That's normal behavior for Tor and should not affect normal VPSes.
However, if your VPS is NATed, or behind a badly configured firewall,
this could indeed cause some trouble on network devices.
There isn't much you can do about that, you simply need a lot of
connections for exits to work.
Tom
O
Op 21/08/16 om 15:14 schreef Toralf Förster:
> Hi,
>
> I made the following steps to have /var/lib/tor encrypted under an ext4fs
> under a stable Gentoo Linux:
>
> at a local system:
> head -c 16 /dev/random | xxd -p > ~/tmp-salt.txt; echo 0x`cat
> ~/tmp-salt.txt` > ~/.cryptoSalt; rm ~/tm
6 om 17:44 schreef Toralf Förster:
> On 08/21/2016 03:23 PM, Tom van der Woerdt wrote:
>> Did this work prior to adding encryption, or could that be a red
>> herring?
>
> It was the attempt to encrypt the Tor directory using the ext4 method
> - GRSecurity is fine (work
Why doesn't Tor just link with a dns recursor, instead of relying on the
user to get the configuration right?
Tom
Op 16/10/16 om 12:52 schreef Toralf Förster:
> Reading [1] I do wonder about that.
> Why do Tor exit relay operators avoid installing a local resolver - or at
> least simple a cache
Op 16/10/16 om 14:50 schreef Ralph Seichter:
> On 16.10.16 14:33, Tom van der Woerdt wrote:
>
>> Why doesn't Tor just link with a dns recursor, instead of relying on
>> the user to get the configuration right?
>
> It is not Tor's job to meddle with resolvin
2
Op 02/12/16 om 10:07 schreef Fabio Pietrosanti (naif) - lists:
> I'm trying to stress some very small dedicated server with ViaNano and
> Atoms and would like to try out multiple Tor relay with AES hw
> acceleration to see the limits
>
> -naif
> ___
>
:-(
If you got this mail as well, please don't fall for it. You'd be
exposing Tor users' browsing data.
Tom
Doorgestuurd bericht
Onderwerp: Your TOR relay
Datum: Sun, 6 Aug 2017 21:19:32 -0400
Van:Dennis Hannon
Aan:Dennis Hannon
Hello,
I came across your
Hi James,
Have you considered running a super restrictive exit policy? I had the
same trouble you have, with EFF's restrictive exit policy. So I wrote my
own, which also blocks port 80:
ExitPolicy accept *:443
ExitPolicy accept *:6667
ExitPolicy accept *:7000
ExitPolicy accept *:5222
ExitPolicy a
Op 04/12/2017 om 13:39 schreef teor:
>
> On 4 Dec 2017, at 22:18, Tom van der Woerdt <mailto:i...@tvdw.eu>> wrote:
>
>> Hi James,
>>
>> Have you considered running a super restrictive exit policy? I had the
>> same trouble you have, with EFF'
Yes, please restart Tor after updating
Jesse Victors schreef op 06/06/14 17:04:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Thanks. I saw the OpenSSL update, but thanks for explaining what it was about.
Is it necessary to restart Tor to apply the update?
Jesse V.
On 06/06/2014 04:00
Hi,
I'm running a Tor exit node on a 1gbit connection. Currently it's maxing
at about 180Mbit/s (both ways, so 360Mbit/s) per instance, and I'm
running two instances.
That's not really using the connection well. The box has 4 cores (no
AES-NI) and I'm looking for ways to utilize the other 64
Roman Mamedov schreef op 01/07/14 15:48:
On Tue, 01 Jul 2014 22:36:10 +1000
Tim wrote:
Tom,
Why not run multiple tor relays on different ports on the same IPv4 address?
For example, you could run 6 relays on 6 different ports on your IPv4 address (6 x
180 Mpbs > 1 Gbps).
This would also ut
Hi Kali,
It depends on your network speed. Expect it to use roughly 80% of your
maximum speed on average, so if you have a 50Mbit/s up/down connection
you will be uploading 13TB and downloading 13TB.
For high speed relays this might differ a bit if your bottleneck becomes
the CPU.
Tom
K
Ryan Getz schreef op 11/07/14 16:19:
On Fri, Jul 11, 2014, at 09:41 AM, Moritz Bartl wrote:
On 07/11/2014 11:33 AM, Roman Mamedov wrote:
Agreed, but my point was that only a small minority of relays use port 22
(checked, 27 of them - more than I expected) or port 53 (just three relays),
so it
Tyler Durden schreef op 04/08/14 19:10:
My ISP detected it.
They didn't specify which kind of traffic. I guess that it was a SYN-DDoS
On 2014-08-04 19:04, Anders Andersson wrote:
On Mon, Aug 4, 2014 at 2:53 PM, Tyler Durden wrote:
I just wanted to know from others how often your nodes are bei
Tim Semeijn schreef op 10/08/14 17:33:
On 8/10/14, 4:32 PM, b...@unseen.is wrote:
Hi,
apparently this hasn't been discussed here yet. About a month ago,
Donncha O'Cearbhaill build https://oniontip.com/ during the Dublin
Bitcoin Hackathon. It is a webapp which automatically extracts all
Bitcoin
I've often found my servers accidentally bottlenecked by the default
open file limit on some Linuxes. For example, on CentOS 6 this is 4096,
which for an exit node tends to mean ~50Mbit/s per process.
A single process will not saturate 1Gbit/s. Judging by the hardware
(AES-NI support) you will
Kees Goossens schreef op 19/10/14 13:24:
Part 1: Abuse over HTTP.
Within one week of being an exit, my provider forwarded the following
abuse notification to me ( is the abused Russian website, is me):
Greetings,
abuse team like to inform you, that we have had mass bruteforce
Manuel Gebauer schreef op 19/10/14 15:29:
Hi, Tom and Rejo. Same with me. Half of the abuse complaints I
get are from Valuehost Ru. Because I run on a cheap VPS I don't
get a reassigned IP. Therefore I always fear that my provider
might lose patience and shut down my server. That's why I decided
grarpamp schreef op 07/11/14 08:46:
On Thu, Nov 6, 2014 at 2:43 AM, David Serrano wrote:
On 2014-11-05 23:58:43 (-0500), grarpamp wrote:
The real problem below is the 96% allocation of opensource to
Linux and 4% to Other opensource.
Someone should really do an analysis of platform vs. exit
10TB/month is 30Mbit/s. You will have reached those 10TBs long before
coming close to maxing out a single CPU core. I'd estimate that a single
E3-1240 CPU core can deliver between 150Mbit/s and 250Mbit/s.
The specs on that server are fine, it's just not a lot of bandwidth.
Tom
I schreef op 2
Sebastian Urbach schreef op 26/12/14 om 14:05:
On December 26, 2014 12:41:51 PM Christian Burkert
wrote:
Hi,
I'm running a non-exit Tor node for a few months now on a virtual server
hosted in a professional datacenter.
Thank you !
Yesterday, December 25th, the support wrote me, that my se
Seth schreef op 31/12/14 om 21:09:
On Wed, 31 Dec 2014 01:13:52 -0800, Justaguy wrote:
Oh wait?
This is only advertised bandwith and not the actual bandwith.
maybe the actual bandwith will reach the advertised bandwith some day.
This relay is only running for 3 days so..
The advertised Tor b
The 'Named' flag is no longer assigned to relays.
Tom
webmaster schreef op 18/01/15 om 12:56:
Hello people out there,
whats the actually procedure to get a NAMED Flag?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.t
Hi Rupert,
Yes, a setup like that will work with Tor. Nothing relies on the IP
addresses of incoming connections.
Tom
Rupert Roe schreef op 20/02/15 om 23:03:
Hi,
I currently run this middle node from a residental VDSL connection:
https://atlas.torproject.org/#details/D0D6992508E64E28A7737
Sebastian Urbach schreef op 06/03/15 om 21:52:
Dear list members,
I hope that some of you compared 0.2.5.10 with 0.2.6.x regarding the
performance (ticket 9682). How big/small is the difference in the wild ?
I would appreciate it if someone with Linux / BSD could say a few words ;-)
Hi Sebast
Matthew Finkel schreef op 03/05/15 om 14:47:
On Sun, May 03, 2015 at 08:20:54PM +, Matthew Finkel wrote:
On Sun, May 03, 2015 at 12:05:49PM -0700, Aaron Hopkins wrote:
On Sun, 3 May 2015, Matthew Finkel wrote:
Assuming the path to their data dir is /var/lib/tor, we ask them to run:
Plea
I got the same. Restricting the exit policy to 80/443 until Sectoor replies.
Tom
Jurre van Bergen schreef op 21/05/15 om 22:04:
Hi,
I got the same message yesterday, I asked leaseweb to put our exit
node(hviv103) in a "dirty" ip-block and asked sectoor for a
clarification on what happened. No
Let's hope so, as Unmetered hosts a pretty significant amount of exit
traffic.
Several of my exits run there and I too received the abuse
notifications. I've contacted Unmetered for clarification and will
return to this thread as soon as I hear more.
The way unmetered has always handled abus
Hi,
You need two of the ports [80,443,6667] allowed to get the Exit flag. Of
these, your exit configuration only allows 80.
Tom
spiros_spi...@freemail.gr schreef op 25/06/15 om 20:19:
Good evening all,
An exit that I have been running for over one month now has not yet achieved
the Exit
NL is perfectly safe, probably one of the safest countries on the planet
for running Tor relays and exits. No need to worry about the legality of
it much, as long as you appropriately keep your own traffic and Tor
traffic separate. [IANAL!!!]
Raspberry Pis aren't very fast, so it won't help
Thanks for the reminder. Fixed!
Tom
nusenu schreef op 15/07/15 om 21:43:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
the following relays have misconfigured MyFamily settings.
'misconfigured' is defined by
declared family does not match effective family (as computed by
onionoo's new
Tim Semeijn schreef op 19/07/15 om 22:47:
Recently I noticed my Tor Exit nodes were showing nameserver errors in
the tor log and I decided to set up two private DNS resolvers
(pdns-recursor). Since I use those I have seen an increase of traffic
throughput on my Exit nodes to approx. 150%. I feel
Seth schreef op 20/07/15 om 15:27:
On Sun, 19 Jul 2015 13:52:32 -0700, Tom van der Woerdt
wrote:
All my exits run with pdns-recursor installed, because I don't want to
be uploading people's DNS data to Google's search indexer :-)
How does pdns-recursor stack up against unbou
I'd say about a year is ideal. Maybe longer.
It takes a long time for your bridge's IP address to be handed out to
users. Once they finally have one, the addresses should remain valid,
instead of immediately expiring.
Of course once it looks like your bridge's IP address has been exposed,
dr
spiros_spi...@freemail.gr schreef op 21/08/15 om 19:32:
Στις 21 του Αυγούστου 2015, 13:21, Sharif Olorin έγραψε:
Could you estimate the number of abuse complaints you receive, or the
amount of time you need to spend responding to them - and how many
exits for how long, for context?
I am the
enance tasks for
an exit relay, that differ from other "standard" servers?
Currently I check the sparse logs daily.
Thanks for all comments.
ButAry
*Gesendet:* Freitag, 21. August 2015 um 20:06 Uhr
*Von:* "Tom van der Woerdt"
*An:* tor-relays@lists.torproject.org
*Betreff:* Re: [t
I have tor-exit.network for rDNS purposes as well, ping me if you'd like an
A/ entry.
Tom
> On 25 Oct 2015, at 12:54, fatal wrote:
>
> I'd be definately interested! :)
>
>
>> On 25.10.2015 06:49, Eran Sandler wrote:
>> Hi all,
>>
>> I recently bought torexitnode.net to make it abundant
Op 01/11/15 om 18:22 schreef n...@cock.li:
tor-server-crea...@use.startmail.com:
should relays add some lines to torrc like reject *.fingerprint?
The authorities should be rejecting the relays / dropping their traffic
soon, I assume now they're trying to contact the operator before doing that.
Op 23/02/16 om 22:10 schreef Toralf Förster:
> Louie Cardone-Noott:
>> Those like me running debian and putting off doing a reboot might find
>> needrestart (package of same name) and checkrestart (package
>> debian-goodies) useful.
>
> Under Gentoo "lib_users -s" is a useful command IMO to see if
Op 03/07/16 om 13:52 schreef pa011:
>
>
> Am 03.07.2016 um 13:31 schrieb Peter Palfrader:
>> On Sun, 03 Jul 2016, pa011 wrote:
>>
>>>
>>> Am 03.07.2016 um 13:03 schrieb Peter Palfrader:
Let me read this for you.
On Sun, 03 Jul 2016, pa011 wrote:
> Jul 3 12:09:27 tor[4532]:
Op 03/07/16 om 15:51 schreef Zack Weinberg:
> On Sun, Jul 3, 2016 at 9:25 AM, ajs124 wrote:
>>
>> Afterwards, I noticed that most if not all the DNS request are randomly
>> capitalized.
>> Does this impact unbound's caching ability? My cache hit/miss ratio is
>> around 1/5.
>
> This is "0x20 en
What's the long-term effect of Heartbleed on Tor?
* Should we consider every key that was created before Tuesday a bad key
and lower their consensus weight?
* Should authorities scan for bad OpenSSL versions and force their
weight down to 20?
A lot of relays will continue running bad OpenSSL
I just had a quick look at the code that caused the bug (good overview
at
http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html).
The problem is that a length (unsigned short) is read from the incoming
data but then it doesn't check whether there's actually enough data to
Felix Büdenhölzer schreef op 10/04/14 22:13:
*However*, if there's a way to specify the data it sends back, that
wouldn't be a problem (I'm no legal specialist though). I have not yet
tested my theory, but sending a few extra bytes in the heartbeat
message (and of course incrementing 'length' in
Stephan schreef op 12/04/14 17:50:
Hi,
On 05.04.2014 13:52, Tami Kennedy wrote:
non-exit relay (Tor 0.2.4.21) started seeing these log Warning
entries. Concern or normal?
I can't say anything about those messages being normal or not, but I
just found one such message in my logs too:
Apr 11
A lot of relay operators were contacted within 12 hours of the
heartbleed bug being published. Of course, not everyone lists their mail
address in the directory, so those didn't get contacted.
Tom
AJ B schreef op 17/04/14 20:04:
Can we do anything to attempt to contact those relay operators
Please note that automatically updating has very little use if you don't
also restart the services you updated.
@Robert: please setup your ContactInfo in the torrc to something you can
be reached on when there's something wrong with the configuration or you
need to update certain software. Als
Hi Jesse,
Yes, a very large amount of nodes were rejected from the network for
running vulnerable versions.
Relevant threads :
* https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html
* https://lists.torproject.org/pipermail/tor-relays/2014-April/004340.html
Tom
Jesse Vi
49 matches
Mail list logo
