tor-relays August 2017

tor-relays@lists.torproject.org

72 participants
57 discussions

Re: [tor-relays] keepyourprivcay: Introducing a new 100 mbit/s relay
by Keepyourprivacy 16 Aug '17

16 Aug '17

Another 100 mbit/s relay has been added, located in sweden. MyFamily entry set in torrc. https://atlas.torproject.org/#details/B92CADBD1E9A2F72E64D7DE5A1BF5B2B30DA7…

2 1

IXPs in the United States
by Christopher 14 Aug '17

14 Aug '17

Hello, Emerald Onion (https://twitter.com/EmeraldOnion) is researching Internet Exchange Points in the United States in order to bolster Tor relay deployments within our legal jurisdiction. We have blogged a list of IXPs we've identified so far: https://emeraldonion.org/internet-exchange-points-in-the-united-states/ Please note that Emerald Onion would not be the org to deploy more relays in other cities. We are interested in helping others in those regions become their own ISP. (See https://emeraldonion.org/development/ for related education.) 1. Are there any Tor routers connected to any United States-based IXPs? If so, which ones and who operates them? We know of at least four: a. Calyx Institute on NYIIX https://www.peeringdb.com/net/4594 b. XMission on Equinix Ashburn, SIX Seattle, and SLIX https://www.peeringdb.com/net/789 c. Riseup Networks on SIX Seattle https://www.peeringdb.com/net/9021 d. Emerald Onion on SIX Seattle https://www.peeringdb.com/net/14010 2. Is this IXP friendly to Tor? 3. What is the organizational structure of this IXP? Such as corporate-run or community-driven, etc. Please let me know if you have any helpful information. I'm also reachable via Signal. https://yawnbox.com/contact/ Cheers, Yawnbox

1 0

Re: [tor-relays] 60 new neu.edu relays in 16 minutes
by privacy＠ccs.neu.edu 12 Aug '17

12 Aug '17

Hello nusenu, DocTor and OrNetRadar detected that someone added 60 tor relays [1] with your email address in the contact info field on 2017-08-08 between 15:45 and 16:01 UTC. [1] https://nusenu.github.io/OrNetRadar/2017/08/08/a7.html <https://nusenu.github.io/OrNetRadar/2017/08/08/a7.html> Since tor relay contact information is not authenticated I was wondering if these are in fact your relays? (I guess they are) Yes indeed they are ours. We started them all at the same time to make it clear that they are all run but one group of researchers. You obviously don't have to answer but if you want to I'm curious: Are these just temporary relays and part of your research or are they here to stay to increase the capacity of the tor network for more than just a few weeks or months? I assume you are not planing to run them for a longer period of time (>6months), but if you do you: Please consider network diversity when adding that amount of tor relay capacity. All your relays are operated in AS "Online S.a.s" - which is already the second biggest AS in terms of tor network capacity. At this stage we are not planning to run it for more than 6 months or so (but this might change). We understand that your concern is primarily about capacity diversity not trust in "Online S.a.s" since anyway it's already the second largest provider for Tor relays. Our experiments are not related to the traffic (and since all our relays are part of the same family at most one of them would be used in any circuit). We are using Online S.a.s because it it is cheap (I guess it's the same reason why others use it). We will check in the next couple of days if there is an alternative low cost provider. We have also limited our bandwidth but can increase it if more people express interest and it can help (we didn’t want to look like we are trying to attract/intercept traffic). +-----------------------------+-------------+ | AS Name | CW Fraction | +-----------------------------+-------------+ | OVH SAS | 15.95 | | Online S.a.s. | 13.41 | | Hetzner Online GmbH | 7.74 | | Digital Ocean, Inc. | 6.65 | | myLoc managed IT AG | 2.63 | +-----------------------------+-------------+ Also the country (FR) is not ideal from a diversity point of view. :) 14 of our relays are in the Netherlands but will make sure to diversify if we have to restart them. thanks for running relays, nusenu Note: There is nothing wrong with adding 60 tor relays, especially with proper MyFamily configuration as you did. Thank you for the positive note and feedback!

2 2

New Here
by Paul Templeton 12 Aug '17

12 Aug '17

Hi all, Have been running a mirror for a couple of years and haven't had much time to dedicate to and exit node but have finally committed to it. Found a provider that doesn't seem to have a cap on data and it will cost me about five euros a month. Question I have is two fold. First I find that atlas.torproject.org sometime says the node is down but its running and connected. Secondly how dose the bandwidth throttling work. I have set it to 300kbits with 500kbit burst but I can see the in/out traffic staying over 1mb for large periods of time and bursting to 7/8mb. Its not a problem just curios. Regards, Paul torproject.coffswifi.net

5 7

keepyourprivcay: Introducing a new 100 mbit/s relay
by Keepyourprivacy 11 Aug '17

11 Aug '17

Hello fellow operators of tor relays out there! :) I'd like to introduce my new relay, it's called keepyourprivacy and hosted in the Netherlands, at a provider which is known for high uptime and great network connectivity. Because it isn't very cheap, it's not very common used for tor relays, so i think it's a good choice for a better network diversity. :) Sure, i liked the idea of running a cheap relay at Kimsufi or something, but there are so many of this relays out there, which isn't good for the basic idea of Tor. It's running on a dedicated server with an dedicated 100 mbit/s full-duplex uplink, which is only used for Tor. So over 60 TB can be pushed each month. In these days Tor needs more help than ever, because VPN bans becoming more and more common - look at China or Russia for example. https://atlas.torproject.org/#details/59633E5F42DDA009798B173944367D7F50B1B… I'm also playing with the idea to change this relay to an exit node, but i'm a little bit worried about possible legal consequences. I would run it with an reduced policy however, but there is still the risk, that someone is doing fraud - or even worse - transmit child pornography over it. And that's nothing i'd like to be involved with it. But i know that it would help the Tor network even more. But for now, i think the middle relay with high uptime, capacity and with a not so common provider like OVH or online.net will still help the community to improve the connectivity. Let me know your thoughts! :)

