network going in the > meantime! I see tha

Re: [tor-relays] Combined relay and hidden service, good idea or not?

2018-01-08 Thread Roger Dingledine
On Mon, Jan 08, 2018 at 03:59:25PM -0700, Dave Warren wrote: > Even if Tor didn't supply any relay > statistics, a curious and enterprising individual could "explore" by seeing > what happens to a particular onion when one launches a DoS attack against an > external IP that one believes might be c

Re: [tor-relays] Combined relay and hidden service, good idea or not?

2018-01-05 Thread Roger Dingledine
On Fri, Jan 05, 2018 at 03:08:48AM -, torti...@mantablue.com wrote: > Second, I had read in the past opinions stating: > > When operating a hidden service, running a relay helps mix traffic so that > anyone observing traffic from the machine cannot easily run an analysis > targeted at a hidden

Re: [tor-relays] could Tor devs provide an update on DOS attacks?

2017-12-30 Thread Roger Dingledine
On Sat, Dec 30, 2017 at 03:33:23PM -0500, starlight.201...@binnacle.cx wrote: > I realize we're in the middle of the Christmas / New Year dead week, but it > would be great one of the developers could says something (anything) about > the ongoing denial-of-service attacks. Still alive! Some of u

Re: [tor-relays] Recent wave of abuse on Tor guards

2017-12-22 Thread Roger Dingledine
> On Thu, Dec 21, 2017 at 10:11:47PM +0100, Felix wrote: > My current thought is that these are actually Tor clients, not intentional > denial-of-service attacks, but there are millions of them so they are > producing surprises and damage. (Also, maybe there is not a human behind > each of the Tor

Re: [tor-relays] Recent wave of abuse on Tor guards

2017-12-21 Thread Roger Dingledine
On Thu, Dec 21, 2017 at 10:11:47PM +0100, Felix wrote: > It's currently good to be restrictive. May-be a *per ip* limit of 20 > (slow DoS) and a *per ip* rate of 1 per sec (fast DoS) is good. I'm getting up to speed on this issue (been absent for some days). My current thought is that these are a

Re: [tor-relays] do the 800+ UbuntuCore relays constitute a Sybil attack?

2017-11-28 Thread Roger Dingledine
On Tue, Nov 28, 2017 at 08:06:11PM -0500, starlight.201...@binnacle.cx wrote: > The population of these has been climbing for more than a week and no-one has > commented, which seems odd. No contact provided. > > https://atlas.torproject.org/#search/UbuntuCore See this thread: https://lists.tor

Re: [tor-relays] Exit Node Checking

2017-11-07 Thread Roger Dingledine
On Sun, Nov 05, 2017 at 03:16:42PM -0500, Kijani wrote: > Does anyone have a script for periodically updating strick exit nodes lists > after running an inspection as per > https://tc.gtisc.gatech.edu/bss/2014/r/spoiled-onions-slides.pdf or similar? > Looking to help protect against crypto trans

Re: [tor-relays] UbuntuCore

2017-10-29 Thread Roger Dingledine
On Mon, Oct 30, 2017 at 03:23:07AM +, Paul Templeton wrote: > These nodes are popping up everywhere - is this some sort of malware being > deployed on systems around the globe? It is an Ubuntu snap package. See this thread: https://lists.torproject.org/pipermail/tor-relays/2016-August/010046.

Re: [tor-relays] "Fast" flag definition

2017-10-29 Thread Roger Dingledine
On Sun, Oct 29, 2017 at 04:21:10PM -0700, Igor Mitrofanov wrote: > It looks like 94.7% of all Running relays have the "Fast" flag now. If > that percentage becomes 100%, the flag will become meaningless. > What were the reasons behind the current definition of "Fast", and are > those still valid? I

Re: [tor-relays] Exit probability

2017-10-29 Thread Roger Dingledine
On Sun, Oct 29, 2017 at 03:20:47PM +0100, Sebastian Urbach wrote: > "Exit" -- A router is called an 'Exit' iff it allows exits to at least one > /8 address space on each of ports 80 and 443. (Up until Tor version 0.3.2, > the flag was assigned if relays exit to at least two of the ports 80, 443, >

