Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Tristan
Green, Thanks for the info. I used iptables once when setting up a VPN, but I just followed instructions. It's obviously way more intricate than UFW lets on. Also thanks to Mike for the really good blog post about operational security. It was really informative. On Aug 4, 2016 8:49 PM, "Green

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Green Dream
P.S. Tristan, here's the explanation from that mailing list... just in case people can't access the link or it goes away: "Yes, it has everything to do with those flag bits. For TCP connections, Linux tends to use a "half-duplex" close sequence where either side of the session can initiate

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Yawning Angel
On Thu, 4 Aug 2016 20:20:45 -0500 Tristan wrote: > Any ideas what in-addr.arp is, and why the firewall would block it > even on allowed ports? I remember seeing this somewhere in the > Unbound config, but the IP isn't the same, and I didn't set up any of > the "local

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Green Dream
Hey Tristan, > Any ideas what in-addr.arp is Yes, this is the standard format for reverse DNS lookups for IPv4 addresses. I'm not sure what command(s) you were using, but in-addr.arpa is an expected result (or intermediate step) of doing something like "host 8.8.4.4" on Linux. The IP octets

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Tristan
I didn't look at all of them, but I've been tracing some of the IPs that have been blocked. Each one I've traced goes back to *.in-addr.arp. Even more interesting is that some of these connections get blocked, even though they're incoming on port 443, which allows traffic from anywhere! Any ideas

Re: [tor-relays] Two bridge relay questions

2016-08-04 Thread Kenneth Freeman
On 08/04/2016 05:04 PM, isis agora lovecruft wrote: > Thanks for running an obfs4 bridge! Which reminds me... I run an obfs6 bridge, the current status of which is "Heartbeat: Tor's uptime is 2 days 0:00 hours, with 0 circuits open. I've sent 1.19 MB and received 23.27 MB," so presumably it's

Re: [tor-relays] Two bridge relay questions

2016-08-04 Thread isis agora lovecruft
Tor-Node.net transcribed 1.5K bytes: > Hi! > > I run an obfs4 bridge. > > 1) Why is the advertised bandwidth 56.72 KB/s when the relay is on a > (shared) gigabit connection? > According to my experiments it should be several MB/s. > > 2) Where can I submit my bridges to help people in Iran,

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Green Dream
That's my setup as well. My UFW looks like: To Action From -- -- 80/tcp ALLOW Anywhere 443/tcpALLOW Anywhere xxx/tcp ALLOW Anywhere I have my DirPort set

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Tristan
Just finished setting up UFW on my exit node. Outgoing traffic is allowed, incoming traffic is blocked except for SSH, OrPort, and DirPort. According to arm, Tor is still getting traffic, but I'm seeing a lot of blocked incoming connections on random high-numbered ports. Did I do something wrong?

Re: [tor-relays] Exit relay funding

2016-08-04 Thread Kurt Besig
On 8/3/2016 10:13 PM, Roger Dingledine wrote: > On Wed, Aug 03, 2016 at 03:29:01PM +0200, t...@as250.net wrote: >> Absolutely. Most of the infrastructure we provide on that basis and it >> is ok! The reason for running that exit node was that we believed it >> would contribute towards a positive

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Green Dream
Tristan: yep, I was assuming a non-exit. Although sure, you can block incoming traffic without affecting outbound traffic with a stateful firewall like iptables. ___ tor-relays mailing list tor-relays@lists.torproject.org

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Tristan
I'm assuming this doesn't apply to exit relays? Or is there a way to block incoming while allowing outgoing? On Aug 4, 2016 12:27 PM, "Green Dream" wrote: > - firewall off (deny) everything except DirPort/ORPort/ssh ___

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Michael McConville
Andrew wrote: > I've got a spare server for two (freebsd) and I'd like to start > running TOR relays on them. > > Is there any security concerns I need to deal with, or is the ports > compile + updates good enough to keep my systems decently secure. > > I actively monitor the machines, but as

Re: [tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Green Dream
I'd say the normal server hardening precautions apply. Off the top of my head: - keep software/packages up to date - only use public-key authentication for ssh / disable password-based auth - optionally change the ssh port (it just avoids the worst of the port scanning / brute force attempts) -

Re: [tor-relays] Exit relay funding

2016-08-04 Thread Petrusko
Haha yes! T-shirts are a good way to start conversations with people who don't really know what is this "onion" !? And be proud to wear it ! :p Registration is open ?!! ;p Le 04/08/2016 à 17:26, I a écrit : > Hear Hear, Roger and Petrusko, > > Nonetheless, I would like the promised t-shirts

Re: [tor-relays] Exit relay funding

2016-08-04 Thread I
Hear Hear, Roger and Petrusko, Nonetheless, I would like the promised t-shirts before next year. Robert ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor-relays Digest, Vol 67, Issue 11

2016-08-04 Thread Flipchan
gt; >Content-Type: text/plain; charset="utf-8" > >https://trac.torproject.org/projects/tor/ticket/19825 >------ next part -- >An HTML attachment was scrubbed... >URL: ><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/19f23f2d

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

2016-08-04 Thread Peter Palfrader
On Thu, 04 Aug 2016, tor relay wrote: > > > On August 3, 2016 at 11:51 PM Green Dream wrote: > > > > Sorry, I didn't understand that your daemon didn't restart after the > > upgrade. I ran through the upgrade on 2 relays, and apt started the service > >

Re: [tor-relays] Exit relay funding

2016-08-04 Thread Petrusko
And I think a lot of users doesn't know what is there "behind". As always in computer's world... Now I'm able to explain quickly (what I've understood) this network to some friends/family, who were using Tor a long time ago before I've started to have fun with contributing a little to the

[tor-relays] Any security tips on running a TOR relay?

2016-08-04 Thread Andrew
Hi, I've got a spare server for two (freebsd) and I'd like to start running TOR relays on them. Is there any security concerns I need to deal with, or is the ports compile + updates good enough to keep my systems decently secure. I actively monitor the machines, but as you know, the game is

Re: [tor-relays] experiences with debian tor 0.2.8.6 package from deb.torproject.org

2016-08-04 Thread tor relay
https://trac.torproject.org/projects/tor/ticket/19825___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays