Re: [tor-relays] ISP

> Which ISP is better? They all suck. Go start your own ISPs and meshnets that actually gives a shit about people, privacy, transparency, censorship, servers, speech, freedom, crypto, and actually fights back against government largesse, intrusion, regulation, power, etc. Demand is high, you

Re: [tor-relays] Recommended router for 200+ Mb/s relay

> If you have an old PC with 2 ethernet ports laying around or you can get > one cheap I suggest you build your own: > https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/ Yes any old PC combined with opensource OS is great "router". Some find the two OS

Re: [tor-relays] Port Forwarding Question

On 3/6/20, William Pate wrote: > This constantly trips me up. In my modem settings, I'm offered these options > for port forwarding. I know I need to open 9001, but what do I enter into > the external port fields? >

Re: [tor-relays] Exit Concentration vs Bulk filters?

> So what can we do to achieve the ideal distributed network? > Throttle all (nodes) to the slowest... to get the best diversity? > We need all (nodes), whether high or small capacity. Don't we? Tor is a form of gravity well. If the cloud is not saturated, adding more nodes increases odds of

Re: [tor-relays] Improving Relay IPv6 - RIPE Grant

> than lets drop all IPv4 only relays from consensus 2020 finally. Someone may have mentioned already... Given many places relays do and could run are still IPv4 only, that would probably impact diversity quite a bit regarding AS, regions, jurisdiction, ISPs, datacenter vs network edge type of

Re: [tor-relays] Improving Relay IPv6 - RIPE Grant

On 12/12/19, Logforme wrote: > My ISP ... does not provide ... and has no roadmap > I can't switch ISP since they provide the fiber connection for the > apartment building. Seems you should be building out your own P2P fiber mesh guerrilla network house-to-house owner-to-owner, each node

Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?

> never relied on the OS Package of Tor, mainly because OS’s OpenSSL versions > are behind the current version of OpenSSL, so I normally compile Tor against > the latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL > 1.1.1a-freebsd, which generates a slight crypto error during the startup of

Re: [tor-relays] Measuring the Accuracy of Tor Relays' Advertised Bandwidths

On 8/6/19, Roger Dingledine wrote: > On Tue, Aug 06, 2019 at 05:31:39PM -0400, Rob Jansen wrote: >> Today, I started running the speedtest on all relays in the network. > There will be another confusing (confounding) factor, which is that the > ... > as intended. :) So, call it another thing to

Re: [tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS resolver

>> On Jun 30, 2019, at 8:32 PM, Matt Westfall wrote: >> >> Just set your exit relay DNS to 8.8.8.8 and 1.1.1.1 I mean dns traffic Screw that MITM. And unless your on box resolver lib runs nscd cache from rc when using remote dns above, busy exits can also save some bandwidth by running local

[tor-relays] VPNs and Ports

>> On May 23, 2019, at 4:39 AM, Wallichii wrote: >> >> On Thu, 23 May 2019 04:15:36 -0500 >> Conrad Rockenhaus wrote: >> >>> I’ll be starting a free VPN service soon to allow users that are >>> blocked from using Tor at their location to access Tor. To prevent >>> abuse of the service, I plan on

Re: [tor-relays] 10 Years Torservers.net: Death or Future?

On 5/7/19, Tyler Durden wrote: > It has been a hell of a ride Yes :) Many of us remember day of torservers beginning days, and or have taken part creating, running, supporting, aligning with it over time. Those sorts of big projects are no small undertaking. Especially setting up of legal and

[tor-relays] Solving World's Tor Users Being Blocked by Websites (was: Tor exit bridges)

On 5/7/19, nusenu wrote: > > juanjo: >> Tor relays are public and easily blocked by IP. To connect to Tor >> network users where Tor is censored have to use bridges and even PTs. >> But, what happens on the exit? Many websites block Tor IPs so using >> it to access "clearweb" is not possible.

Re: [tor-relays] dhcp lease question

Re DHCP in general... Some OS, particularly some mobile oriented Linux distros, phones, and even in popular modem gear, do now come with MAC randomizers, or have them available as addon packages. If they are enabled they can turn any seemingly static-IP-ness that comes from ISP DHCP servers, into

Re: [tor-relays] unique .onion addresses decreasing a lot

On 5/5/19, nusenu wrote: > https://metrics.torproject.org/hidserv-dir-onions-seen.html?start=2019-02-04=2019-05-05 > > Is this a measurement issue or did some major application migrate to v3 > onion services? Or some botnet got shutdown. ___ tor-relays

Re: [tor-relays] Anti-Sybil (re: Explain... all the Nodes)

On 5/2/19, grarpamp wrote: > Node location, payment, OS, ISP, uptimes, anon / nym / PGP / GovID, > workplace, politic, blogs, whatever else you can imagine, > including incorporating what's already in the consensus, contact, > MyFamily, nickname, both real world and virtual infos

[tor-relays] Anti-Sybil (re: Explain... all the Nodes)

On 5/2/19, Herbert Karl Mathé wrote: > I strongly believe certain issues need be brought up into conscious, and > into presence: into discussion, actually. > > Therefore appreciating this as it might fit too well into context > > Keeping things below surface, or trying so, has too often proven to

Re: [tor-relays] [tor-talk] Anyone interested in running FreeBSD or Linux Exit Relays on AS19624?

On 4/17/19, Seby wrote: > Here we go again... Not really different than all the quasi or non profit tor node groups posting their news now and then. Nos onions, torservers, emerald onions, noisebridge, etc. Hey look at me, join us, give us money, we're doing stuff, etc. So long as it supports

[tor-relays] Representing Megabits correctly (ex: Slow Relay)

>> 97Mb >> speeds at 11Mb/sec. >> couple of meg > be careful with > Megabit (Mb) vs. MegaByte (MB). > Here is the part with the important information: > With this option, and in other options that take arguments in bytes, > KBytes, and so on, other formats are also supported. Notably, "KBytes" >

Re: [tor-relays] High Speed Exit Relay or just a plain Relay?

On 4/4/19, Conrad Rockenhaus wrote: > I have a FreeBSD box on a 1 Gbit/s connection. I'm trying to determine > if we need more high speed relays or high speed exit relays. The AS > it's on has no plain relays, just exit relays. That's what has me > wondering what to do.

Re: [tor-relays] Emerald Onion's new relays

On 4/4/19, Conrad Rockenhaus wrote: >> when ISPs are ordered to BGP blackhole some exit IP addresses > I've been assigning a second set of IP addresses to my servers in case > I want to run another instance of Tor. Would it be more prudent to use > that second set of IP addresses as an

Re: [tor-relays] Tor Exit Relay CPU Usage Running at 100% for 1 MB/s on FreeBSD

On 3/11/19, Neel Chauhan wrote: > I have set up two exit relays on a FreeBSD 12.0 dedicated server: > Looking at my top stats, I get CPU usage of 100% most of the time > (meaning 95% of the time) on both instances pushing around ~1 MB/s with > both instances. > HP Blade single Intel Xeon L5520

Re: [tor-relays] [tor-exit] good node providers

On 2/17/19, dns1...@riseup.net wrote: > It wasn't clear to me if those operating systems > would install any kind of firmware automatically. Firmware / Microcode / BIOS blobs are related to the specific hardware you have installed... if the hw requires having the blob loaded into it after each

Re: [tor-relays] [tor-exit] good node providers

On 2/16/19, dns1...@riseup.net wrote: > As far as I know, those distributions include non free firmwares, which, > potentially or maybe not, could contain some backdoors. > > I don't want to preach no one, but for me is a ethical, moral question. I > want to avoid operating systems that haven't a

Re: [tor-relays] [tor-exit] good node providers

On 2/15/19, dns1...@riseup.net wrote: > As regards Linux box I would say one thing: if you are worried about NSA > etc.. how you could use operating systems that are not enterly free > software? If your > operating system contains binary blob That can be avoided with some OS, typically stringent

Re: [tor-relays] plans to require ContactInfo to be non-empty

On 2/5/19, Roman Mamedov wrote: >> Nicknames are required to be non-empty, did that stop any abuse? > Correction: Nicknames default to "Unnamed" when unset. > However did any of the recent abuse or suspected-malicious relays actually > use "Unnamed"? The consensus contains quite some fraction

Re: [tor-relays] Tor RAM usage (DoS or memory leaks?) - Flood of circuits

A week or two ago someone was scanning entire 80-bit onion space in big parallel. They later said they stopped upon advisement of the futility. But you never know. ___ tor-relays mailing list tor-relays@lists.torproject.org

[tor-relays] Overlay Networks: Research Improvements and Attacks [was: planetlab butterfly relays]

On 1/23/19, nusenu wrote: > thanks for adding tor relays. > If you are using them for research purposes please ensure > you follow the safety guidelines: > https://research.torproject.org/safetyboard.html > https://medium.com/@nusenu/some-tor-relays-you-might-want-to-avoid-5901597ad821 >

Re: [tor-relays] community team highlights: Relay Advocacy

>> communicating with OVH regarding relays without contactinfo > Is it *really* a good idea to poke OVH over this? > in their ToS > I feel this can backfire in a bad way > is easier to ban all this "Tor" entirely? Though there can be some context, in general harassing and busywork for ISP is

Re: [tor-relays] Onion v2 HSDir Support (ref: v3 prop224) [was: fishy fingerprint patterns]

On 1/4/19, V wrote: > "crypto" "security" "sofware dev" "support" fud re v2 "Hey, here's v2, it uses older crypto and mechanics that are not as robust etc as v3... However v2 offers useful features for many users, and those features are not yet available in a newer design (volunteers to create

Re: [tor-relays] Onion v2 HSDir Support (ref: v3 prop224) [was: fishy fingerprint patterns]

On 1/4/19, teor wrote: >> Node operators (tor-relays) would continue offering >> v2 HSDir support module until such time as the reasons >> for choosing v2 by those above are supported in v3 or vN. > > It's not just about feature parity. Right. Feature parity is nice and excellent goal, till

Re: [tor-relays] 300mbps FreeBSD Tor relay on HPE MicroServer Gen10 (AMD X3421)

FreeBSD jails are light, effective, fast, and detailed chroots... not bloated VM / HW / Hyper or emulation instances that eat RAM and CPU. > sort out a bare minimum jail for a Tor node. minimum = static tor (1 file) + devfs (kernel managed fs) > company kept getting their site hacked, so he had

[tor-relays] Onion v2 HSDir Support (ref: v3 prop224) [was: fishy fingerprint patterns]

> relays have a rather distinct signup and fingerprint pattern > usually seen for onion attacks. > ... > a) If you are an .onion operator I'd like to encourage you to switch to onion > services version 3 > ... > so we can start > ... > b) dropping onion version 2 services eventually. These are

Re: [tor-relays] Extreme Exit Policy

>> Another more surprising impact for you is that your ssh connections would, >> counterintuitively, die more often. >> >> That's because Tor has a LongLivedPorts option, where streams for those >> destination ports use circuits with all Stable-flagged relays, and 22 >> is in the list but 443 is

Re: [tor-relays] Is the public information for relays trustable?

If asking if what you see on metrics about MX or any other country is correct, yes it generally is. Though if you discover errors, you can file a metrics ticket with the suspected data in error and technical data proof that shows suggests metrics is wrong. "Hearing that some ISPs block, thus no

Re: [tor-relays] Is the public information for relays trustable?

It's not clear what you're asking. What "information" exactly. Etc. Please put each question in one paragraph or line dedicated to that question. If reaching the DA's is the only blockage, you should be able to setup your host's routing table and packet filters to send the DA's ip traffic to them

[tor-relays] Bittorrent Legal Noise, Advocacy [re: Explaining Tor to worried parent]

> Yeah, one of the complete bullshit things. I get around 200 emails per day > like this one: > > Protocol: BITTORRENT This should tend to diminish when you begin creating and showing people how to use filesharing and distributed storage protocols operating entirely within the various encrypted

Re: [tor-relays] List purpose and moderation

Sorry but if a Tor friendly commercial, non profit, volunteer, or whatever other type of vendor / provider wants to come here and announce [or solicit mutual development of more amenable custom] hosting solutions and services for tor relays... that's valuable and fine. In no small part because...

[tor-relays] FreeBSD Solution Comparable to VyOS (BGP IPv4+6 FW) in Tor Intensive Environments

On 10/11/18, Conrad Rockenhaus wrote: > Hello, > > I’m researching for a new colo, and in order to bring it online until I can > consolidate some hardware, I would like to temporarily run a VyOS Router as > the main router so I can start getting things online sooner than later. This > VyOS Router

Re: [tor-relays] Fast search for underutilized ASN space?

One could assume say over half of all AS or their downstream do provide some form of hosting service, thus look them all up and spam their admin contact with both boilerplate tor promotional and include a request to their sales / down team for proposal / quote or referral for same.

[tor-relays] NTP and tor

Further NTP client variations... https://chrony.tuxfamily.org/ https://github.com/bsdphk/Ntimed https://leaf.dragonflybsd.org/cgi/web-man?command=dntpd=8 http://cr.yp.to/clockspeed.html ___ tor-relays mailing list tor-relays@lists.torproject.org

Re: [tor-relays] "Safe" ports for exit node that won't attract LEA?

>> exit node in my home > I also allow 993/995 (IMAP/POP3 over SSL). Sadly, I don't allow 465, > SMTP over SSL, though I've pondered enabling it. If you're trying to help standalone MUA users send email... 465 - this is smtp over TLS, you don't / rarely want this legacy mashup thing 567 - this

[tor-relays] Exit friendly ISPs

On 9/17/18, niftybunny wrote: > [cost, cost, cost] >> freedom is a profitable business model. We charge double and up rates to ignore and manage everything, short of legal process served, with you on point in role until you're not. Exits, torrents, gaming, IRC, shells, free speech, social nets,

Re: [tor-relays] Exit friendly ISPs in Australia

> I have also contacted RIMU Hosting, which has servers in Australia, and they > said "As an account holder under our terms of use, you would be directly > responsible for all content in and out of your server. In general that is > not possible to do with a tor exist node, so we are not a good fit

[tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

This particular case receiving mentions for at least a few months... D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 The relay won't [likely] be badexited because neither it nor its upstream is shown to be doing anything malicious. Simple censorship isn't enough. And except

Re: [tor-relays] Abuse Complaints

> Is Irdeto harassing you with DMCAs or just the hacking / forum spam > complaints? >> I am thankful that I have my own AS and IP space. I would even think >> about running mass relays like I do. >> I am running the reduced exit policy on all 50 of my relays and still get >> tons of automated

Re: [tor-relays] Individual Operator Exit Probability Threshold

> Yes, there are compiled tor relay packages for BSD, they exist in packages - > for FreeBSD is pkg install tor and for OpenBSD it’s pkg_add tor. https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ https://www.openbsd.org/faq/index.html > For FreeBSD, you’ll want to switch packages from

Re: [tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

One might worry more what Mega and Gigacorps are doing, secret partner friendly endeavours with Govts against you, than what some tiny ISP or whoever is doing with a few boxes. And was posted here many times about creating additional trust models and layers for relays, audits metrics and choices

Re: [tor-relays] Congrats to Nullvoid

>> devcpu-data > Luckily, the instances aren’t running on shared boxes, each user runs on > their own XenServer HVM instance, so they have dedicated control of their > own instance. Seem to recall, as with most re Spectre Meltdown FPU Etc, the Xen fixes require pairing of microcode and kernel