Re: [tor-relays] Testing Golang relay implementation

2017-10-26 Thread Roger Dingledine
On Thu, Oct 26, 2017 at 02:56:03PM -0700, Michael McLoughlin wrote: > After another look at the spec, I still believe the descriptor I'm > publishing conforms, as was my intention. Sorry to have caused all these > problems :( No, don't apologize! It's great that there are people implementing from

Re: [tor-relays] Testing Golang relay implementation

2017-10-25 Thread Roger Dingledine
On Tue, Oct 24, 2017 at 10:54:38AM -0700, Michael McLoughlin wrote: > Yes I am very aware of Tom van der Woerdt's previous work, and I am > attempting to avoid some of the problems he faced. This implementation is > pure Go, so I will not have cgo-based issues at least. Great! Yes, I think the mem

Re: [tor-relays] Tor t-shirts

2017-10-21 Thread Roger Dingledine
On Sat, Oct 21, 2017 at 12:28:34AM +0100, Dylan Issa wrote: > To add on this, if my Tor relay was restarted for a reason (resets downtime) > but previously had ~50 days uptime, if I get the remaining 10 days am I > eligible? Or must it be at least 60 days of continuous uptime? > Because I had 50

Re: [tor-relays] "Removed 1565259696 bytes by killing 1 circuits"

2017-10-21 Thread Roger Dingledine
On Fri, Oct 20, 2017 at 07:27:22PM -0400, tor wrote: > In a relay's logs: > > Oct 20 10:31:47 X Tor[]: We're low on memory. Killing circuits with > over-long queues. (This behavior is controlled by MaxMemInQueues.) > Oct 20 10:32:11 X Tor[]: Removed 1565259696 bytes by killing 1

Re: [tor-relays] my relay 'alnsn' died

2017-10-19 Thread Roger Dingledine
On Fri, Oct 20, 2017 at 12:29:29AM +0100, Alexander Nasonov wrote: > B9A41AD7AE8B2A4E6DE96EE77E3C8C04BADA8AC0 is currently down because > harware died this morning. I will either reinstall it or move to > a different AS. In any case, it won't happen tomorrow. I hope to > have it up and running on t

Re: [tor-relays] MaxMemInQueues defends against 375000 circuits in 9 secs - not

2017-09-28 Thread Roger Dingledine
On Thu, Sep 28, 2017 at 11:12:05PM +0200, Felix wrote: > Sep 26 18:59:37.000 [err] > tor_assertion_failed_: Bug: src/common/buffers.c:651: > buf_flush_to_socket: Assertion *buf_flushlen <= buf->datalen failed; > aborting. Neat! Can you open a ticket on https://bugs.torproject.org/ ? With as m

Re: [tor-relays] Individual Operator Exit Probability Threshold

2017-09-26 Thread Roger Dingledine
On Fri, Sep 22, 2017 at 01:04:28PM +, John Ricketts wrote: > I am about to fire up more Exit Relays and if I do so I will jump from my > roughly 3% of Exit Probability to what technically could easily reach 6-8%. > > I would like to know everyone???s opinion on having an individual operator

Re: [tor-relays] bad exit flag reason

2017-09-23 Thread Roger Dingledine
On Sat, Sep 23, 2017 at 10:32:00PM +, nusenu wrote: > Hi, > > [1] is not maintained since a long time. > I'm curious what the reason for assigning the badexit flag to [2] > was. If you know anything about it and can share something, that would > be great. > > [2] https://atlas.torproject.org/

Re: [tor-relays] Some Dir Authorities blocked

2017-09-16 Thread Roger Dingledine
On Sat, Sep 16, 2017 at 11:44:41PM +, dawuud wrote: > > Your only option would be to ask your ISP to uncensor the internet, > > unfortunately. Tor requires that all relays are able to contact all > > other relays, and those which cannot participate in the network. > > I think you meant to say:

Re: [tor-relays] Would you also like to have family-level atlas pages?