6 6

Two research groups studying onion services and running relays
by Roger Dingledine 10 Aug '17

10 Aug '17

Hi relay operators! I want to let you know about two upcoming research projects by academic research groups. The tl;dr is that they're running relays to do certain measurements, and so far as we can tell the proposed methodology is safe enough and worthwhile enough, but we invite you (and everybody) to evaluate it too. If you didn't already know about the Tor Research Safety Board, now you do: https://research.torproject.org/safetyboard.html https://blog.torproject.org/blog/tor-heart-pets-and-privacy-research-commun… The board's goal is to help researchers do better and safer research, that is, to *minimize privacy risks while fostering a better understanding of the Tor network and its users*. The board has been low-profile so far because it's just starting up, but now that we've handled six cases, I've put the details of some of these cases up on the safety board page: https://research.torproject.org/safetyboard.html#examples (Some of the cases are still anonymized because their paper is not yet finished or submitted or accepted.) In particular, check out cases 2017-02 and 2017-03. They have each put up a web page explaining their research project and why it's safe, and listing which relays are associated with the research. http://tor.ccs.neu.edu/ https://onionpop.github.io/ Let us know if you have any questions. --Roger

2 2

60 new neu.edu relays in 16 minutes
by nusenu 10 Aug '17

10 Aug '17

Hello privacy(a)ccs.neu.edu, DocTor and OrNetRadar detected that someone added 60 tor relays [1] with your email address in the contact info field on 2017-08-08 between 15:45 and 16:01 UTC. [1] https://nusenu.github.io/OrNetRadar/2017/08/08/a7.html Since tor relay contact information is not authenticated I was wondering if these are in fact your relays? (I guess they are) You obviously don't have to answer but if you want to I'm curious: Are these just temporary relays and part of your research or are they here to stay to increase the capacity of the tor network for more than just a few weeks or months? I assume you are not planing to run them for a longer period of time (>6months), but if you do you: Please consider network diversity when adding that amount of tor relay capacity. All your relays are operated in AS "Online S.a.s" - which is already the second biggest AS in terms of tor network capacity. +-----------------------------+-------------+ | AS Name | CW Fraction | +-----------------------------+-------------+ | OVH SAS | 15.95 | | Online S.a.s. | 13.41 | | Hetzner Online GmbH | 7.74 | | Digital Ocean, Inc. | 6.65 | | myLoc managed IT AG | 2.63 | +-----------------------------+-------------+ Also the country (FR) is not ideal from a diversity point of view. thanks for running relays, nusenu Note: There is nothing wrong with adding 60 tor relays, especially with proper MyFamily configuration as you did. -- https://mastodon.social/@nusenu https://twitter.com/nusenu_

2 2

alternating consensus weight
by Toralf Förster 09 Aug '17

09 Aug '17

1 0

Tor exit nodes attacking SSH?
by Steven Chamberlain 09 Aug '17

09 Aug '17

Hi, I often run my SSH sessions via Tor using tsocks. But today I see: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is e7:0e:73:a5:88:23:67:9c:01:87:3c:61:96:f6:e8:0a. Further investigation shows that this happens for any destination IP address, even where there's no SSH service running: $ tsocks ssh -vC root(a)8.8.8.8 OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 debug1: Reading configuration data /home/steven/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 8.8.8.8 [8.8.8.8] port 22. debug1: Connection established. debug1: identity file /home/steven/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/steven/.ssh/id_rsa-cert type -1 debug1: identity file /home/steven/.ssh/id_dsa type 2 debug1: key_load_public: No such file or directory debug1: identity file /home/steven/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/steven/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/steven/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/steven/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/steven/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 debug1: Remote protocol version 2.0, remote software version dropbear_2015.67 debug1: no match: dropbear_2015.67 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-sha2-256 zlib(a)openssh.com debug1: kex: client->server aes128-ctr hmac-sha2-256 zlib(a)openssh.com debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: RSA e7:0e:73:a5:88:23:67:9c:01:87:3c:61:96:f6:e8:0a The authenticity of host '8.8.8.8 (8.8.8.8)' can't be established. RSA key fingerprint is e7:0e:73:a5:88:23:67:9c:01:87:3c:61:96:f6:e8:0a. Are you sure you want to continue connecting (yes/no)? : I could be wrong, but I think this "dropbear" service is most likely something malicious, running on one or more Tor exit nodes, attempting to collect passwords of people logging in this way. If a user ignored the error (or trusts the fingerprint without verifying), their password, and further activity on the shell could all be captured by the attacker. Since Tor makes my client connections anonymous, and the dropbear is seen even for hosts that don't provide an SSH service, makes me think this attack is indiscriminate, not targetted only at me or my servers. The first time you connect to some machine, be careful to verify the fingerprint through independent means. Pay attention to notices like this of changed key fingerprints. And if you haven't already, disable PasswordAuthentication to something that cannot be intercepted (like authorization of private RSA/ECDSA keys). Regards, -- Steven Chamberlain steven(a)pyro.eu.org

7 8

obfs4proxy for FreeBSD and OpenBSD
by George 09 Aug '17

09 Aug '17

We just did a blog post on obfs4proxy for FreeBSD and OpenBSD on the TDP blog: https://torbsd.github.io/blog.html#welcome-obfs4 Feedback welcome, offline or via GitHub. In the near future, we'll submit to the respective ports systems. g -- 5F77 765E 40D6 5340 A0F5 3401 4997 FF11 A86F 44E2

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays August 2017