You're seriously going to play the "be polite" card after this entire
thread happened? I give up.
Fuck this, unsubscribed. If you need me, I'll be hiding in my cold dark
corner.
On Dec 7, 2016 10:02 AM, "Ralph Seichter" wrote:
On 07.12.16 15:44, Tristan wrote:
&
This is exactly why I use Tor.
I imagine a lot of people use Tor to bypass network restrictions, like
school/University firewalls or counties like China and Pakistan.
On Dec 7, 2016 9:11 AM, "heartsucker" wrote:
> As one of the Tor users who connects to services where I have to use my
> real na
Stop it, both of you. This is not the place for a flame war. If this were a
forum, the topic would be locked.
Can we just have a normal conversation and get back to what this mailing
list is actually used for?
On Dec 7, 2016 5:29 AM, "Rana" wrote:
There's an alternative interpretation but ment
Again, bits or bytes. I can't believe I'm repeating myself, don't you
people read?
The ORIGINAL (version 1) Raspberry Pi had a max of 1 MegaBYTE.
1 MegaBYTE = 8 megaBITS
Obviously other factors limit performance, but looking at just the maximum
network capacity of a Raspberry Pi 1, it could hand
Again, bits or bytes? If the original Raspberry Pi can push 1MByte, that's
8Mbits, so you could get 4Mbits both ways.
On Dec 5, 2016 9:08 AM, "Duncan Guthrie" wrote:
> On 04.12.2016 22:35, Tristan wrote:
>
>> Perhaps this IS in fact normal. I ran a Tor relay on a Rasp
Perhaps this IS in fact normal. I ran a Tor relay on a Raspberry Pi for a
while. My speed was about 1Mbps max, similar to your 1.5Mbps. I saw minimal
traffic, and the consensus weight never went above 20.
I'm not running a relay at home anymore because of the slow speeds. The
configuration guide m
There isn't.
On Dec 4, 2016 12:50 PM, "Rana" wrote:
Since when is there a requirement for a relay operator to have "programming
skills"?
-Original Message-
From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf
Of Ralph Seichter
Sent: Sunday, December 04, 2016 8:40
If that happens, many people won't be able to run a middle relay at home.
Nobody in my neighborhood has an IPV6 address, and none of the WiFi spots
in town have one either.
IPV6 just isn't used wisely enough. If any change happens, it should be
*can* have just IPV6, and *can* have IPV4.
On Nov 27
They obviously don't know what they're doing since they "aren't checking
the reject policy" on your non-exit relay. Hopefully they'll sort it out.
Netflix had the same thing for a while.
On Nov 26, 2016 2:55 PM, "fr33d0m4all" wrote:
> Hi,
> I just want to share my recent time experience with Vod
Relay=smtpin.rzone.de
Client CN is *.smtp.rzone.de
Maybe just a syntax error using smtpin instead of smtp?
On Nov 23, 2016 2:06 AM, "teor" wrote:
>
> > On 23 Nov. 2016, at 18:25, Berta Gieselbusch
> wrote:
> >
> > Good morning,
> >
> >
> > I've setup my first relay. Until now everything seems
Unfortunately, only a small portion of the world is IPV6 capable:
https://www.google.com/intl/en/ipv6/statistics.html
IPV6 isn't backwards compatible, so literally every hop, skip, and jump on
the Internet would need to be upgraded to support it. Many ISPs find it
much easier and cheaper to just r
It's still valid for a learning experience. Plus if you mess up the
configuration or something, you won't disrupt as many users.
On Nov 4, 2016 2:29 AM, "Univibe" wrote:
> > He's running a relay because what he believe and it's fun
> > without hurting nobody.
>
> Until some poor sap actually get
Wow this is confusing. If I'm understanding this correctly, 0.0.0.0/24
would mean any address from 0.0.0.0 to 0.0.0.255, correct?
On Nov 1, 2016 10:01 AM, "Tristan" wrote:
> So what mask would I use then? I've been trying to wrap my head around it,
> but I just don&#
So what mask would I use then? I've been trying to wrap my head around it,
but I just don't understand what /24 means, or how it's different from /27
or any other number.
On Nov 1, 2016 9:58 AM, "teor" wrote:
>
> > On 2 Nov. 2016, at 01:54, SuperSluether wrote:
> >
> > So, I tried putting the I
Is it possible to block domain names in Tor's ExitPolicy? I've been getting
abuses on *.panelboxmanager.com, and I'd like to be proactive about this if
possible.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-
Rebooting also makes sure updates are applied correctly. If a shared
library updates, the old version is still in use until whatever program
using it stops, and the new version is loaded on the next run.
On Oct 23, 2016 10:07 PM, "Duncan Guthrie" wrote:
> Hi folks,
>
> I think this is a very ext
ct 22, 2016 8:26 PM, "Jesse V" wrote:
> On 10/22/2016 08:02 PM, Tristan wrote:
> > Would it be acceptable to configure unattended-upgrades to automatically
> > reboot the system when required? I already have it configured to check
> > for and install all updates
Would it be acceptable to configure unattended-upgrades to automatically
reboot the system when required? I already have it configured to check for
and install all updates to Ubuntu and Tor once a day, but I still need to
manually reboot to apply kernel upgrades.
On Sat, Oct 22, 2016 at 6:26 PM, P
And?
Honestly, the way people create names and websites for these things, you'd
think it's a fund-raiser for something, not a critical security bug.
On Fri, Oct 21, 2016 at 5:22 PM, I wrote:
> Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the
> Linux Kernel
>
> http://dir
Wouldn't it just be easier to use Tails?
On Oct 21, 2016 7:08 AM, "Dan Michaels" wrote:
> The Tor Project website recommends various security setups for people
> running Tor relays.
>
> Such as, don't run a web browser on the same machine as your Tor relay,
> otherwise the browser could get hack
k you very much for helping me out. It was
confusing without end because this server was up for 10 months and
high traffic.
Markus
2016-10-18 20:30 GMT+02:00 Tristan :
> According to this page:
> https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
>
> Looks like yo
uot;Markus Koch" wrote:
> Thank you very much. How do I dispute this?
>
>
> 2016-10-18 20:20 GMT+02:00 Tristan :
> > I don't know why or how, but you've got the BadExit flag from moria1:
> > https://consensus-health.torproject.org/consensus-health.html
atlas.torproject.org/#details/B771AA877687F88E6F1CA5354756DF
> 6C8A7B6B24
>
> and I have never ever seen this before.
>
> Markus
>
>
> 2016-10-18 20:13 GMT+02:00 Tristan :
> > I've seen 404s from time to time, but this is new. Did you get a bad
> relay
> > flag somehow???
> &g
I've seen 404s from time to time, but this is new. Did you get a bad relay
flag somehow???
On Oct 18, 2016 1:12 PM, "Markus Koch" wrote:
> 20:08:18 [WARN] Received http status code 404 ("Not found") from
> server '86.59.21.38:80' while fetching
> "/tor/keys/fp-sk/14C131DFC5C6F93646BE72FA1401C02
"Windows" and "Tor relay" don't really go together.
On Oct 17, 2016 8:47 AM, "Petrusko" wrote:
> RPi 2/3 if I'm not wrong are around 3 Watts (fanless)
> An old P4... For sure it's not lower than 60 Watts power consumption
>
> And if he wants to run only a Tor relay, advantage to have Windows OS
I believe the 2 and 3 are the same price as the 1 though. At any rate, you
should probably compile the latest Tor from source if you can't use the
official repository.
On Oct 16, 2016 5:12 PM, "diffusae" wrote:
> The RPi is good to use as relay with your requirement. You can expect a
> total tra
ho" has made those DNS queries looks
> like difficult ? (I'm not an expert on hacking :p )
>
>
> 16/10/2016 21:28, Tristan :
> > Unbound does cache DNS entries, but there was also serious discussion
> > about whether or not the cache is a privacy risk/anonymity leak,
Unbound does cache DNS entries, but there was also serious discussion about
whether or not the cache is a privacy risk/anonymity leak, but I feel it's
worth the trade-off since public DNS servers do the same thing.
On Sun, Oct 16, 2016 at 2:23 PM, Petrusko wrote:
> Humm, I've not checked on the
The Raspberry Pi 2 runs Tor just fine, but I have no idea what speeds you
can expect since my upload is only 1Mbps. I was using Raspbian Jessie with
the official Tor repos. Once everything was installed and set up, the
system could literally just sit on a shelf with power and ethernet and be
comple
Maybe Tor could at least warn you when you're not using a local resolver?
On Oct 16, 2016 7:50 AM, "Ralph Seichter" wrote:
> On 16.10.16 14:33, Tom van der Woerdt wrote:
>
> > Why doesn't Tor just link with a dns recursor, instead of relying on
> > the user to get the configuration right?
>
> It
It's not technically required when setting up Tor, so I think a lot of
people just forget about it. When I set up an exit relay, I knew I was
supposed to run a local DNS server, but I completely forgot to install it
until about a month later when the topic appeared in this list.
The other problem
>
> So he has 200 mbit on a fast ethernet port.
>
> Sent from my iPad
>
> On 12 Oct 2016, at 14:20, Tristan wrote:
>
> Remember, a relay has to download and upload as well, so your 100Mbps link
> would really only be able to _relay_ at 50Mbps anyway.
>
> On Oct 12,
Remember, a relay has to download and upload as well, so your 100Mbps link
would really only be able to _relay_ at 50Mbps anyway.
On Oct 12, 2016 4:17 AM, "Farid Joubbi" wrote:
> The hardware in your raspberry is way too weak to be able to push 100
> Mbit/s.
>
> My guess is that Atlas will show
True, but slowing them down could still be useful.
At any rate, Suricata is a no-go for low-end relays that only have 500MB of
RAM. It just hammers the pagefile.
On Sat, Oct 8, 2016 at 7:00 PM, Markus Koch
wrote:
> Would not help. These are bots, you can slow them down but this will
> not stop
I can't believe people are still whining about t-shirts. It's a freaking
t-shirt.
On Sat, Oct 8, 2016 at 6:16 PM, teor wrote:
>
> > On 8 Oct 2016, at 06:15, I wrote:
> >
> > Nothing you do actually gets you a tshirt.
> > The knowledge that you qualified for a tshirt is your only badge of
> hono
This page has 3 policies: Reduce exit policy, reduced-reduced exit policy,
and a lightweight example policy.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On Oct 7, 2016 5:01 PM, "Markus Koch" wrote:
> reduced-reduced exit policy. ?
>
> Illuminate me, pls.
>
> Markus
> ___
Guess I'm next. My relay has been running for 3 months now. I'm doing my
best to be a good neighbor though. After the first month, I got an SSH
abuse, so now I reject SSH traffic. A month later I got an SQL hack
attempt, and I switched to the reduced-reduced exit policy. Haven't gotten
anything els
It's very normal for exit relays to pick up *much *more traffic than middle
or guard. Because exit relays have to deal with the abuse complaints of Tor
users, there are much fewer exit relays than middle and guard:
http://rougmnvswfsmd4dq.onion/relayflags.html
Even though there is plenty of bandwi
I just checked the logs on my exit, the only warnings I have are the usual "
127.0.0.1:53 is down, All DNS servers are back up" messages.
On Fri, Oct 7, 2016 at 2:00 PM, pa011 wrote:
>
> Am 07.10.2016 um 20:20 schrieb Green Dream:
> > One of my guard relays has a few entries on Oct 06 also:
> >
can access Suricata, I'm just trying to figure out how all this works
before I actually start to mess around with it on a server.
On Thu, Oct 6, 2016 at 10:09 AM, wrote:
> You can't access suricata directly?
>
> -- Původní zpráva --
> Od: Tristan
> Komu: tor-
s) and second as IDS (all rules (block of rules) are switched
> on). In the log of IDS we determine which chains should be filtered and
> then we filter them one by one on IPS. The main thing is to not to cut of
> any of the customers (in our case).
>
>
> -- Původní zp
Suricata allows direct access via the Tor network, Snort's website gave me
multiple failed Captchas before I could access anything. I'm going to do
some further research before I even think about implementing anything.
How does one detect false positives when running an IPS? Do you just
frequently
Well, this sentence from the EFF gives me some peace of mind: "You are not
helping criminals by using Tor any more than you are helping criminals by
using the Internet."
I still wish there was a better way to handle things, but at this point I'm
just begging the question.
On Wed, Oct 5, 2016 at 5
Then what _can_ we do? Because as it stands, Tor is the perfect tool for
criminals, and your stand is "do nothing." An ISP can trace illegal
activity to a user, we can't. Even if Tor is considered an ISP in that
sense, the rules vary by country, maybe even by provider.
I'm being to think there is
Be that as it may, there must be *something* we can do about this as relay
operators. If you get caught doing something illegal on your home Internet
connection, there are warnings, and eventually consequences (like being
disconnected). Just because you run a Tor relay doesn't mean the rules
don't
Interesting seeing as how OVH is one of the biggest VPS services running
Tor exits.
On Oct 5, 2016 3:10 AM, "Roman Mamedov" wrote:
> On Wed, 5 Oct 2016 18:55:26 +1100
> teor wrote:
>
> > Does anyone have experience running a long-lived Exit on OVH / So You
> Start?
> >
> > We've just received a
3a5f3faac
> - Bot Information:
> https://www.webiron.com/bot_lookup/d5930168c39511ee975f5943a5f3faac
> - Bot Node Feed:
> https://www.webiron.com/bot_feed/d5930168c39511ee975f5943a5f3faac
> - Abused Range: 45.79.79.0/24
> - Requested URI: /
> -
mass reports from DigitalOcean.
> > And the thing that pisses me off is: Its all bots or Tax spam or other
> > stuff I got weeks/months ago. Different day, same shitty abuse mail.
> >
> > Markus
> >
> >
> > 2016-10-04 18:03 GMT+02:00 Tristan :
> >> I
I don't know what I'm doing different, because I only got 2 complaints in
the last 2 months, and that was for SSH and SQL stuff.
On Oct 4, 2016 11:01 AM, "pa011" wrote:
> Me too Markus -could fill a folder with that tax issue :-((
> Costing a lot of time to answer and restrict the IPs
>
> Plus m
Um, yes it will. I don't have ExitRelay in my torrc file at all, and it
exits just fine.
On Sun, Oct 2, 2016 at 9:03 PM, teor wrote:
>
> And your relay won't exit on IPv4 unless you set ExitRelay to 1
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 09/29/2016 04:30 PM, Tristan wrote:
> > if it fails
>
> so if it doesn't fail it does go through the proxy right?
> -BEGIN PGP SIGNATURE-
>
> i
I've tested many torrent clients with Tor's proxy. Vuze is the only one
that strictly follows the settings, every other client ignores the proxy if
it fails.
In Vuze, most trackers failed to connect, but with DHT (not sure if DHT
goes through the proxy) the actual torrent still goes through Tor.
Sounds like CloudFlare's threat policy.
On Sep 27, 2016 2:36 PM, "Tim Semeijn" wrote:
> Always watching my ass to be a good old Tor operator, I got my nodes on
> the list. Always fun to see how one time not updating all your
> MyFamily's gets you marked for life xD
>
> Time for some conf-updatin
Just so you know, you should be using a local DNS server, or one from the
OpenNIC project, instead of Google DNS. Google DNS sees almost 50% of all
Tor traffic, and could potentially link people across exits.
On Sep 27, 2016 8:48 AM, "pa011" wrote:
> On one of my recently started Exits I do see
Well, until someone decides to update Orbot, Android users are still on
0.2.7.5.
On Sep 21, 2016 8:30 AM, "teor" wrote:
>
> > On 21 Sep 2016, at 22:46, Tristan wrote:
> >
> > Well, according to this question I asked on Tor's StackExchange, version
&g
Whoops, forgot to paste the link:
https://tor.stackexchange.com/questions/12638/how-old-is-too-old-tor-versions
On Sep 21, 2016 7:46 AM, "Tristan" wrote:
> Well, according to this question I asked on Tor's StackExchange, version
> 0.2.4.26 is still technically in the
Well, according to this question I asked on Tor's StackExchange, version
0.2.4.26 is still technically in the recommended consensus.
At any rate, running an older version is better for diversity, isn't it?
On Sep 21, 2016 2:13 AM, "shraptor" wrote:
> On 2016-09-20 20:58, Roger Dingledine wrote:
In short, yes.
On Sep 21, 2016 5:02 AM, "D.S. Ljungmark" wrote:
> Hi all,
>
> I'm looking at some traffic patterns for my Exit relay, and I'm frankly
> a bit disappointed with the utilization.
>
> Currently it's running at a load average of 0.3-0.5, and CPU idle at
> 70-80%.
>
>
> We're not li
It takes time to get the guard flag. See the relay life cycle for more
details: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
On Sep 16, 2016 9:29 AM, "Jim Electro House"
wrote:
> I saw one relay not being a guard one, only middle.. :/
>
> On Fri, Sep 16, 2016 at 5:27 PM, Matt Traudt
your account. Most promos are valid for new
> customers only."
>
> Tristan:
> > It's in the billing settings after you log in.
> >
> > On Sep 15, 2016 3:28 PM, "Ralph Seichter"
> wrote:
> >
> >> On 15.09.16 21:43, Markus Koch wrote:
>
It's in the billing settings after you log in.
On Sep 15, 2016 3:28 PM, "Ralph Seichter" wrote:
> On 15.09.16 21:43, Markus Koch wrote:
>
> > DigitalOcean has a new Promo: $15 free aka 3 months free droplet.
>
> I have tried creating an additional Droplet, but it seems that promo codes
> cannot
Thanks! Going on 2 months with an exit node. I had to disable SSH after
about a month, but that's the only complaint I've gotten.
On Sep 15, 2016 2:43 PM, "Markus Koch" wrote:
Just 2 let you know, DigitalOcean has a new Promo: $15 free aka 3
months free droplet.
Guard/Middle is no problem at al
Well, if $5 a month is high for you, I don't know what to say.
On Sep 13, 2016 4:01 AM, "Admin Kode-IT" wrote:
> Is there something special about D.O.? The server prices are quite high
> in my opinion.
>
> ___
> tor-relays mailing list
> tor-relays@lis
I asked this question as well. Currently, they don't have a way to monitor
bandwidth, so they don't charge for usage. However, they ask that
continuous transfer be limited to 300 Mbps.
On Sep 11, 2016 5:46 AM, "Markus Koch" wrote:
> They do not bill traffic at the moment, this can change at will
But hidden service traffic makes up about 0.01% of Tor traffic.
Total is about 75Gb/s: http://rougmnvswfsmd4dq.onion/bandwidth.html
Hidden services are about 900Mb/s:
http://rougmnvswfsmd4dq.onion/hidserv-rend-relayed-cells.html
On Fri, Sep 2, 2016 at 12:51 PM, Green Dream
wrote:
> Don't forge
Looking at the advertised bandwidth vs bandwidth history from Tor
Metrics[1], it appears that guard relays see much more traffic than exit
relays. I think it might be partially because guard-only, guard-middle and
guard-exits aren't separated, but would it really skew the numbers that
much?
[1]htt
Is the Tor strike today? Because I just set up a second instance on my
relay to get the most out of its bandwidth.
Oops 😏
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
16 4:14 PM, "shraptor" wrote:
> n 2016-08-31 15:06, Tristan wrote:
>
>> The Tor Repository works fine on a Raspberry Pi 2, so I'm guessing
>> it'll work on a 3.
>>
>
> yep how right you are, I tested it but it pulled in libsystemd for some
> reason
The Tor Repository works fine on a Raspberry Pi 2, so I'm guessing it'll
work on a 3.
On Aug 31, 2016 4:38 AM, "shraptor" wrote:
> I am running an rpi3 with devuan.
>
> How to I get a more recent tor package on there?
>
>
> Could I use https://deb.torproject.org or do I have to
> setup a tool ch
Ubuntu/Debian doesn't have the latest version of Tor. You should use the
official repository: https://www.torproject.org/docs/debian.html.en
On Aug 24, 2016 12:50 PM, "Aeris" wrote:
> > Aeris, I should be worried if any of those matched. Did you know 0.2.8 is
> > out?
>
> Currently not on Xenial
Well, as canonizing ironize says on Tor's StackExchange, "GeoIP is
bullshit."
https://github.com/epidemics-scepticism/tor-misconception/blob/master/README.md
On Aug 23, 2016 10:10 AM, "Fred Rauch" wrote:
Hi,
I just started up another relay, and atlas' GeoIP data on it is incorrect
(says it is i
Honestly I have no idea how provides would enforce that rule anyway for
that very reason. My guess is that it's a technicality, since Tor _can_ but
isn't specifically _designed_ to max CPU usage.
On Aug 21, 2016 10:47 PM, "Green Dream" wrote:
>> > Most AUPs ban the use of programs designed to us
I read some tweets and found some articles. Jake Applegate stepped down
from the project, and Sheri replaced the board of directors. But this
strike wants to replace all Tor project members because of Applegate.
I'm not connecting the dots, and the response on Twitter seems to be mostly
against th
I've never believed in strikes. They never seem to really do anything,
other than make something unaccessible for a day or 2 (just like the
Wikipedia blackout a few years ago).
I don't understand any of the demands on the page, or why they matter. Tor
does its job, whether an ex-CIA agent helps de
Mine hasn't. It peaks at about 30%. It can't even hit the 150Mbps limit I
set.
On Aug 21, 2016 8:33 PM, "Green Dream" wrote:
> > Most AUPs ban the use of programs designed to use 100% CPU
>
> A well-utilized Tor node will max out CPU...
>
>
>
> ___
> t
I wouldn't run BOINC on a VPS. Most AUPs ban the use of programs designed
to use 100% CPU (a.k.a. programs like BOINC). You should probably
double-check if your VPS is ok with that.
On Sun, Aug 21, 2016 at 2:33 PM, Petrusko wrote:
> Hey!
> Thx for adding a relay ;)
> About my vps relay, there's
I think you mean "if" it goes live. That ticket has been open for 4 years,
and originally had a milestone for 0.2.4.
On Aug 18, 2016 12:36 PM, "Pi3" wrote:
> Im running 5 Mbits mid node on Pi3. Cpu load is 25-30% on 1 core with full
> steady traffic - no aes-ni here.
> Things should improve grea
I couldn't find the default config for Unbound when I installed it, so I
just used the example file. Logging is disabled by default in this file.
Unbound has a setting for "log-queries" which will print a line with time,
IP, name, type, and class for each query. Not sure if setting this to "no"
wil
Well, to spread out 1TB over a month, 1,000,000÷30 days÷24 hours÷60
minutes÷60 seconds÷2 for in/out x 8 to convert to bits equals...
1.54 Mbps, give or take. It's not exact math since a byte is 1024 instead
of 1000. Either way, 1TB gets used pretty quickly. My exit transfers 1TB in
just a few hour
Personal opinion here:
11 packets dropped on 20GB of data sounds pretty small, and these packets
might not even be from Tor. Literally any network service could have
dropped those packets (ntp, ssh, updates, etc.) I wouldn't worry about it
unless it starts to dramatically increase.
On Aug 15, 201
On Aug 14, 2016 9:28 AM, "s7r" wrote:
>
> Currently it's complicated for a single Tor process to saturate a 10Gb/s
> line, because it's not yet able to use all CPU cores.
>
Out of curiosity, what is the maximum speed a single Tor instance can
achieve? Are there any plans for multi-core support?
_
According to Ark Technica (
http://arstechnica.com/security/2016/08/linux-bug-leaves-usa-today-other-top-sites-vulnerable-to-serious-hijacking-attacks/)
encrypted communications can only be blocked, meaning that exit servers
could still be targeted.
However, the bug only has to affect 1 side in or
Last night I received my first abuse complaint on DigitalOcean. When I
logged in, I saw Tor was no longer running because the system ran out of
memory.
Is it possible the system ran out of memory because of the abuse? My relay
has 512MB of RAM running Tor and Unbound, and it's been running fine al
I don't think that's how it works. You need to go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays and
unsubscribe there.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/
in Torservers' config will eat up to 16 GiB. I am not
> sure if overriding Debian's setting is a good idea. Any advice? Is this
> warning more than an annoyance?
>
> Cheers,
> Christian
>
>
> On Mon, Aug 01, 2016 at 09:12:12PM -0500, Tristan wrote:
> > My defaul
quot;Green Dream" wrote:
> P.S. Tristan, here's the explanation from that mailing list... just in
> case people can't access the link or it goes away:
>
> "Yes, it has everything to do with those flag bits. For TCP connections,
> Linux tends to use a "ha
I didn't look at all of them, but I've been tracing some of the IPs that
have been blocked. Each one I've traced goes back to *.in-addr.arp. Even
more interesting is that some of these connections get blocked, even though
they're incoming on port 443, which allows traffic from anywhere!
Any ideas
wrong? Tor should only be using OrPort and DirPort, so I'm not sure where
all this other traffic is coming from.
On Thu, Aug 4, 2016 at 12:52 PM, Green Dream
wrote:
> Tristan: yep, I was assuming a non-exit. Although sure, you can block
> incoming traffic without affecting outboun
I'm assuming this doesn't apply to exit relays? Or is there a way to block
incoming while allowing outgoing?
On Aug 4, 2016 12:27 PM, "Green Dream" wrote:
> - firewall off (deny) everything except DirPort/ORPort/ssh
___
tor-relays mailing list
tor-relay
I'd like to peep in here and say that Orbot (Tor on Android) is still using
version 2.7.5. Until someone updates the app to 2.8.6, those users will
still need a DirPort.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.
If you were running relays just to get recognized, you were probably doing
it did the wrong reason.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
My default setting was 2048. I changed it to 200,000 for now. I haven't
really played with sysctl at all. The only change I've ever made in there
was for swappiness.
On Mon, Aug 1, 2016 at 8:04 PM, Green Dream wrote:
> It's related to /proc/sys/net/ipv4/tcp_max_orphans
>
> "Maximal number of TCP
I looked at my exit relay's syslog for no specific reason, and saw that it
was flooded with the following message:
kernel: [1736405.162223] TCP: too many orphaned sockets
These messages occur multiple times per second, but they only flood the log
every couple of hours. What is this, and what does
How can a Tor relay flood UDP? I thought everything was TCP?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Except that if you do it right, you get a high speed unlimited bandwidth
relay.
On Jul 31, 2016 9:03 AM, "Jonathan Baker-Bates"
wrote:
> I think this issue has been discussed here before.
>
> The general opinion on the list is that it's not a good idea to run an
> exit at home. It's probably not
#x27;ll go before they terminate you.
On Fri, Jul 29, 2016 at 11:04 AM, Sean Greenslade
wrote:
> On July 28, 2016 2:50:40 PM EDT, ITechGeek wrote:
> >On Thu, Jul 28, 2016 at 2:34 PM, Tristan
> >wrote:
> >
> >> I really wish VPS services wouldn't use Google D
Right now I'm using Digital Ocean, but my previous provider experiences
Hostwinds and Pulse (OVH) also have Google DNS as the default.
On Thu, Jul 28, 2016 at 1:50 PM, ITechGeek wrote:
>
> On Thu, Jul 28, 2016 at 2:34 PM, Tristan wrote:
>
>> I really wish VPS services wou
I really wish VPS services wouldn't use Google DNS by default. If not for
this e-mail, I would have been on Google's DNS for a while before I found
out.
Maybe the Tor devs could add a warning if an exit is using Google DNS?
Would that be acceptable?
On Thu, Jul 28, 2016 at 12:59 PM, Toralf Förste
If Tor exits are against the AUP, you shouldn't be running one.
On Jul 27, 2016 1:24 PM, "Snehan Kekre" wrote:
> Hi All,
>
> I have a *free* membership for a year on Amazon's AWS (*capped* at
> 15GB/month of traffic each way).
>
> I've been running an exit node with a reduced exit policy on an e
Oh dear, I'll take this as a warning since I just spun up a Tor droplet
with DO not too long ago.
On Jul 26, 2016 4:48 PM, "Markus Koch" wrote:
> Hi there,
>
> now I am getting abuse mails nearly every day and digital ocean looks
> like getting pissed off. Is it technical possible to switch betw
1 - 100 of 140 matches
Mail list logo