2017-09-11 Thread Roger Dingledine
On Mon, Sep 11, 2017 at 10:10:00PM +, nusenu wrote: > I suggested family-level pages where an operator of more than one relay > can see all the relays of his family including aggregated (stacked) > graphs for the graphs that are already available on a per-relay level. Good idea. The Nos Oigno

Re: [tor-relays] Fwd: Your TOR [sic] node

2017-09-09 Thread Roger Dingledine
On Fri, Sep 08, 2017 at 09:52:09PM -0400, Matt Traudt wrote: > His intentions are now very suspicious to me too. I will definitely not > be pointing anything at his servers. > https://lists.torproject.org/pipermail/tor-relays/2017-August/012735.html Yes, I agree. I wonder if there's a way to scan

Re: [tor-relays] Rate setting in tor

2017-09-07 Thread Roger Dingledine
On Fri, Sep 08, 2017 at 07:14:58AM +0200, Andreas Krey wrote: > On Thu, 07 Sep 2017 22:56:17 +, r1610091651 wrote: > > RelayBandwidthRate 2048 KBytes > > RelayBandwidthBurst 2048 KBytes > > > > But using arm, I'm seeing that tor is not honoring these settings, with > > bursts frequently exceed

Re: [tor-relays] ControlPort Authentication Options

2017-09-02 Thread Roger Dingledine
On Sun, Sep 03, 2017 at 01:17:14AM +0200, Ralph Seichter wrote: > I also tried using a control socket instead of a control port, alas, the > parameter RelaxDirModeCheck is rejected by Tor 0.3.0.10: > > [warn] Failed to parse/validate config: Unknown option > 'RelaxDirModeCheck'. Failing. > [

Re: [tor-relays] DIR Port

2017-08-30 Thread Roger Dingledine
On Wed, Aug 30, 2017 at 01:39:34PM +0100, Dr Gerard Bulger wrote: > DIR port on my relay and mini exit as being there on Atlas. > > The DIR port is open, indeed the DirPortFrontPage can be seen. > > Bandwidth is ???fast??? > > The exit is very limited in scope to avoid abuse claims, so few por

Re: [tor-relays] Tor relay making normal internet unusable

2017-08-29 Thread Roger Dingledine
On Wed, Aug 30, 2017 at 12:53:39PM +0930, W Howard wrote: > Thanks for the information. I wanted to run a relay from home to >support the project but I may instead contribute financially. You could do both! :) That is, run a non-exit relay from home, and also donate. https://www.torproject.org/do

Re: [tor-relays] Tor relay making normal internet unusable

2017-08-29 Thread Roger Dingledine
On Wed, Aug 30, 2017 at 09:33:26AM +0930, W Howard wrote: > I have some spare bandwidth and want to run an exit relay Is this at your home? Careful running exit relays at your home -- there is always some new cop who just started his job, doesn't understand the Internet, has never heard of Tor, an

Re: [tor-relays] Fallback directory mirror DFRI7 is dead

2017-08-24 Thread Roger Dingledine
On Fri, Aug 25, 2017 at 11:43:10AM +1000, teor wrote: > > A new DFRI7 will appear on the same address and port within a couple of > > days. Should I simply update fallback_dirs.inc? > > No need to do anything right away! Will it be bad to have a new relay (with a new key), on the same IP:port as

Re: [tor-relays] Shirts

2017-08-17 Thread Roger Dingledine
On Thu, Aug 17, 2017 at 09:53:12AM +0200, Sebastian Urbach wrote: > I was asked recently by friends & family if i could get the traditional Tor > shirt for them. I showed them the new Tor shirt and well let's say they > really want the traditional shirt. Which one is new and which one is tradition

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

2017-08-15 Thread Roger Dingledine
On Tue, Aug 15, 2017 at 11:52:31PM +0200, Toralf Förster wrote: > Does a particular Tor server/client will open more than 1 connection >at a time from to the DirPort ? I think we definitely want to support that in the protocol. I'm not sure whether it happens right now, but it might. But prevent

Re: [tor-relays] New Here

2017-08-13 Thread Roger Dingledine
On Sun, Aug 13, 2017 at 08:51:05PM +0200, Dirk wrote: > I observed the same thing on our new exit. atlas says its down - but > actually it is working. Did you test if you could exit through your > relay at this time ? Another thing to check is whether your relay is listed in the consensus document

Re: [tor-relays] 60 new neu.edu relays in 16 minutes

2017-08-11 Thread Roger Dingledine
On Thu, Aug 10, 2017 at 07:53:03PM -0400, priv...@ccs.neu.edu wrote: > We are using Online S.a.s because it it is cheap (I guess it's the same > reason why others use it). We will check in the next couple of days if there > is an alternative low cost provider. If I understand the threat model f

Re: [tor-relays] Two research groups studying onion services and running relays

2017-08-09 Thread Roger Dingledine
On Thu, Aug 10, 2017 at 12:15:00AM +, nusenu wrote: > Isn't that more relevant to HS operators than relay operators? No, not really. The relay operator community is the one with standards and consensuses about what counts as a well-behaving relay, and what kinds of "groups of relays that might

Re: [tor-relays] 60 new neu.edu relays in 16 minutes

2017-08-09 Thread Roger Dingledine
On Wed, Aug 09, 2017 at 05:03:00PM +, nusenu wrote: > Note: There is nothing wrong with adding 60 tor relays, especially with > proper MyFamily configuration as you did. Hi Nusenu, You beat me by a day -- I had drafted my earlier mail about the two research groups running relays, but decided

[tor-relays] Two research groups studying onion services and running relays

2017-08-09 Thread Roger Dingledine
Hi relay operators! I want to let you know about two upcoming research projects by academic research groups. The tl;dr is that they're running relays to do certain measurements, and so far as we can tell the proposed methodology is safe enough and worthwhile enough, but we invite you (and everybod

Re: [tor-relays] Tor exit nodes attacking SSH?

2017-08-09 Thread Roger Dingledine
On Wed, Aug 09, 2017 at 02:41:34AM -0400, Roger Dingledine wrote: > Right -- it seems clear that there is some exit relay out there that is > handling requests for 8.8.8.8:22 (and probably *:22) poorly. If somebody > can tell us which one it is, we'll get rid of it. Ok, we have

Re: [tor-relays] Tor exit nodes attacking SSH?

2017-08-08 Thread Roger Dingledine
On Wed, Aug 09, 2017 at 10:58:01AM +0500, Roman Mamedov wrote: > > No, dropbear is an SSH server that 8.8.8.8 seems to be running. > > Did you try ssh'ing into 8.8.8.8 (outside of Tor)? It does not run a public > SSH server at all (obviously). > > The point was to demonstrate that the exit node i

Re: [tor-relays] Tor 0.3.0.10 not listed as a recommended version

2017-08-05 Thread Roger Dingledine
On Sat, Aug 05, 2017 at 12:34:35PM +0200, Ralph Seichter wrote: > Hello, > > after updating to Tor 0.3.0.10, I see the following warning on my nodes: > > This version of Tor (0.3.0.10) is newer than any recommended version > in its series, according to the directory authorities. > > Could on

Re: [tor-relays] Go home GeoIP, you're drunk.

2017-08-03 Thread Roger Dingledine
On Thu, Aug 03, 2017 at 11:52:00PM +0200, Ralph Seichter wrote: > I moved a Tor relay to new hardware, keeping the keys. Both old and new > server are located in Germany and provided by the same hosting company. > After the latest Atlas update, I was surprised to see that the IPv4 > address is list

Re: [tor-relays] 100K circuit request per minute for hours killed my relay

2017-07-27 Thread Roger Dingledine
On Thu, Jul 27, 2017 at 08:48:35PM +0300, Vort wrote: > > This sort of thing has been going on for many years. I used to refer > > to it as "mobbing". As nearly as I was ever able to determine, the behavior > > is an unintended consequence of hidden services. > > Same thing started to happe

Re: [tor-relays] Tor relay operators at DEF CON

2017-07-27 Thread Roger Dingledine
On Thu, Jul 27, 2017 at 03:01:48PM -0700, Joel Cretan wrote: > If anyone at DEF CON is interested in meeting up, perhaps we could set up a > meeting time, maybe in/around the Crypto and Privacy Village. Of course > we're all interested in anonymity, so no pressure to speak up. But if > enough peopl

Re: [tor-relays] [warn] channelpadding_ and [warn] assign_

2017-07-03 Thread Roger Dingledine
On Mon, Jul 03, 2017 at 09:58:02PM +0200, Felix wrote: > [warn] channelpadding_compute_time_until_pad_for_netflow: Bug: Channel > padding timeout scheduled 212ms in the past. Did the monotonic clock just > jump? (on Tor 0.3.1.3-alpha dc47d936d47ffc25) https://bugs.torproject.org/22212 > and > >

Re: [tor-relays] GeoIP file

2017-06-28 Thread Roger Dingledine
On Thu, Jun 29, 2017 at 11:49:58AM +1000, teor wrote: > > There is fresh geoip data posted on maxmind.com monthly. Doesn't it > > make sense to have the daemon use it? > > No, we process the file, and update it when we do a release. > And at that point, the tor daemon is restarted anyway. > > Ge

Re: [tor-relays] Exit / Bad Gateway

2017-06-27 Thread Roger Dingledine
On Tue, Jun 27, 2017 at 03:52:31PM +0200, Sebastian Urbach wrote: > Well Faravahar is finally back but im still wondering why my System (located > in France) is measured by exactly 1 System a few thousand miles away. Actually, it's measured by three bwauths. You can look it up on https://www.freeh

Re: [tor-relays] keypair does not match its older value

2017-06-20 Thread Roger Dingledine
On Tue, Jun 20, 2017 at 11:04:31PM +0100, Alexander Nasonov wrote: > I tried moving a tor relay with offline master key to a new host but > something went wrong and it printed several warnings: > > http status 400 ("Looks like your keypair does not match its older value.") > response from dirserv

Re: [tor-relays] [SOLVED] published descriptor missing from consensus

2017-06-09 Thread Roger Dingledine
On Fri, Jun 09, 2017 at 01:05:43AM -0500, Scott Bennett wrote: > > I think you will find this is not an uncommon configuration among > > high-bandwidth relays. > > I will check further into the procedure for which Roger posted a URL > to see whether it will indeed give me a list of such addre

[tor-relays] How to detect Tor exit IP addresses (was Re: [SOLVED] published descriptor missing from consensus)

2017-06-08 Thread Roger Dingledine
On Thu, Jun 08, 2017 at 05:30:37PM -0500, Scott Bennett wrote: > Consider another case. Users have often complained that running a tor > relay results in their IP addresses being blocked by all manner of services > around the Internet. The providers of those services say they have suffered >

Re: [tor-relays] 2017-06-07 15:37: 65 new tor exits in 30 minutes

2017-06-07 Thread Roger Dingledine
On Wed, Jun 07, 2017 at 03:50:54PM -0400, David Goulet wrote: > On 07 Jun (19:41:00), nusenu wrote: > > DocTor [1] made me look into this. > > > > _All_ 65 relays in the following table have the following characteristics: > > (not shown in the table to safe some space) > > Yah, we got a report on

Re: [tor-relays] published descriptor missing from consensus

2017-06-04 Thread Roger Dingledine
On Sun, Jun 04, 2017 at 07:14:06PM -0500, Scott Bennett wrote: > Which versions are the Running votes coming from versus the non-Running? You can see the votes at https://www.seul.org/~arma/moria1-v3-status-votes > I have a few commands in a crontab entry that extract relay IP addresses

Re: [tor-relays] published descriptor missing from consensus

2017-06-04 Thread Roger Dingledine
On Sun, Jun 04, 2017 at 12:30:20AM -0500, Scott Bennett wrote: > Late Wednesday afternoon, I restarted my relay (MYCROFTsOtherChild), > which changed it from 0.3.0.6 to 0.3.0.7. That was the only change I made. > It went through a normal startup and published its descriptor. After a few > ho

Re: [tor-relays] exit relay consensus weight

2017-05-25 Thread Roger Dingledine
On Thu, May 25, 2017 at 08:20:16PM -0700, Arisbe wrote: > I just made an interesting observation that I thought I would share. > Yesterday I started a VPS exit relay at a well known hosting company > in Moldova [0]. Within 24 hours I saw the consensus weight exceed > 1. The relay is bandwidth

Re: [tor-relays] Memory Problems with tor releay

2017-05-25 Thread Roger Dingledine
On Wed, May 24, 2017 at 07:51:50PM -0400, Roger Dingledine wrote: > Well, you are a winner, in that you found a new Tor bug (in > 0.3.1.1-alpha): > https://bugs.torproject.org/22368 > > Once we resolve that one, I'll ask for another valgrind run. :) Ok, we merged the fi

Re: [tor-relays] Memory Problems with tor releay

2017-05-24 Thread Roger Dingledine
On Wed, May 24, 2017 at 08:49:38PM +0200, tor-relay.d...@o.banes.ch wrote: > Hello Roger, > > I updated the ticket. You will find the output of the valgrind there as > well: > https://trac.torproject.org/projects/tor/attachment/ticket/22255/valgrind.txt Well, you are a winner, in that you found a

Re: [tor-relays] Problem starting 0.3.0.7 on Ubuntu?

2017-05-23 Thread Roger Dingledine
On Tue, May 23, 2017 at 03:32:49AM -0400, Roger Dingledine wrote: > The better fix imo will be > for Tor to stop doing behavior that the apparmor profile wants to prevent, > such as trying to read directories before it has switched uids. I'll > open a ticket about that once I u

Re: [tor-relays] Problem starting 0.3.0.7 on Ubuntu?

2017-05-23 Thread Roger Dingledine
On Tue, May 23, 2017 at 01:43:37PM +1000, teor wrote: > > HiddenServiceDir /var/lib/tor/SERVICE_NAME/ > > What are the permissions on each of the enclosing directories? > (Tor checks permissions recursively in some cases.) > > In 0.3.0.7, we made a number of hidden service checks stricter. > Perh

Re: [tor-relays] Memory Problems with tor releay

2017-05-22 Thread Roger Dingledine
On Tue, May 23, 2017 at 03:01:10AM +, John Ricketts wrote: > Roger, > > I have whatever resources you need for testing. Let me know if you would > like them. 1) git clone https://git.torproject.org/git/tor cd tor.git ./autogen.sh && ./configure && make 2) edit /etc/security/limits.conf to

Re: [tor-relays] Memory Problems with tor releay

2017-05-22 Thread Roger Dingledine
On Mon, May 22, 2017 at 10:48:31PM +0200, niftybunny wrote: > Same with 0.3.0.5. Upgrading to 0.3.0.7 helped on most relays. We didn't change anything between 0.3.0.5 and 0.3.0.7 that would have helped. If somebody with a really really fast CPU wants to run their relay under valgrind --leak-chec

Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)

2017-05-21 Thread Roger Dingledine
On Sun, May 21, 2017 at 09:12:39AM +0200, Petrusko wrote: > What will they find ? > A Debian who ask a password to unlock the system, or it will stop booting ? > Yeah, if police can read the system entirely, it looks like impossible > to find something about the guyz behind the wannacry software ?

Re: [tor-relays] seized relays reported for blacklisting?

2017-05-19 Thread Roger Dingledine
On Sat, May 20, 2017 at 04:01:04AM +0200, Tobias Sachs wrote: > any idea how to avoid the guard flag at this time? > My only idea is to trottle down the speed but this is a bad solution imho. I don't think there's an easy way. If you set "DirCache 0" in your torrc file, then you will still get th

Re: [tor-relays] Tor version on Debian Wheezy (oldstable)

2017-05-17 Thread Roger Dingledine
On Wed, May 17, 2017 at 08:45:26PM +0500, Roman Mamedov wrote: > > https://www.torproject.org/docs/debian.html.en > > > > You'd probably tell it you use old stable and want Tor version stable. > > After a couple of apt commands, I predict you will end up with Tor 0.3.0.7 > > No he will not, as n

Re: [tor-relays] Tor version on Debian Wheezy (oldstable)

2017-05-17 Thread Roger Dingledine
On Wed, May 17, 2017 at 06:13:55PM -0400, Roger Dingledine wrote: > But it's my understanding that Debian wheezy becomes oldoldstable once > Squeeze is declared stable? Meaning now would be a good time for you to > consider upgrading anyway? :) Whoops, I meant Stretch, not Squeeze.

Re: [tor-relays] Tor version on Debian Wheezy (oldstable)

2017-05-17 Thread Roger Dingledine
On Wed, May 17, 2017 at 05:04:29PM +0200, Cristian Consonni wrote: > I run a couple of relays with Debian 7 Wheezy, which is the old stable > version. Thanks for running relays! > AS you can see from the Debian package page[1] the latest available > version of Tor packaged for Wheezy is 0.2.4.27-

[tor-relays] (FWD) [tor-announce] Tor 0.3.0.7 is released, with a medium security fix for relays

2017-05-15 Thread Roger Dingledine
For those of you who are not on tor-announce... now would be a good time to remember to subscribe to tor-announce. :) --Roger - Forwarded message from Nick Mathewson - Date: Mon, 15 May 2017 18:57:59 -0400 From: Nick Mathewson To: tor-annou...@lists.torproject.org Subject: [tor-announc

Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)

2017-05-15 Thread Roger Dingledine
On Mon, May 15, 2017 at 12:21:36PM +0200, aeris wrote: > Currently, my server hosting kitten1 and kitten2 (tor guard and fallback > directory) is under seizure since 14/05 11h. > Private key are under encrypted volume and may be protected, but please > revoke > immediatly kitten1 & kitten2 tor n

Re: [tor-relays] Strange behaviour Tor 0.2.9.10

2017-05-15 Thread Roger Dingledine
On Tue, Mar 28, 2017 at 02:22:17PM +0100, Geoff Down wrote: > 72 hours now on 2.9.9 with no clock jumps. Still occasional timeouts as > per above. Hi Geoff, Any news on your strange clock jumps? Have you tried Tor 0.3.0.x for your bridge or relay also? I ask because https://trac.torproject.org

Re: [tor-relays] WannaCry fallout FYI

2017-05-15 Thread Roger Dingledine
On Mon, May 15, 2017 at 09:58:26AM +0200, Cristian Consonni wrote: > Interesting. In fact, I though that downloading the whole browser seemed > to be not so smart, surely there are better ways to connect > programmatically to the tor network. It is not the whole browser -- it is the "windows exper

Re: [tor-relays] WannaCry fallout FYI

2017-05-15 Thread Roger Dingledine
On Mon, May 15, 2017 at 09:17:33AM +0200, Cristian Consonni wrote: > > | https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip > > Was the increased number of downloads from the malware visibile from the > logs? I looked, and there were a few hundred downloads per day. It didn't look

Re: [tor-relays] WannaCry fallout FYI

2017-05-14 Thread Roger Dingledine
On Sun, May 14, 2017 at 09:54:55PM +0200, niftybunny wrote: > >Known TOR exit nodes are listed within the Security Intelligence feed of ASA > >Firepower devices. Enabling this to be blacklisted will prevent outbound > >communications to TOR networks. > > Wait, what? To help you be less surprise

Re: [tor-relays] GeoIP file

2017-05-08 Thread Roger Dingledine
On Sun, May 07, 2017 at 08:20:39PM -0700, Ian Zimmerman wrote: > How does the tor daemon read the GeoIP database file? Does it read the > whole file once when starting up, or every time it needs to resolve an > IP, or something in between (say, it builds an index in memory on > startup and then se

Re: [tor-relays] Relay has Low Consensus and No Exit Flag Following Upgrade

2017-05-07 Thread Roger Dingledine
On Sun, May 07, 2017 at 02:20:42PM +0100, Chris wrote: > However, it no longer has the exit node flag and the consensus is very > low (20). It also is not listed as a directory. > > I suspect something else during the upgrade has broken it as I had some > SELinux issues binding to the ports before

Re: [tor-relays] Relay installation instructions

2017-03-19 Thread Roger Dingledine
On Sat, Mar 18, 2017 at 08:26:35PM -0500, Andrew Deason wrote: > Ideally I'd submit a bug for this Turns out there is one already: https://trac.torproject.org/projects/tor/ticket/21769 Patches (to the webwml git repo) appreciated! --Roger ___ tor-rela

Re: [tor-relays] 0.2.9.10 dir port warning

2017-03-13 Thread Roger Dingledine
On Mon, Mar 13, 2017 at 02:06:06PM +, Logforme wrote: > Just upgraded my relay 855BC2DABE24C861CD887DB9B2E950424B49FC34 to > 0.2.9.10 and now I get a new warning in the log file: > > Mar 13 12:02:22.000 [notice] Bootstrapped 100%: Done > Mar 13 12:03:20.000 [warn] Cannot make an outgoing conne

Re: [tor-relays] Connectivity issues; disabling my relay

2017-02-15 Thread Roger Dingledine
On Wed, Feb 15, 2017 at 06:32:56PM +, Steven Chamberlain wrote: > So I'm bringing my Tor relay back online Great! > Short bursts of packet loss like this, if someone > was doing that deliberately with a set pattern, would have been an ideal > way to watermark streams going in and out of the

Re: [tor-relays] Reaching out to webiron

2017-02-10 Thread Roger Dingledine
On Fri, Feb 10, 2017 at 02:36:30AM -0600, Andrew Deason wrote: > No no, that was just me thinking about how they could/should go about > it. I just meant, some form of downloading the entire list, instead of > checking one-by-one via TorDNSEL. > > If the consensus doc shouldn't be used for this, w

Re: [tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9

2017-02-09 Thread Roger Dingledine
On Thu, Feb 09, 2017 at 09:51:14PM +0100, Maarten A. wrote: > My log indicates Tor 0.2.5.12 (git-6350e21f2de7272f) [...] > I think I read somewhere debian does security backport, hence the old > version numbers. You probably know this already. > > I'm running Debian GNU/Linux 8.7 (jessie) Yep, th

Re: [tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9

2017-02-09 Thread Roger Dingledine
On Thu, Feb 09, 2017 at 07:48:10PM +, mick wrote: > I am. (Debian Jessie 8.7 - using the tor repos). > > Attempting an upgrade from 0.2.9.8 I get nothing. Weasel suggests that you run "apt-cache policy tor" and remember what it says, then "apt-get update", then "apt-cache policy tor" again an

Re: [tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9

2017-02-09 Thread Roger Dingledine
On Thu, Feb 09, 2017 at 01:04:30PM -0500, Nick Mathewson wrote: > If you are on some earlier version of 0.2.9.x, it would be really > great if you could update your relay some time soon And, if you're one of the many relays still on 0.2.9.8, and the reason is something other than "oops, you're rig

Re: [tor-relays] SIGHUP causing obfs warning/disabling

2017-01-19 Thread Roger Dingledine
On Thu, Jan 19, 2017 at 01:55:10PM +1100, teor wrote: > Occasionally, the tor process fails to shut down a pluggable transport > process when tor exits. I believe this is an unavoidable consequence of > unexpected or unclean tor shutdowns or crashes. Right. This is why we changed the design in 0.2

Re: [tor-relays] Proposing an Exit Node

2017-01-16 Thread Roger Dingledine
On Mon, Jan 16, 2017 at 11:49:46PM -0700, Mirimir wrote: > Or you need adequate anonymity, and be willing to lose sunk cost. I think trying to run exit relays with anonymity, and with plans to discard them as needed, is a poor plan long-term. In the struggle for what the Internet can become, we ne

Re: [tor-relays] Entry relay still the same after months?weeks/

2017-01-15 Thread Roger Dingledine
On Sun, Jan 15, 2017 at 08:14:52AM +, je suis wrote: > And my apologies if this turns out to be a simple, obvious answer, but > ever since two(?) upgrades back, my entry relay never changed. I > manually deleted Browser/TorBrowser/Data/Tor/state and only then it > changed. As of the last delete

Re: [tor-relays] Raspberry Pi + Raspbian GNU/Linux 8.0 (jessie) + bind errors

2017-01-05 Thread Roger Dingledine
On Thu, Jan 05, 2017 at 06:38:23PM -0800, Kurt Besig wrote: > I just installed tor on a Raspberry Pi 3 Model B and can't get a relay > to start unless I sudo. When I attempt to start tor as a non-privileged > user I get a permissions error: Opening Jan 05 18:33:35.929 [notice] > Opening OR listener

Re: [tor-relays] Minimum requirements for becoming a guard

2016-12-25 Thread Roger Dingledine
On Sun, Dec 25, 2016 at 09:47:02AM +0200, Rana wrote: > What are the absolute minimum requirements for becoming a guard? > > [I am not asking about being trustworthy which I am obviously not, only > about bandwidth etc. :)] The requirements are relative to the other relays in the network: http

<    1   2   3   4   5   6   >