Re: [tor-relays] Congrats to Nullvoid

On 8/26/18, nusenu wrote: > Conrad Rockenhaus: >> I just wanted to say congratulations to Nullvoid, who is currently running >> the second fastest exit in France in my colo in Europe. > allowing port 25 on purpose or accidentally? Either way, up to the operator, some do it for the lols. >>

Re: [tor-relays] Cloudflare Onions Beta and Network Stability

On Mon, Aug 20, 2018 at 7:19 PM, Alec Muffett wrote: > Even if Cloudflare onionified a bazillion domain names, there are still only > a few million people who use Tor who could generate the load to connect to > them. And none of those who could, will, because cloudflare will google recaptcha

Re: [tor-relays] Bridge relay setup (was: Re: AS awareness)

>> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#Bridge > > On that page they have "Fast exit relays (>=100 MBit/s)" and "MBit/s (Mbps)". > MB means megabytes I would think. bits are not capitalized. It is Mbit/s or more simply Mbps. And tor is primarily a network tool interfacing

Re: [tor-relays] NTP and tor

> if you can, setup a stratum 1, but... regarding openntpd@freebsd; > https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openntpd-on-freebsd-10-2 The stratum isn't much relavant to tor relay nodes since they're tolerant by design of more offset than any sane sync would

Re: [tor-relays] NTP and tor

ntpd runs fine without listener or with it blocked https://www.ntpsec.org/ http://openntpd.org/ https://wikipedia.org/wiki/Ntpd https://github.com/ioerror/tlsdate/ You can get serviceable time from many sources besides just ntp. Be creative. ___

Re: [tor-relays] Question regarding ethical torrent blocking

If operators are taking flak from their upstream, and they want to carry the traffic for reasons, before giving in and deploying exit policy, see what options are available to SWIP the address space to you and thus eat a lot of the complaints from the internet yourself.

Re: [tor-relays] DSL interruption

5.7 Mbps (power of ten bps is proper network context) and N number of open connections (which you don't show) is enough traffic to lockup incapable hardware like some DSL and other cheap routers and intermediate devices. You first need to determine if the DSL link itself is truly down and for how

Re: [tor-relays] Spam Emails Received From This Mailing List

There's no point in overhead of repeatedly trolling and processing out stale archives when you can get valuable live bodies delivered instantly to your parsers for far less cost and work. There are probably spam subs in Colin's list too, he didn't say which list, what exactly "closed" means, what

Re: [tor-relays] Fwd: Tor Guard Relay

> Yes, it is extremely strange, it arouses my suspicion. Why would they > specifically choose the tor server operator’s list which isn’t going to have > large amounts of people for them to meet to begin with? I am concerned this > might be an attempted attack against the network trying to lure in

Re: [tor-relays] VPNGate Project Exit Node Volunteers / I2P

On Tue, May 22, 2018 at 10:13 AM, Paul wrote: >> For those relay operators who may have extra >> non tor listed IP addresses and want to help >> a related projects / userbase. >> https://geti2p.net/ >> I2P also has an exit proxy function. > > Why is it important to have a "non tor

Re: [tor-relays] Why adding more Nodes won't help?

Paths are driven by the client and unchecked, it's not hard to do. However first you're better off taking a serious look at your threat model, which you've not mentioned at all for anyone to help you qualify it and any potential solutions therein, before turning random knobs in whatever anonymous

Re: [tor-relays] Strange BGP activity with my node

ted by our own NOC team and reverted. > > I hope you can accept our sincere apologies for this issue, we have taken > steps to ensure that any similar mistake will not have such impact in > future. > *snip* > > On Wed, May 9, 2018 at 11:54 AM, grarpamp <grarp...@gmail.com

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

On Sun, May 13, 2018 at 9:34 AM, Paul wrote: > How do i protect against overwriting best in FreeBSD (maybe there could be a > hint on > https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays ) > as well? On FreeBSD, the simple default answer to the OP

Re: [tor-relays] Strange BGP activity with my node

On Wed, May 9, 2018 at 2:06 PM, Trevor Ellermann wrote: > I just a notification from my data center that someone is trying to hijack > the IP of my exit node. Seems like the sort of thing someone might do when > trying to attack Tor. I'm in a very remote area with limited

Re: [tor-relays] DigitalOcean bandwidth billing changes

> Have a look at https://lowendtalk.com/categories/offers they usually have good > offers in various locations. Operators can also post there and webhostingtalk colotalk dslreports and some network operator groups, etc... seeking services. Many have roots and would like to help the various

Re: [tor-relays] Running relays in universities? Exit nodes, perhaps? Please share your experience!

On Tue, Apr 17, 2018 at 1:36 PM, Gunnar Wolf wrote: > > Any help and pointers are welcome! https://lists.torproject.org/pipermail/tor-relays-universities/ https://lists.torproject.org/pipermail/tor-relays/ https://libraryfreedomproject.org/

Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

> https://www.torproject.org/docs/faq#RelayOrBridge In context of the entire wider section beyond the former quote, where 'normal' is implied to be 'non-exit', I'd change one entry... > a normal relay, since we need more exits. to 'an exit relay, since...'

Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

> https://www.torproject.org/docs/faq#RelayOrBridge > > "If you have lots of bandwidth, you should definitely run a normal relay. > If you're willing to be an exit, you should definitely run a normal > relay, since we need more exits. If you can't be an exit and only have a > little bit of

Re: [tor-relays] VPNGate Project Exit Node Volunteers / I2P

hly applicable to them. If you're still confused, search and read their websites and try their apps. On 3/31/18, Quintin <tor-admin@portaltodark.world> wrote: > On Wed, Mar 28, 2018 at 11:53 PM grarpamp <grarp...@gmail.com> wrote: > >> http://www.vpngate.net/ >> >

[tor-relays] VPNGate Project Exit Node Volunteers / I2P

http://www.vpngate.net/ For those relay operators who may have extra non tor listed IP addresses and want to help a related projects / userbase. https://geti2p.net/ I2P also has an exit proxy function. " VPNGate: Free Access to World Knowledge Beyond Government's Firewall. VPN Gate Academic

Re: [tor-relays] How helpful is it to run your own DNS server?

On Fri, Mar 16, 2018 at 12:54 PM, wrote: > I have seen mentions on this list of people using pi-hole and unbound DNS > servers in their setups, and I wondered if others had considered opinions as > to the usefulness of doing this. https://pi-hole.net/

Re: [tor-relays] Hidden service error in log

On Wed, Mar 14, 2018 at 8:51 AM, Gary wrote: > 4l53ozkhv*** Whether tor or you *''d it, 45 bits is insufficient to prevent association in posts, and being v2, can be discovered in full, further, onions can be deanon'd to IP address in time by motivated

Re: [tor-relays] Tor program

> I2P, Gnunet, IPFS, GPG, blockchain, > lots of other networks have relavant > philosophy material. Many of which could make up list of new software packages such places could install as part of such program. Just as they might have libreoffice on windows, or even some easy / volunteer admin,

Re: [tor-relays] Tor program

media.torproject.org youtube library freedom project I2P, Gnunet, IPFS, GPG, blockchain, lots of other networks have relavant philosophy material. ___ tor-relays mailing list tor-relays@lists.torproject.org

Re: [tor-relays] No exit at home !!!

> Use ISP's only for exits. Or you want "fun". Some run exits from home because they have prepared in advance for, and do not mind, or simply enjoy, such free[dom] "fun", and wish to make a point and or cases. They could be considered activists. If not prepared, or in jurisdictions that do not

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

On Wed, Feb 28, 2018 at 10:43 AM, mick <m...@rlogin.net> wrote: > On Tue, 27 Feb 2018 14:47:06 -0500 > grarpamp <grarp...@gmail.com> allegedly wrote: > >> If ovh vps gives root, bypass the fee with: md(4) vnode > geli > >> mount. >> >> Then

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

> I can tell you on OVH, a basic level VPS (one for $5.00/mo) is not encrypted. > If a customer is willing to spend $7.00/mo more for an additional partition, > they will be able to have storage to encrypt the the Tor relay information at > rest. If ovh vps gives root, bypass the fee with: md(4)

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

On Mon, Feb 26, 2018 at 12:21 AM, Conrad Rockenhaus wrote: > I'm more than willing to offer source :D, but I'm just going to make it a > script only project instead based on what seems to be the consensus opinion. > I'm just going to clean up some small things now that

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

On Sun, Feb 25, 2018 at 4:05 PM, George wrote: > However, I'd be wary of an image that I didn't build myself, personally. Yes, especially of image without source [script] (not to diminish such work). FreeBSD is largely reproducible these days, OpenBSD maybe not yet (you'd

Re: [tor-relays] whonix tor-relay - help needed

> it does not make > sense to run a Tor relay in a vm. The value of a limited environment is in case the tor daemon gets exploited. A full vm needed, tor's not an OS, so perhaps not. A static tor in an equivalent of lighter BSD jail, probably a fair balance. A dynamic tor in full access OS [root]

Re: [tor-relays] Experimental DoS mitigation is in tor master

> Applications that use a lot of resources will have to rate-limit themselves. > Otherwise, relays will rate-limit them. It's possible if relays figure that stuff by #2 might not be an attack per se, but could be user activities... that relays might push back on that one by... - Seeking

Re: [tor-relays] High number of simultaneous connections from a single host

Re all the threads on this 'DoS' issue... Netflow analysis is often better for many this type of toplists than netstat / ss and other tools shipped with any given base OS. Even a proper tcpdump / packet filter log can be better. ___ tor-relays mailing

Re: [tor-relays] Experimental DoS mitigation is in tor master

Has #2 been eval regarding onion indexing engines, oniontorrent, etc? They use a lot of resources for agnostic purposes. Censoring them as collateral damage would be bad. ___ tor-relays mailing list tor-relays@lists.torproject.org

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

On Wed, Jan 31, 2018 at 3:08 PM, Vinícius Zavam wrote: > what about those using *only* > PGP key fingerprints as ContactInfo? valid keys, publicly available (with > working email address, and personal info from the admin). > > will these relays be removed from the network,

Re: [tor-relays] How to post to this list

Courier 10pt typeface on A4 letter, or 80x25 displays marginspace etc all common concepts all need hard line wrapping with contextual wrapping and layout in plaintext, as well as few MUA actually soft wrap for display but instead hard wrapping, let alone many webmail mangle beyond 70, many even

Re: [tor-relays] How to post to this list

5) WRAP your lines at around 72 characters long, or set your mailer to do this. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] How to post to this list

1) DO NOT Top Post, backwards it's because that's, reply below what you're replying to. 2) DO NOT Bulk Quote, trim what you're replying to down to the minimum size needed to convey the relavant context. 3) DO NOT Block Reply, piecewise interleave your replies below each piece of context to which

Re: [tor-relays] Combined relay and hidden service, good idea or not?

>> So assuming I just want to run SSH on some port on an .onion on the >> relay, what is the downside there? Just wondering if for that usecase, >> SSH to login remotely on to the relay would still have any disadvantages >> that I missed to consider The relay is on clearnet in consensus, thus

Re: [tor-relays] [tor-dev] Relay diversity master thesis

On Sun, Jan 7, 2018 at 8:29 AM, teor wrote: >> On 22 Dec 2017, at 11:23, Robin Descamps wrote: >> May I ask you advices/feedback about this master thesis plan? >> The master thesis plan: >>

Re: [tor-relays] Fwd: someone is livestreaming a bad exit

> This guy does not seem to understand why his “experimentation” was dangerous. What's more dangerous than some youtube stunt would be foolishly failing to understand that perhaps half the nodes out there could easily be secret experiments, even mass sybil operations, dangerous to the users and

Re: [tor-relays] DoS attacks on multiple relays

> Outbound addresses aren't secret, because they are used for connections. > > Roger has claimed here that some of them are indeed secret in the sense > that their owners do *not* want them to be published > > Then maybe you should respect their wishes? Exactly. Just like bridges that want to

Re: [tor-relays] ISP is aking me to send a selfie holding my identity card

> Sent them their stuff they demanded and 2 days later my > account was restored and they are “fine” with abuse. Because doing KYC and Gestapo on operators over "bad" traffic that you're already not responsible for somehow magically turns it into "good" traffic that you are responsible for. Lol,

Re: [tor-relays] DoS attacks on multiple relays

> [tor project regularly publishes exit addresses] ... Which thankfully not all blockers (censors) use, and equally some relay operators then leverage their anti censorship philosophy into those holes. > I call attention to the fact that the tor project has already decided > against Exit node

Re: [tor-relays] DoS attacks on multiple relays

Furthermore, nodes that think they're being smart and protecting their nodes and the network by filtering out who can access their OR ports... aren't... because - A real attack from clearnet will wipe out significant numbers of the rest of the network leaving their OR's with far fewer left

Re: [tor-relays] DoS attacks on multiple relays

The advantages for tor users against censorship, of operators making some fraction of all exit nodes exit from different addresses than those addresses present in consensus, have been explained many times on this list. It's also been noted that in at least one instance, some exit operators

Re: [tor-relays] Detecting Network Attack [re: exit synflooded]

On Sat, Nov 25, 2017 at 5:15 PM, teor wrote: > need a privacy-preserving aggregation scheme > (Otherwise, anyone who can remotely trigger a rare protocol > violation can find out which relays a client or onion service is using.) The above don't necessarily lead to each

Re: [tor-relays] Detecting Network Attack [re: exit synflooded]

> kernel: nf_conntrack: table full, dropping packet If rules are dropping exit traffic based on other than traffic content, it's very hard to say other users are not adversly affected with the same, likely quite unsophisticated, hammer. And doing it based on content usually comes with major legal

Re: [tor-relays] Detecting Network Attack [re: exit synflooded]

The subject of this new thread is detecting network attack upon tor network / relays itself. You report is users using tor's exits / exit traffic from relays, which would be excluded from such monitoring, most absolutely in any identifiable manner. If the exit traffic bothers you, exitpolicy

[tor-relays] Detecting Network Attack [re: exit synflooded]

On Fri, Nov 24, 2017 at 6:23 PM, wrote: > Was anyone else's exit being synflooded yesterday and today? There could be a combined monitoring array deployed among all nodes that might start to answer these questions. And further alert on all sorts of interesting network attacks

Re: [tor-relays] Exit from Different IP from OR Port

>> The trouble now >> is too many are sites apply blanket bans on Tor exits. > Starting with tor 0.3.0.x if your exit relay has multiple public IP > addresses you can use one of them for exiting only without the need of > an additional VPN (which degrades performance) Depending on setup,

Re: [tor-relays] [tor-dev] Detecting multi-homed exit relays (was: Onion auto-redirects using Alt-Svc HTTP header)

>> Detecting exit nodes is error prone, as you point out. Some exit nodes >> have their traffic exit a different address than their listening >> port. Hey does Exonerator handle these? > > Right. It's not trivial for tor to figure out what exit relays are > multi-homed -- at least not without

Re: [tor-relays] my IP got blocked

>> dnsbl.info used to provide two tor-related lists: (1) all nodes and (2) >> exits. >> Some webmasters could use the first one by mistake. > > https://www.dan.me.uk/dnsbl still does, and some webmasters do use the first > one. Link related to this thread characterizing some blocking...

  1   2   3   4   >