Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.
tldr: epic quest chain, this ISP item must be orange. 2016-10-11 10:53 GMT+02:00 Moritz Bartl: > On 10/11/2016 12:51 AM, Kenneth Freeman wrote: > I set up my own ISP (AS28715) so I could run Tor exits etc without any > trouble. Could you share a bit more about what is involved in doing that? >>> I'd also be very interested in learning more about setting up an ISP >>> for Tor. Is it a non-profit? How many man hours did it take (roughly) >>> to get the structure in place? How much money (roughly) did it take? >>> How much legal consultation did it require to setup? >> I'm intrigued by this myself. > > There are different phases or activities one might consider being part > of "creating an ISP". > > Legally, you "create an ISP" by operating a Tor exit relay. > > As always, for exit relays, I strongly urge people to get listed in the > WHOIS of the respective IP range, especially as abuse contact. As soon > as you're listed there, a lot more people will regard you as "the ISP". > > In theory it does not matter what type of legal entity is listed there; > I know of hosting providers run by single individuals without another > legal entity "around them", and it works just fine. Still, in many > cases, if they see the name of an individual, they will more likely > assume that you might be the culprit, than if it just lists an > incorporated entity. > > Then, the next step is to get your own Autonomous System Number. Quite a > number of complaints don't go to the abuse contact listed in the IP > range, but directly to the "upstream" Autonomous System operator. You > "catch" these types of complaints by registering your own, and your own > IP space. Then, the hunt for "exit friendly hosters" turns into a hunt > for ISPs that will announce your IP space and your ASN. > > In most jurisdictions, you do not register "common carrier-type" > activities with the government; you have to register Internet _access_ > providers in certain jurisdictions (eg. Germany), but you do not _want_ > to be an _access_ provider with your exit relays. > > To get an Autonomous System Number and IP space, the place to go to > depends on _your_ jurisdiction: ARIN (US/CAN), RIPE (EU), APNIC (Asia), > LANIC (Latin America), AFRINIC (Africa); IP ranges and ASNs can then be > announced by any hosting provider. > > For examples, see > https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE > > -- > Moritz Bartl > https://www.torservers.net/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.
On 10/11/2016 1:53 AM, Moritz Bartl wrote: > On 10/11/2016 12:51 AM, Kenneth Freeman wrote: > I set up my own ISP (AS28715) so I could run Tor exits etc without any > trouble. Could you share a bit more about what is involved in doing that? >>> I'd also be very interested in learning more about setting up an ISP >>> for Tor. Is it a non-profit? How many man hours did it take (roughly) >>> to get the structure in place? How much money (roughly) did it take? >>> How much legal consultation did it require to setup? >> I'm intrigued by this myself. > > There are different phases or activities one might consider being part > of "creating an ISP". > > Legally, you "create an ISP" by operating a Tor exit relay. > > As always, for exit relays, I strongly urge people to get listed in the > WHOIS of the respective IP range, especially as abuse contact. As soon > as you're listed there, a lot more people will regard you as "the ISP". > > In theory it does not matter what type of legal entity is listed there; > I know of hosting providers run by single individuals without another > legal entity "around them", and it works just fine. Still, in many > cases, if they see the name of an individual, they will more likely > assume that you might be the culprit, than if it just lists an > incorporated entity. > > Then, the next step is to get your own Autonomous System Number. Quite a > number of complaints don't go to the abuse contact listed in the IP > range, but directly to the "upstream" Autonomous System operator. You > "catch" these types of complaints by registering your own, and your own > IP space. Then, the hunt for "exit friendly hosters" turns into a hunt > for ISPs that will announce your IP space and your ASN. > > In most jurisdictions, you do not register "common carrier-type" > activities with the government; you have to register Internet _access_ > providers in certain jurisdictions (eg. Germany), but you do not _want_ > to be an _access_ provider with your exit relays. > > To get an Autonomous System Number and IP space, the place to go to > depends on _your_ jurisdiction: ARIN (US/CAN), RIPE (EU), APNIC (Asia), > LANIC (Latin America), AFRINIC (Africa); IP ranges and ASNs can then be > announced by any hosting provider. > > For examples, see > https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE > Thanks for those insights, very useful and interesting. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] monitoring the relay : zabbix?
> How do you monitor the tor relay server and the relay itself, on a > remote box? Since I already had an Icinga server installation in place, adding a few extra checks to remotely monitor Tor node ports (OR, Dir, and SSH) was simple. Also, some ISPs offer simple monitoring for their customers. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] monitoring the relay : zabbix?
> How do you monitor the tor relay server and the relay itself, on a remote > box? I like https://www.statuscake.com/ for this and their free plan is sufficient. I'm not affiliated with them, I just like the service. It constantly checks for a response from both the Dir and OR ports of my relays, using monitoring endpoints around the world, and notifies me of downtime. It also has a nice feature where it can look for a specific response from the Dir port (i.e, parse http://relay1.example.com/tor/server/authority and make sure the fingerprint matches). ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] RPi Relay Maximum Speed
Hello everyone I tried the Internet of things to get an answer, but either I'm too stupid to find it or it isnt there (haha, good joke) Sorry if this was asked a 100 times before... I have a 1gbit symmetric connection at home and would like to donate 100mbit with my raspberry pi 3 model b. Since it has a 100mbit Network Interface, I'm limited to that anyways. What Settings do I Need in my torcc to get the Maximum Speed? At the Moment I entered 12 Mbytes - which Shows up at 96 mb/s in Arm - is that correct and my understanding of things is just the opposite? Max Speed, I think, should be 12.7mb/s for a 100mbit Connection? Sorry for bothering and thanks for the pointers. Oh and since I'm bugging you anyways - would it be useful to add ORPort [IPv6] as well? (same port as for 4 i guess?) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] RPi Relay Maximum Speed
On Wed, 12 Oct 2016 07:18:56 +0200 Mannywrote: > I have a 1gbit symmetric connection at home and would like to donate > 100mbit with my raspberry pi 3 model b. Since it has a 100mbit Network > Interface, I'm limited to that anyways. > > What Settings do I Need in my torcc to get the Maximum Speed? At the > Moment I entered 12 Mbytes - which Shows up at 96 mb/s in Arm - is that > correct and my understanding of things is just the opposite? > Max Speed, I think, should be 12.7mb/s for a 100mbit Connection? mb is not a thing that exists; Mb is megabits: https://en.wikipedia.org/wiki/Megabit MB is megabytes: https://en.wikipedia.org/wiki/Megabyte What you entered in torrc is currently correct. But since your board has a 100 Mbit interface anyway, it would be better if you just omit the bandwidth limit line entirely. Also, actually hit anything remotely close to 100 Mbit, you'll absolutely have to run two instances of Tor. The Raspberry Pi 3 has 4 CPU cores, but each core on its own is not very fast. One copy of Tor only uses about 1 to 1.3 cores, so to fully utilize your hardware you need more than one. Ideally you'd set up four, but the Tor network will only accept two running from the same IPv4 address. It appears that these days there's a built-in script for that, see "man tor-instance-create". -- With respect, Roman pgpQtu3MAwnb9.pgp Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.
On 10/11/2016 12:51 AM, Kenneth Freeman wrote: I set up my own ISP (AS28715) so I could run Tor exits etc without any trouble. >>> Could you share a bit more about what is involved in doing that? >> I'd also be very interested in learning more about setting up an ISP >> for Tor. Is it a non-profit? How many man hours did it take (roughly) >> to get the structure in place? How much money (roughly) did it take? >> How much legal consultation did it require to setup? > I'm intrigued by this myself. There are different phases or activities one might consider being part of "creating an ISP". Legally, you "create an ISP" by operating a Tor exit relay. As always, for exit relays, I strongly urge people to get listed in the WHOIS of the respective IP range, especially as abuse contact. As soon as you're listed there, a lot more people will regard you as "the ISP". In theory it does not matter what type of legal entity is listed there; I know of hosting providers run by single individuals without another legal entity "around them", and it works just fine. Still, in many cases, if they see the name of an individual, they will more likely assume that you might be the culprit, than if it just lists an incorporated entity. Then, the next step is to get your own Autonomous System Number. Quite a number of complaints don't go to the abuse contact listed in the IP range, but directly to the "upstream" Autonomous System operator. You "catch" these types of complaints by registering your own, and your own IP space. Then, the hunt for "exit friendly hosters" turns into a hunt for ISPs that will announce your IP space and your ASN. In most jurisdictions, you do not register "common carrier-type" activities with the government; you have to register Internet _access_ providers in certain jurisdictions (eg. Germany), but you do not _want_ to be an _access_ provider with your exit relays. To get an Autonomous System Number and IP space, the place to go to depends on _your_ jurisdiction: ARIN (US/CAN), RIPE (EU), APNIC (Asia), LANIC (Latin America), AFRINIC (Africa); IP ranges and ASNs can then be announced by any hosting provider. For examples, see https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays