Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.

2016-10-11 Thread Markus Koch 
tldr: epic quest chain, this ISP item must be orange.

2016-10-11 10:53 GMT+02:00 Moritz Bartl :
> On 10/11/2016 12:51 AM, Kenneth Freeman wrote:
> I set up my own ISP (AS28715) so I could run Tor exits etc without any
> trouble.
 Could you share a bit more about what is involved in doing that?
>>> I'd also be very interested in learning more about setting up an ISP
>>> for Tor. Is it a non-profit? How many man hours did it take (roughly)
>>> to get the structure in place? How much money (roughly) did it take?
>>> How much legal consultation did it require to setup?
>> I'm intrigued by this myself.
>
> There are different phases or activities one might consider being part
> of "creating an ISP".
>
> Legally, you "create an ISP" by operating a Tor exit relay.
>
> As always, for exit relays, I strongly urge people to get listed in the
> WHOIS of the respective IP range, especially as abuse contact. As soon
> as you're listed there, a lot more people will regard you as "the ISP".
>
> In theory it does not matter what type of legal entity is listed there;
> I know of hosting providers run by single individuals without another
> legal entity "around them", and it works just fine. Still, in many
> cases, if they see the name of an individual, they will more likely
> assume that you might be the culprit, than if it just lists an
> incorporated entity.
>
> Then, the next step is to get your own Autonomous System Number. Quite a
> number of complaints don't go to the abuse contact listed in the IP
> range, but directly to the "upstream" Autonomous System operator. You
> "catch" these types of complaints by registering your own, and your own
> IP space. Then, the hunt for "exit friendly hosters" turns into a hunt
> for ISPs that will announce your IP space and your ASN.
>
> In most jurisdictions, you do not register "common carrier-type"
> activities with the government; you have to register Internet _access_
> providers in certain jurisdictions (eg. Germany), but you do not _want_
> to be an _access_ provider with your exit relays.
>
> To get an Autonomous System Number and IP space, the place to go to
> depends on _your_ jurisdiction: ARIN (US/CAN), RIPE (EU), APNIC (Asia),
> LANIC (Latin America), AFRINIC (Africa); IP ranges and ASNs can then be
> announced by any hosting provider.
>
> For examples, see
> https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE
>
> --
> Moritz Bartl
> https://www.torservers.net/
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.

2016-10-11 Thread Kurt Besig 
On 10/11/2016 1:53 AM, Moritz Bartl wrote:
> On 10/11/2016 12:51 AM, Kenneth Freeman wrote:
> I set up my own ISP (AS28715) so I could run Tor exits etc without any
> trouble.
 Could you share a bit more about what is involved in doing that?
>>> I'd also be very interested in learning more about setting up an ISP
>>> for Tor. Is it a non-profit? How many man hours did it take (roughly)
>>> to get the structure in place? How much money (roughly) did it take?
>>> How much legal consultation did it require to setup?
>> I'm intrigued by this myself.
> 
> There are different phases or activities one might consider being part
> of "creating an ISP".
> 
> Legally, you "create an ISP" by operating a Tor exit relay.
> 
> As always, for exit relays, I strongly urge people to get listed in the
> WHOIS of the respective IP range, especially as abuse contact. As soon
> as you're listed there, a lot more people will regard you as "the ISP".
> 
> In theory it does not matter what type of legal entity is listed there;
> I know of hosting providers run by single individuals without another
> legal entity "around them", and it works just fine. Still, in many
> cases, if they see the name of an individual, they will more likely
> assume that you might be the culprit, than if it just lists an
> incorporated entity.
> 
> Then, the next step is to get your own Autonomous System Number. Quite a
> number of complaints don't go to the abuse contact listed in the IP
> range, but directly to the "upstream" Autonomous System operator. You
> "catch" these types of complaints by registering your own, and your own
> IP space. Then, the hunt for "exit friendly hosters" turns into a hunt
> for ISPs that will announce your IP space and your ASN.
> 
> In most jurisdictions, you do not register "common carrier-type"
> activities with the government; you have to register Internet _access_
> providers in certain jurisdictions (eg. Germany), but you do not _want_
> to be an _access_ provider with your exit relays.
> 
> To get an Autonomous System Number and IP space, the place to go to
> depends on _your_ jurisdiction: ARIN (US/CAN), RIPE (EU), APNIC (Asia),
> LANIC (Latin America), AFRINIC (Africa); IP ranges and ASNs can then be
> announced by any hosting provider.
> 
> For examples, see
> https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE
> 
Thanks for those insights, very useful and interesting.



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] monitoring the relay : zabbix?

2016-10-11 Thread Ralph Seichter 
> How do you monitor the tor relay server and the relay itself, on a
> remote box?

Since I already had an Icinga server installation in place, adding a
few extra checks to remotely monitor Tor node ports (OR, Dir, and SSH)
was simple. Also, some ISPs offer simple monitoring for their customers.

-Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] monitoring the relay : zabbix?

2016-10-11 Thread Green Dream 
> How do you monitor the tor relay server and the relay itself, on a remote
> box?


I like https://www.statuscake.com/ for this and their free plan is
sufficient. I'm not affiliated with them, I just like the service. It
constantly checks for a response from both the Dir and OR ports of my
relays, using monitoring endpoints around the world, and notifies me
of downtime. It also has a nice feature where it can look for a
specific response from the Dir port (i.e, parse
http://relay1.example.com/tor/server/authority and make sure the
fingerprint matches).
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] RPi Relay Maximum Speed

2016-10-11 Thread Manny 

Hello everyone

I tried the Internet of things to get an answer, but either I'm too 
stupid to find it or it isnt there (haha, good joke)


Sorry if this was asked a 100 times before...

I have a 1gbit symmetric connection at home and would like to donate 
100mbit with my raspberry pi 3 model b. Since it has a 100mbit Network 
Interface, I'm limited to that anyways.


What Settings do I Need in my torcc to get the Maximum Speed? At the 
Moment I entered 12 Mbytes - which Shows up at 96 mb/s in Arm - is that 
correct and my understanding of things is just the opposite?

Max Speed, I think, should be 12.7mb/s for a 100mbit Connection?

Sorry for bothering and thanks for the pointers.

Oh and since I'm bugging you anyways - would it be useful to add ORPort 
[IPv6] as well? (same port as for 4 i guess?)

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] RPi Relay Maximum Speed

2016-10-11 Thread Roman Mamedov 
On Wed, 12 Oct 2016 07:18:56 +0200
Manny  wrote:

> I have a 1gbit symmetric connection at home and would like to donate 
> 100mbit with my raspberry pi 3 model b. Since it has a 100mbit Network 
> Interface, I'm limited to that anyways.
> 
> What Settings do I Need in my torcc to get the Maximum Speed? At the 
> Moment I entered 12 Mbytes - which Shows up at 96 mb/s in Arm - is that 
> correct and my understanding of things is just the opposite?
> Max Speed, I think, should be 12.7mb/s for a 100mbit Connection?

mb is not a thing that exists;
Mb is megabits: https://en.wikipedia.org/wiki/Megabit
MB is megabytes: https://en.wikipedia.org/wiki/Megabyte

What you entered in torrc is currently correct. But since your board has a 100
Mbit interface anyway, it would be better if you just omit the bandwidth limit
line entirely.

Also, actually hit anything remotely close to 100 Mbit, you'll absolutely have
to run two instances of Tor. The Raspberry Pi 3 has 4 CPU cores, but each core
on its own is not very fast. One copy of Tor only uses about 1 to 1.3 cores,
so to fully utilize your hardware you need more than one. Ideally you'd set up
four, but the Tor network will only accept two running from the same IPv4
address. It appears that these days there's a built-in script for that, see
"man tor-instance-create".

-- 
With respect,
Roman


pgpQtu3MAwnb9.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.

2016-10-11 Thread Moritz Bartl 
On 10/11/2016 12:51 AM, Kenneth Freeman wrote:
 I set up my own ISP (AS28715) so I could run Tor exits etc without any
 trouble.
>>> Could you share a bit more about what is involved in doing that?
>> I'd also be very interested in learning more about setting up an ISP
>> for Tor. Is it a non-profit? How many man hours did it take (roughly)
>> to get the structure in place? How much money (roughly) did it take?
>> How much legal consultation did it require to setup?
> I'm intrigued by this myself.

There are different phases or activities one might consider being part
of "creating an ISP".

Legally, you "create an ISP" by operating a Tor exit relay.

As always, for exit relays, I strongly urge people to get listed in the
WHOIS of the respective IP range, especially as abuse contact. As soon
as you're listed there, a lot more people will regard you as "the ISP".

In theory it does not matter what type of legal entity is listed there;
I know of hosting providers run by single individuals without another
legal entity "around them", and it works just fine. Still, in many
cases, if they see the name of an individual, they will more likely
assume that you might be the culprit, than if it just lists an
incorporated entity.

Then, the next step is to get your own Autonomous System Number. Quite a
number of complaints don't go to the abuse contact listed in the IP
range, but directly to the "upstream" Autonomous System operator. You
"catch" these types of complaints by registering your own, and your own
IP space. Then, the hunt for "exit friendly hosters" turns into a hunt
for ISPs that will announce your IP space and your ASN.

In most jurisdictions, you do not register "common carrier-type"
activities with the government; you have to register Internet _access_
providers in certain jurisdictions (eg. Germany), but you do not _want_
to be an _access_ provider with your exit relays.

To get an Autonomous System Number and IP space, the place to go to
depends on _your_ jurisdiction: ARIN (US/CAN), RIPE (EU), APNIC (Asia),
LANIC (Latin America), AFRINIC (Africa); IP ranges and ASNs can then be
announced by any hosting provider.

For examples, see
https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays