tor-relays May 2016

tor-relays@lists.torproject.org

73 participants
55 discussions

New month, new TOR exit servers, need ELI5 pls
by Markus Koch 22 May '16

22 May '16

As I told you guys ITLDC.com kicked 3 of my exit servers last month. Just got 3 new ones, hosted by DigitalOcean, Hostwinds and soon virtualniserverlite. If things go wrong (and with my luck they will) how many and which ports do I have to forward to be useful as a exit node? eg: I get lots of abuse of port 22, can I close it and the TOR network will for itself find out that sending me ssh traffic is a bad idea? markus

4 7

Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
by Tristan 22 May '16

22 May '16

You can close port 22 by adding it to your exit policy. The syntax would be something like ExitPolicy reject *:22 You should put this towards the top of the exit policy rules so it isn't overridden by other rules. On May 22, 2016 8:34 AM, "Markus Koch" <niftybunny(a)googlemail.com> wrote: As I told you guys ITLDC.com kicked 3 of my exit servers last month. Just got 3 new ones, hosted by DigitalOcean, Hostwinds and soon virtualniserverlite. If things go wrong (and with my luck they will) how many and which ports do I have to forward to be useful as a exit node? eg: I get lots of abuse of port 22, can I close it and the TOR network will for itself find out that sending me ssh traffic is a bad idea? markus _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 0

Port scanning via exit node
by ken＠kenbaker.co.uk 21 May '16

21 May '16

Hi Folks: I got an abuse complaint from my VPS host, because someone was using my exit node for port scanning. Here is the first bit of his (redacted) log. Attack detail : 4K scans dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason 2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:35008 xxx.xxx.xxx.xxx:22 TCP SYN 60 SCAN:SYN 2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:46532 xxx.xxx.xxx.xxx:22 TCP SYN 60 SCAN:SYN 2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:41718 xxx.xxx.xxx.xxx:22 TCP SYN 60 SCAN:SYN Hosting dude says he'd appreciate it if I could prevent this, but I'm not sure how. I'm afraid I don't have any logs - the VPS got reimaged. Suggestions how to prevent or mitigate this are welcome. Cheers, K.

3 3

tips-running-exit-node-minimal-harassment
by pa011 21 May '16

21 May '16

This page https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment cant be found at the moment - anybody holding a copy of it please? There is something similar 6 years old: https://www.facebook.com/notes/tor-project/tips-for-running-an-exit-node-wi… Is this still state of the art? Thanks Paul

2 1

Re: [tor-relays] VPS for Exits
by Neel Chauhan 21 May '16

21 May '16

> I contacted ITL (https://itldc.com/) as well two weeks ago. To me they > refused opening an exit: "We decide to do not allow new public tor > exit > nodes in our network. Existing public tor exit nodes we be kept." Well that's unfortunate. I guess I'll have to hold on to my VPS for a long time. No wonder why someone on this mailing list had trouble with ITL earlier this month. They no longer want exit nodes. -Neel Chauhan https://www.neelc.org/

1 0

Tip: Cheap fast dedicated servers for exit relays
by fatal 21 May '16

21 May '16

Ahoy! they are not in chiapas, they don't have a classy AS and (mostly) no esoteric operating systems. But they are cheap, fast and can be run as exit relays: the budget servers from Oneprovider (http://oneprovider.com/dedicated-servers/budget-servers). Oneprovider resells dedicated servers around the world and they handle all the 'sale' servers from online.net. Following the good/bad isp wiki page Online.net themself don't allow tor relays for quite some time. But oneprovider is "vpn friendly" (email from sales person) and I'm running a couple of exit relays with them for a couple of months. The abuse handling varies and depends on the provider they are reselling from. With the online.net servers I get one abuse mail every (!) monday for every server which states something about stopforumspam. I log in to the managment panel and reply that I'm running a tor server and can do nothing about this because stopforumspam doesn't provide more information and they close the ticket. That's it, never got any other abuse mails (running a reduced exit policy). The VIA Nano U2250 powered dedicated servers (Paris) cost 7€ a month (no setup fee, no ipmi, unlimited transfer) throughput max. is 82 Mbit/s in and out (throughput limit is the cpu, 1 core, no aes-ni, with iptables as in the arch wiki) with linux and max. 74 Mbit/s with freebsd (no pf, libressl, with openssl it's sightly faster¹). The Intel Atom C2350 powered dedicated servers (Paris and Amsterdam) cost 15€ a month (ipmi but no custom iso mount, only linux and windows are offered², unlimited transfer) and pushes ~180 Mbit/s in each direction with one tor instance (linux, stateles iptables and kernel tweaks for 100mbit+ relays from arch wiki and torservers.net, grsecurity kernel). The CPU (2 cores, aes-ni) isn't fully utilised so there is room for another tor instance (I'll move one of my relays there for testing when one of my VIA Nano contracts expire). Running more of these dedicated servers won't help making the tor network 'better' as in diversity (et al.) bus as in citius, altius, fortius. So if you would like to have a new, cheap, fast and easy to care mainstream (exit-)relay: go for it \o/ ¹ I'm no BSD expert and am wondering why stateless pf uses so 'much' more cpu power than statess iptables. Maybe someone can enlighten me :) ² Which I really feel sad about, I was hopeing for beeing the one with the fastest openbsd exit relay in the world - and that for 15 € a month ;)

3 3

What's this Abuse
by Dr Gerard Bulger 20 May '16

20 May '16

My ISP got a weird Abuse notice with no details. Just said stop. Stop what? When we asked what the "abuse" was they sent a 1mb.gz snapshop of their log files. There were a few references to my IP, but I have no idea what was seen as abuse: Can anyone tell me what they are fussed about? I like to respond in a robust manner. My IP is 5.77.47.142 184.151.178.22 - - [16/May/2016:15:19:40 -0400] "GET /product_imgs/small/R-F35T5-832.jpg HTTP/1.1" 200 23822 "http://www.liteline.com/ALFT5-35-4100-3" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36" 184.151.178.22 - - [16/May/2016:15:19:40 -0400] "GET /product_imgs/small/R-FBT6124-WH-3.jpg HTTP/1.1" 200 23103 "http://www.liteline.com/ALFT5-35-4100-3" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/ HTTP/1.1" 200 1079 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/Liteline_logo_horizontal.png HTTP/1.1" 200 2610 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/px_bgrnd.png HTTP/1.1" 200 3738 "http://www.liteline.com/admin/css/admin_styles.css" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:42 -0400] "GET /favicon.ico HTTP/1.1" 200 1406 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 209.29.237.34 - - [16/May/2016:15:19:42 -0400] "GET / HTTP/1.1" 200 7949 "-" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1" 209.29.237.34 - - [16/May/2016:15:19:42 -0400] "GET /styles2.css HTTP/1.1" 200 11384 "http://www.liteline.com/" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1" 209.29.237.34 - - [16/May/2016:15:19:43 -0400] "GET /prettyPhoto.css HTTP/1.1" 200 2769 "http://www.liteline.com/" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1" 209.29.237.34 - - [16/May/2016:15:19:43 -0400] "GET /js/functions.js HTTP/1.1" 200 9264 "http://www.liteline.com/" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" 5.77.47.142 - - [16/May/2016:15:19:56 -0400] "POST /admin/ HTTP/1.1" 302 1079 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:56 -0400] "GET /admin/admin.php HTTP/1.1" 200 1029 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 184.151.179.73 - - [16/May/2016:15:19:56 -0400] "GET /Lighting/Recessed/4-in/4-in-Trims/page/2 HTTP/1.1" 200 4961 "http://www.liteline.com/Lighting/Recessed/4-in/4-in-Trims/page/1" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1" 184.151.179.73 - - [16/May/2016:15:19:56 -0400] "GET /styles2.css HTTP/1.1" 200 11384 "http://www.liteline.com/Lighting/Recessed/4-in/4-in-Trims/page/2" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1" "http://www.liteline.com/Lighting/Recessed/4-in/4-in-Trims/page/2" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1" 5.77.47.142 - - [16/May/2016:15:19:57 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/admin.php" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:57 -0400] "GET /admin/images/rt_arrow.png HTTP/1.1" 200 554 "http://www.liteline.com/admin/css/admin_styles.css" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 216.123.172.226 - - [16/May/2016: 5.77.47.142 - - [16/May/2016:15:20:03 -0400] "GET /admin/admin.php?admin_add_product HTTP/1.1" 200 1271 "http://www.liteline.com/admin/admin.php" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:20:03 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/admin.php?admin_add_product" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" HTTP/1.1" 200 9264 "http://www.liteline.com/ATF7630" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" 5.77.47.142 - - [16/May/2016:15:20:18 -0400] "GET /admin/ HTTP/1.1" 302 1079 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:20:19 -0400] "GET /admin/admin.php HTTP/1.1" 200 1029 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:20:19 -0400] "GET /admin/css/admin_styles.css HTTP/1.1" 200 1892 "http://www.liteline.com/admin/admin.php" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 184.151.179.73 - - [16/May/2016:15:20:20 -0400] "GET. 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/Liteline_logo_horizontal.png HTTP/1.1" 200 2610 "http://www.liteline.com/admin/" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:41 -0400] "GET /admin/images/px_bgrnd.png HTTP/1.1" 200 3738 "http://www.liteline.com/admin/css/admin_styles.css" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 5.77.47.142 - - [16/May/2016:15:19:42 -0400] "GET /favicon.ico HTTP/1.1" 200 1406 "-" "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0" 209.29.237.34 - - [16/May/2016:15:19:42 -0400]

7 13

VPS for Exits
by Tristan 20 May '16

20 May '16

Hostwinds is a pretty good US-based VPS. The price is good, and you get 10TB of bandwidth to start with. On May 20, 2016 6:03 PM, "I" <beatthebastards(a)inbox.com> wrote: Do you know of a VPS for an exit? Robert _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 1

Handling possible abuse requests
by pa011 19 May '16

19 May '16

I am running some pretty good developing relays which I would like to change into exit-nodes over time. As I have no experience how to handle possible abuses I would need some help please? Is there anybody out there who can give me some advice, or even help me doing (answering) these? How many of those abuses are to expect? How to avoid on changing what parameters? Any hints highly appreciated. PA

6 8

Re: [tor-relays] Handling possible abuse requests
by Tristan 19 May '16

19 May '16

I only ever received 1 abuse complaint over a 2-month period. I apologize for the inconvenience and explained that I would block the abused IP range. The abuse report was generated by Webiron, and they had a guide for Tor operators. I imagine other problems can be similarly solved. As others have said, a reduced exit policy will decrease your chances of getting complaints.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays May 2016