Green,
Thanks for the info. I used iptables once when setting up a VPN, but I just
followed instructions. It's obviously way more intricate than UFW lets on.
Also thanks to Mike for the really good blog post about operational
security. It was really informative.
On Aug 4, 2016 8:49 PM, "Green
P.S. Tristan, here's the explanation from that mailing list... just in case
people can't access the link or it goes away:
"Yes, it has everything to do with those flag bits. For TCP connections,
Linux tends to use a "half-duplex" close sequence where either side of the
session can initiate
On Thu, 4 Aug 2016 20:20:45 -0500
Tristan wrote:
> Any ideas what in-addr.arp is, and why the firewall would block it
> even on allowed ports? I remember seeing this somewhere in the
> Unbound config, but the IP isn't the same, and I didn't set up any of
> the "local
Hey Tristan,
> Any ideas what in-addr.arp is
Yes, this is the standard format for reverse DNS lookups for IPv4 addresses.
I'm not sure what command(s) you were using, but in-addr.arpa is an
expected result (or intermediate step) of doing something like "host
8.8.4.4" on Linux. The IP octets
I didn't look at all of them, but I've been tracing some of the IPs that
have been blocked. Each one I've traced goes back to *.in-addr.arp. Even
more interesting is that some of these connections get blocked, even though
they're incoming on port 443, which allows traffic from anywhere!
Any ideas
On 08/04/2016 05:04 PM, isis agora lovecruft wrote:
> Thanks for running an obfs4 bridge!
Which reminds me... I run an obfs6 bridge, the current status of which
is "Heartbeat: Tor's uptime is 2 days 0:00 hours, with 0 circuits open.
I've sent 1.19 MB and received 23.27 MB," so presumably it's
Tor-Node.net transcribed 1.5K bytes:
> Hi!
>
> I run an obfs4 bridge.
>
> 1) Why is the advertised bandwidth 56.72 KB/s when the relay is on a
> (shared) gigabit connection?
> According to my experiments it should be several MB/s.
>
> 2) Where can I submit my bridges to help people in Iran,
That's my setup as well. My UFW looks like:
To Action From
-- --
80/tcp ALLOW Anywhere
443/tcpALLOW Anywhere
xxx/tcp ALLOW Anywhere
I have my DirPort set
Just finished setting up UFW on my exit node. Outgoing traffic is allowed,
incoming traffic is blocked except for SSH, OrPort, and DirPort. According
to arm, Tor is still getting traffic, but I'm seeing a lot of blocked
incoming connections on random high-numbered ports. Did I do something
wrong?
On 8/3/2016 10:13 PM, Roger Dingledine wrote:
> On Wed, Aug 03, 2016 at 03:29:01PM +0200, t...@as250.net wrote:
>> Absolutely. Most of the infrastructure we provide on that basis and it
>> is ok! The reason for running that exit node was that we believed it
>> would contribute towards a positive
Tristan: yep, I was assuming a non-exit. Although sure, you can block
incoming traffic without affecting outbound traffic with a stateful
firewall like iptables.
___
tor-relays mailing list
tor-relays@lists.torproject.org
I'm assuming this doesn't apply to exit relays? Or is there a way to block
incoming while allowing outgoing?
On Aug 4, 2016 12:27 PM, "Green Dream" wrote:
> - firewall off (deny) everything except DirPort/ORPort/ssh
___
Andrew wrote:
> I've got a spare server for two (freebsd) and I'd like to start
> running TOR relays on them.
>
> Is there any security concerns I need to deal with, or is the ports
> compile + updates good enough to keep my systems decently secure.
>
> I actively monitor the machines, but as
I'd say the normal server hardening precautions apply. Off the top of my
head:
- keep software/packages up to date
- only use public-key authentication for ssh / disable password-based auth
- optionally change the ssh port (it just avoids the worst of the port
scanning / brute force attempts)
-
Haha yes! T-shirts are a good way to start conversations with people who
don't really know what is this "onion" !?
And be proud to wear it ! :p
Registration is open ?!! ;p
Le 04/08/2016 à 17:26, I a écrit :
> Hear Hear, Roger and Petrusko,
>
> Nonetheless, I would like the promised t-shirts
Hear Hear, Roger and Petrusko,
Nonetheless, I would like the promised t-shirts before next year.
Robert
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
gt;
>Content-Type: text/plain; charset="utf-8"
>
>https://trac.torproject.org/projects/tor/ticket/19825
>------ next part --
>An HTML attachment was scrubbed...
>URL:
><http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/19f23f2d
On Thu, 04 Aug 2016, tor relay wrote:
>
> > On August 3, 2016 at 11:51 PM Green Dream wrote:
> >
> > Sorry, I didn't understand that your daemon didn't restart after the
> > upgrade. I ran through the upgrade on 2 relays, and apt started the service
> >
And I think a lot of users doesn't know what is there "behind". As
always in computer's world...
Now I'm able to explain quickly (what I've understood) this network to
some friends/family, who were using Tor a long time ago before I've
started to have fun with contributing a little to the
Hi,
I've got a spare server for two (freebsd) and I'd like to start running TOR
relays on them.
Is there any security concerns I need to deal with, or is the ports compile
+ updates good enough to keep my systems decently secure.
I actively monitor the machines, but as you know, the game is
https://trac.torproject.org/projects/tor/ticket/19825___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
21 matches
Mail list logo