Hello,
Is it possible to configure a TOR node to have different bandwidth
limits at different times of day and on different days of the week?
Thank you.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi
. It is assumed that passing the traffic
through the private switch isn't a meaningful security concern.
What that means to tor server operators is that if you're using a
vserver where the internals are set up this way, the unencrypted
contents of your disk are likely being exposed to a managed
Likely someone was doing credit card fraud/hacking type stuff and
choosing Tor as the way to connect for it. That stuff is a pain in the
ass for online stores when it happens. Not surprised that outfits
handling online payments don't want Tor connections, and I can't blame
them tbh
them out for backup, try doing
shred on the file first, and then rm. It may help do the deletion
better, depending upon how your vserver
hosting is set up.
On Monday 26/08/2013 at 10:53 pm, Tony Xue wrote:
Hi,
I have been discovering simple and secure way of protecting the Tor
key
long string designating a path
which starts with /tor/server and then has a whole bunch of 40-digit
hexadecimal numbers separated with + signs, and then the whole thing
ends with a single .z. Then the line says I'll try again soon.
.
.
.
On Friday 30/08/2013 at 12:38 pm, Stracci wrote:
I can also
I added a second core to my server and it's still getting Your
computer is too slow... error messages. Top shows cpu for the Tor
process hanging around 60-75%, which is where it was before. Top's
system total is hanging around Cpu(s) 25.9%. That plus the VM
manager's graph suggest
This thread did go goofy and bad (and off-topic, given the subject in
the emails). It seems clear that there are important reasons Tor could
never begin examining/taking direct responsibility for/filtering the
content that flows through it (as opposed with disallowing specific
ports, which
I feel like you are SO missing the point.
Making Tor block morally horrible things does not involve telling exit
notes to block traffic to known porn sites.
The porn sites with the boobies that someone might hit on port 80 on
the public internet represent the Catholic Church of porn
Here is what Top on our Tor relay is doing today:
PID USER PR NI VIRT RES SHR S %CPU %MEMTIMECOMMAND
1163 _tor 20 0 628m 286m 34m R 106.3 15.3 4693:47 tor
Logs filled with:
Sep 03 04:12:20.000 [warn] Your computer is too slow to handle this
many circuit creation
did a service restart on it to bring it back
down.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
IPs, maybe?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
0x6B4D6475
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https
their crypto be
weaker/breakable and their systems easier to hack into. They use the
vulnerabilities they created to their own ends.
As of today, Tor appears to provide privacy, at least as far as the
.onion sites goes. Maybe it even works for it's entire function of
providing anonymous internet
change anything about
that?
It's not all about the method. Thoughts are:
- One way to damage Tor would be to mess things up for exit node
operators either personally or professionally. IMO the less 'they'
know about exit operators, the less damage they can do with that kind
of approach
Reply to the email, say that you found a misconfiguration in your Tor
daemon which could have accounted for this problem and you've repaired
it, and hopefully this problem is resolved for the future.
Put the below as your exit policy in torrc, and I'd stop/start the
service to be sure
# PPTP
How are you getting PPTP to work over Tor? The ISP-supplied modems
i've
seen won't pass IP protocol 47 (GRE) packets without putting the
target
machine in a DMZ.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
contains it.
It's more of a catch all exit policy
, if there were a
| good way to do that.
|
|
|
|
| On Wednesday 30/10/2013 at 6:41 am, Moritz Bartl wrote:
| On 25.10.2013 19:13, krishna e bera wrote:
|
|
| ExitPolicy accept *:1723 # PPTP
| How are you getting PPTP to work over Tor? The ISP-supplied
modems
| i've
| seen won't pass IP
restriction policy in the responses to take-down
demands seems like a good idea.
Robert
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
bandwidth:
http://www.speedtest.net/result/3001260636.png
Thank you for running an exit relay!
I wasn't using my connection for much of anything else and after reading
about Tor in the Snowden files I figured I'd better contribute!
-Jamie M.
___
tor
Here's where top hangs out on Libero. Seems it would be a better
situation if Tor would actually use the second core.
top - 12:05:07 up 5 days, 21:35, 1 user, load average: 0.33, 0.43,
0.34
Tasks: 130 total, 2 running, 128 sleeping, 0 stopped, 0 zombie
Cpu0 : 47.2%us, 21.0%sy, 0.0
.
--
Benjamin Franklin (1706 - 1790), Inventor,
journalist, printer, diplomat, and statesman
Here's where top hangs out on Libero. Seems it would be a better
situation
if Tor would actually use the second core.
top - 12:05:07 up 5 days, 21:35, 1
Hi list,
as I am in the progress of looking for a dedicated box to host a high volume relay on,
as one of my current Tor-VPSs has some TCP limitations so I took it down. After doing
some reasearch, my shortlist came up with OVH. After reading their (awfully translated:
Babelfish French
Grah,
please dont mind the confusing opening. I was kind of distracted ;)
Cheers.
Gesendet:Samstag, 25. Januar 2014 um 16:15 Uhr
Von:t...@gmx.info
An:tor-relays@lists.torproject.org
Betreff:[tor-relays] A little bedtime story about relays and OVH
Hi list,
as I am in the progress
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
i search a working init script for multiple tor instances. I tried it
from https://www.torservers.net/misc/config/initd-tor but that is
broken. Does somebody have a working one?
Thanks for help
-BEGIN PGP SIGNATURE
Johannes Fürmann:
On 02/16/2014 09:55 PM, t...@afo-tm.org wrote:
i search a working init script for multiple tor instances. I tried it
from https://www.torservers.net/misc/config/initd-tor but that is
broken. Does somebody have a working one?
Hi!
I think there's a small typo in there. I
something? what else
to do to be able to connect via tor to ipv6?
Thanks for help
For people that are interestet in that to here the solution.
You have to set on Clients
SocksPort 0.0.0.0:9150 IPv6Traffic PreferIPv6 to make IPV6 work
___
tor-relays
it will take our relays to recover?
I wonder if it is a good idea, or technically feasible, to do a one
time kick-over of something in the Tor network so that the system sees
what the relay flags etc. should be on these emergency-redefined
relays. Certainly if everyone updated at once and the traffic
to this bug. I imagine there are
some
FreeBSD or the like people out there in a similar boat. And Centos
people, etc.
--Roger
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
. The quoted content may be ugly, but it
does not appear to qualify as site or network abuse.
Ch'Gans wrote:
Everything went well so far, until today. Someone, let's call this
person/group A, reported an abuse to Hetzner. A TOR User, B, is
spamming chat/forums with vociferous insults
Are you sure that you want allow port 25 on ipv4 and 6? Can't test it from
here but it looks like you allow all ports on v4 and v6
Am 22.05.2014 09:11 schrieb Adam Brenner a...@aeb.io:
Howdy,
I have setup a Tor exit node and IPv4 appears to work (will get a real
test in the next 48 hours). I
The spam to my own Tor relay operator email address (same one as in
this list) isn't meaningful in volume. I haven't seen any amounts that
a delete key couldn't easily handle.
In my experience, you should be careful with spam filtering, as you
could end up dumping abuse complaints that you
In my experience yes, you should be able to move those files to the
current working directory and it will just work.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Assuming the Tor service is running on a dedicated host, you could use
an SNMP-aware switch and query it with Cacti for graphs on the
switchports, or maybe run an snmpd on the node and use Cacti to build
graphs against the node's ethernet card stats.
http://www.cacti.net . It can also
You somewhat made a mistake here - you've got to have an exit policy
that (minimally) rejects ports 25 and 465, or else your relay becomes
a giant abuse tool for spammers, scammers, and phishers instead of
what you intended it to be (which was a standard-functioning Tor
relay).
You might
, scammers, and phishers instead of
what
you intended it to be (which was a standard-functioning Tor
relay).
You might try telling your ISP that you made a mistake in your
configuration which allowed spam email to go out, and you're
willing
to
correct that error and move forward.
ExitPolicy
Let's not confuse two things, here. The customer wanting to host a Tor
exit relay is a different service request than wanting to run a
wide-open SMTP relay. No reputable ISP would agree to host an open
SMTP relay and I'm sure this one did not knowingly do so.
It would be unfortunate
tor
unfriendly because of this, i run there exits for 2 years on some vps's
without a problem and i hope they don't start killing them now
Am 30.07.2014 14:39 schrieb Lunar lu...@torproject.org:
t...@t-3.net:
You somewhat made a mistake here - you've got to have an exit policy that
(minimally
SPT=10200 DPT=9001 WINDOW=46 RES=0x00 ACK
PSH FIN URGP=0
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
We never had our exit nodes become the targets of DDOS attacks
HOWEVER, we occasionally see abuse complaints due to someone abusing
Tor to DDOS attack other targets. Perhaps that's what you're seeing?
___
tor-relays mailing list
tor-relays
On 10/9/14, 8:21 AM, Eric Hocking wrote:
Hi everyone,
Is there a limit to how many exit nodes we can run?
___ tor-relays mailing
list tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Let me see
Hi,
On Tue, Nov 25, 2014 at 08:58:04PM +0100, tor-ad...@torland.me wrote:
Don't store identity keys on the hard disk. Keep them offliner. Use a ramdisk
for /var/lib/tor/keys/ and copy keys to it via scp before starting your tor
instance. Remove it from the ramdisk after startup. So the keys
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
extra
software, the firewalls can do this.
You also reminded me of a big factor I forgot to mention in the doc:
firewalls.
Hehe no problem.
Thx for putting up with the effort to create such a doc.
--
regards
alex
___
tor-relays mailing list
tor
hi,
just want to note, i am proud to have an german exit node with 11Mbs ..
but also concerned about this raising exit node probability, actually it
reads for me like 1 of 400 tor-users is going through this exit (by
recalculating a exit probability of 0.25 %) - this concerns me because
Thx for your Answer,
i think ive managed to configure the tor service properly,
my concerncs were about how easy it is to get one out of 3-400 Tor users
through your specific exit, and somehow i think this should not be
possible so easy.
so here the Atlas link, where you can see with 10Mbit/s
people.
Gief.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
the exit relays we run
due to someone using Tor to try to exploit remote web server scripts
and databases and the like. I don't think there's anything that can be
done about it? I would say that it's just part of what you get coming
out out of Tor exit nodes.
If anyone else has any better advice feel
relays,
then CBL recorded DanTor, then SpamHaus Zen recorded CBL, which
allowed
OVH to claim 100% of your IPs are blacklisted on multiple lists
when
in reality it was from a guy in the UK who publishes all Tor relays
-
guard, middle, exit - that caused this whole problem for me. Not
one
in this thread.
I'd be curious to know what this checker says about the IP address
that ultimately got this ISPs attention:
http://mxtoolbox.com/blacklists.aspx
I run 2 fast exits with only ports 25 and 465 rejected. I find that
the IPs are in some expected lists that target Tor, plus barracuda
Dear yl,
just a few words from the abuse helpdesk of a larger tor-exit-node...
TL;DR: we ignore those requests. they don't even reach a human.
While we do handle most genuine/honest/helpful and especially all
non-automated abuse reports very diligently. Pointless nagging
services like webiron
Mathewson
<ni...@torproject.org>:
TL;DR: Stable non-exit relays can help tor clients use the Tor
network. Please opt-in!
We want to run a trial of fallback directory mirrors (fallbacks) in
Tor. Tor clients contact fallbacks to download the consensus during
initial bootstrap, before they c
es,
then an upgrade happens. (as september last year)
Other factors probably also play a role. If anyone can contribute their
opinion based on their experience and the publicly available data,
feel free!
Cheers.
_______
tor-relays mailing list
tor-relays@lists.t
as much as a
> > "thank you!" from anyone.
>
> Operating tor nodes is - like operating any
> invisible infrastructure - inherently thankless.
Absolutely. Most of the infrastructure we provide on that basis and it
is ok! The reason for running that exit node was that we bel
On 06.02.17 09:25, nusenu wrote:
The first release with the fix for [1] was in 0.3.0.3-alpha [2].
So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially
increases the tor network's IPv6 exit capacity.
teor and nickm plan a backport for tor 0.2.9.x
[1] https://trac.torproject.org
On 8/02/2017 15:00, Andrew Deason wrote:
> I assume some people will say this isn't even worth the effort; it's not
> like it's hard to just ignore those reports. But it doesn't take much
> effort to just try to talk ot them, and it perhaps helps to give tor a
> reputation of
On 16/02/2017 08:55, tor-ad...@torland.is wrote:
> Hi all,
>
> after 5 years of operation I will shutdown TorLand1
> (https://atlas.torproject.org/#details/E1E922A20AF608728824A620BADC6EFC8CB8C2B8)
>
> on February 17 2017.
Thank you for
This makes no sense. It's good for the network if that
happens and allows diversity.
> Maybe a change in your strategy would make the life of your precious
> and fast relays a bit easier...
I have shut down our "precious and fast relays" recently as we
decided unanimously that th
going to help at all. Tor still isn't optimized for it.
If running on Linux or Unix there are a lot of optimizations to be done. For
Linux, I'd start here: https://www.torservers.net/wiki/setup/server and look at
the "High Bandwidth Tweaks" section._____
ontrol._______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
@Toralf
> Tor serves the "DirPortFrontPage /etc/tor/tor-exit-notice_DE.html" at that
> port
> and I'd like to avoid a slow responsive Tor due to a DDoS at that port.
Tor also provides the directory service on the same port (unless you have it
disabled). How do you know limit
the DirPort on a fallback relay?___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
http://154.35.175.225/ is the directory authority "Faravahar". This error
happens from time to time with this authority. There's nothing for you (the
relay operator) to do about it._______
tor-relays mailing list
tor-relays@lists.torproject
> I'd recommend posting your finding to the sks-devel mailing list ... I'll
> post it in the morning if you like.
Please do if you think it would be helpful. Thanks Paul.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.to
I'm trying to follow the instructions here to install Tor from the official
package repository:
https://www.torproject.org/docs/debian.html.en
On the steps to add the gpg signing key, it doesn't work. It seems something
has changed with the keyserver at keys.gnupg.net:
1) http://keys.gnupg.net
know why there is a SSL mismatch
in the browser, or why you can no longer access the web UI, but it's not as
broken as it looked.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
The files in the repo location we have configured have not changed
recently, and I know that Tor's been updated.
The repo we're configured for is based out of:
https://deb.torproject.org/torproject.org/rpm/el/6/x86_64
___
tor-relays mailing
for reducing the log footprint of a relay? Are
the OS defaults generally sufficient, or do operators need to take additional
steps to preserve user privacy?___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin
You'll lose your uptime, but... don't be ridiculous. It's better to keep Tor
up-to-date. That uptime undoubtedly means you're running an outdated kernel
too, which is not ideal. I think it would be wise to take the hit and update
both.___
tor-relays
ry
traffic go over the ORPort too? Is it safe to disable the DirPort on fallback
relays?_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> What can be known is *how* TOR is being used by setting up studies at exits
> and seeing what kind of services people are connecting to.
Please don't do that, or suggest doing that. Sniffing or inspecting exit
traffic may be illegal in some jurisdictions, and will result in the BadExit
>>> What can be known is *how* TOR is being used by setting up studies at
>>> exits and seeing what kind of services people are connecting to.
>> Please don't do that, or suggest doing that. Sniffing or inspecting exit
>> traffic may be illegal in some
d 5TB per month. They might notice.___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I've suddenly started seeing a lot of these in our exit's logs:
Rejecting INTRODUCE1 on non-OR or non-edge circuit ...
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor
>> On 23 Jun 2017, at 04:57, t...@t-3.net wrote:
>>
>>
>> I've suddenly started seeing a lot of these in our exit's logs:
>>
>> Rejecting INTRODUCE1 on non-OR or non-edge circuit ...….
>
>Did you upgrade the Tor version on your relay recently?
>What a
Here's a recent thread with a good answer:
https://www.mail-archive.com/tor-relays@lists.torproject.org/msg10829.html
The consensus seems to be, since bridges are allocated to users randomly, they
may not see much traffic in some cases.
There's some guidance here:
https://www.torproject.org
> I tried disabling pf and restarting tor. To my surprise, the authorities
> connected to my relay successfully and distributed its information in
> subsequent consensuses!
Haha. This is the least surprising thing I've read all week._______
t
Yes, I'd find that very useful.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> I get about sixty (60) abuse notifications a day and on average eight (8)
> subpoenas a month.
How do you handle the subpoenas?_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listin
> So let me get this straight – Because you don’t agree with the way I’m
> marketing my network I must be malicious and this must be a “social
> engineering” attack? Seriously guys, put away the tin foil hats. I truly
> DON’T want to know what people on tor are browsing.
>
&
> Doesn't a lot of it depend on context anyway?
Yes.
> How can we quantify something like this?
We can't. We don't have all the data. We have to assume the worst and plan
accordingly._______
tor-relays mailing list
tor-relays@lists.torproject.org
.2.9 will help you, anyway.
I'm not sure either. :) I'm getting some mixed messages. 0.2.9.11 has the bug
https://trac.torproject.org/projects/tor/ticket/20059 from my top post, which
was fixed in 0.2.9.12. That package would at least remove the bug from the
equation. You had also mentioned the 0.3.x s
Hi,
I'm troubleshooting a Linux relay where the Tor service is having problems.
External monitoring alerts indicate both the ORPort and DirPort are unreachable
(TCP connection timeout). I can ssh in and the Tor service is still running.
The node seems to have increased memory usage
from kernel
upgrades, there's no recent changes. Maybe it's just busier than usual now.
I'll keep digging. Thanks for the feedback!___________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> There's a bug in 0.3.0 and later that causes clients to fetch
> microdescriptors from fallbacks. So fallbacks (and authorities)
> will have extra load until that's fixed.
>
> https://trac.torproject.org/projects/tor/ticket/23862
Makes sense. The relay can't keep up with the e
yond looking in the Tor logs
and syslog would be appreciated.
> There's 0.2.9 nightly, but I don't know if we have an 0.2.9-release build.
Yeah, unfortunately I could not find a 0.2.9.12 dpkg. I did find a deb, but it
wouldn't install due to mismatched dependencies. I was able to get 0.2.9.12
A 200px purple banner with a Schneier quote at the top of every page?
Seriously? What a hideous waste of space. Can anyone explain how this UI
element is helpful to users? It's awful.___
tor-relays mailing list
tor-relays@lists.torproject.org
https
Using the Tor Browser must have been a joke, because your traffic will route
through the exit nodes, and those exit IPs will presumably be on the same
blacklists.
I'd recommend you don't run a relay at home. Switch it to a bridge. Bridge IP
addresses are (usually) not published and thus
course of action for this sort of thing
would be within Tor itself. I don't know that it was a single client
connection into Tor that was causing all this trouble, but maybe it
was. One would think that one client should not be allowed to do
something so severe with the TCP that it can single
I went and added a reject for exit to port and HUPed the process.
Maybe this is the fix! :)
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
munged>: SYN_SENT
Port is supposedly opened up for listen by a virus.
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
://www.globalcyberalliance.org/community-partners.html#partner-industries
This leaves many unanswered questions. What criteria is used to define
"malicious" traffic? Who gets to add domains to the blacklist? Etc.
_______
tor-relays mailing list
continually vary -
it never hits multiple destinations on 1 port, and it does not hit
multiple ports on 1 host. I presume it is an attack that is intended
to degrade this relay's service quality, or otherwise more broadly,
degrade Tor.
I'm going to reject a few more trojan listen ports, it might
, it's going to be mainly complaints about attempts.
I feel like a short notification should be all you need and you're
done with responses to stuff like that, such as:
Hi ,
That is the Tor exit router we host. https://www.torproject.org .
Unfortunately, bad actors sometimes misuse Tor for things
>I am getting this too, I saw this the logs a few months ago and didn't think
>anything of it.
I wouldn't worry about it. Faravahar has a long history of misbehavior:
https://lists.torproject.org/pipermail/tor-relays/2015-November/008097.html
https://lists.torproject.org/pipermail/tor-
ay that's still up?
_______
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
l probably fix it. You'll need to trigger Tor to re-upload
its descriptor too. A restart of the Tor service will do it (although there may
be a better way). I've noticed similar issues before with Atlas holding on to
old nodes until that's done.
Cheers.
_________
https://www.twitch.tv/sp00k13z
https://twitter.com/notdan/status/941116413070270465
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
+1, thanks for working on IPv6!
Just curious and didn't see an answer on the roadmap -- do bandwidth authority
measurements ever happen over IPv6?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin
1 - 100 of 976 matches
Mail list logo