Hi all,
I recently bought torexitnode.net to make it abundantly clear in reverse DNS lookup that this is a Tor exit node.
I've set both of my exit relays tor4thepeople1.torexitnode.net and tor4thepeople2.torexitnode.net to use it and I was wondering if it would be interesting for other Tor relay users to use it as well.
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it. Once its running you can ask your service provider (if they don't provide an interface already) to make a reverse lookup on the IP to that address.
What do you think? Is this something people would want to use?
Thanks, Eran
I'd be definately interested! :)
On 25.10.2015 06:49, Eran Sandler wrote:
Hi all,
I recently bought torexitnode.net to make it abundantly clear in reverse DNS lookup that this is a Tor exit node.
I've set both of my exit relays tor4thepeople1.torexitnode.net and tor4thepeople2.torexitnode.net to use it and I was wondering if it would be interesting for other Tor relay users to use it as well.
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it. Once its running you can ask your service provider (if they don't provide an interface already) to make a reverse lookup on the IP to that address.
What do you think? Is this something people would want to use?
Thanks, Eran
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have tor-exit.network for rDNS purposes as well, ping me if you'd like an A/AAAA entry.
Tom
On 25 Oct 2015, at 12:54, fatal fatal@mailbox.org wrote:
I'd be definately interested! :)
On 25.10.2015 06:49, Eran Sandler wrote: Hi all,
I recently bought torexitnode.net to make it abundantly clear in reverse DNS lookup that this is a Tor exit node.
I've set both of my exit relays tor4thepeople1.torexitnode.net and tor4thepeople2.torexitnode.net to use it and I was wondering if it would be interesting for other Tor relay users to use it as well.
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it. Once its running you can ask your service provider (if they don't provide an interface already) to make a reverse lookup on the IP to that address.
What do you think? Is this something people would want to use?
Thanks, Eran
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
These are great ideas.
Seems sensible to generate subdomains underneath it for every exit node. Subdomains by IP# ?
So aaa-bbb-ccc-ddd.tor-exit.network? On Sun, 25 Oct 2015 at 20:18 Tom van der Woerdt info@tvdw.eu wrote:
I have tor-exit.network for rDNS purposes as well, ping me if you'd like an A/AAAA entry.
Tom
On 25 Oct 2015, at 12:54, fatal fatal@mailbox.org wrote:
I'd be definately interested! :)
On 25.10.2015 06:49, Eran Sandler wrote: Hi all,
I recently bought torexitnode.net to make it abundantly clear in
reverse
DNS lookup that this is a Tor exit node.
I've set both of my exit relays tor4thepeople1.torexitnode.net and tor4thepeople2.torexitnode.net to use it and I was wondering if it
would be
interesting for other Tor relay users to use it as well.
If so, I'll write a small something that will allow adding new
subdomains
to it. So that you can always add and update subdomains on it. Once its running you can ask your service provider (if they don't provide an interface already) to make a reverse lookup on the IP to that address.
What do you think? Is this something people would want to use?
Thanks, Eran
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sun, Oct 25, 2015, at 05:49 AM, Eran Sandler wrote:
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would be open to abuse. GD
Link requested subdomains to the relay's fingerprint, and require all change/update requests to be signed by the node's keys, and have some validation that the node can be found on the network (and is an exit node). This will ensure only Tor exit nodes can apply, and that nodes can only change their own subdomain, and even makes it reletively scriptable, if desired.
On 2015-10-25 12:26, Geoff Down wrote:
On Sun, Oct 25, 2015, at 05:49 AM, Eran Sandler wrote:
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would be open to abuse. GD
Sounds like a great way to do it.
I do want to make validation against the network, specifically with the contact info however I don't think there is any validation in the network as to the values of the email and/or host.
Is there an easy way for me to get a node's public key from itself or the network? That way they can sign the fingerprint of the node + requested domain name using their private key and I can verify it with their public key.
Eran
On Sun, Oct 25, 2015 at 9:41 PM Tor Relays at brwyatt.net tor@brwyatt.net wrote:
Link requested subdomains to the relay's fingerprint, and require all change/update requests to be signed by the node's keys, and have some validation that the node can be found on the network (and is an exit node). This will ensure only Tor exit nodes can apply, and that nodes can only change their own subdomain, and even makes it reletively scriptable, if desired.
On 2015-10-25 12:26, Geoff Down wrote:
On Sun, Oct 25, 2015, at 05:49 AM, Eran Sandler wrote:
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would be open to abuse. GD
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 10/25/2015 08:26 PM, Geoff Down wrote:
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would be open to abuse.
What kind of abuse?
On Sun, Oct 25, 2015, at 07:52 PM, Moritz Bartl wrote:
On 10/25/2015 08:26 PM, Geoff Down wrote:
If so, I'll write a small something that will allow adding new subdomains to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would be open to abuse.
What kind of abuse?
-- Moritz Bartl https://www.torservers.net/
Oh, off the top of my head....pointing download.torexitnode.net to backdoored Tor or Torbrowser software; pointing lots of subdomains to Canadian Pharmacy websites or other content that the OP would not wish to be associated with, and using them in spam campaigns. GD
I was planning on having a system that will use Tor network data from Atlas so that the account must be created using the email reported by contact info and the domain they want needs to be free and reported as the host of that Tor node.
On Mon, 26 Oct 2015 at 12:02 AM Geoff Down geoffdown@fastmail.net wrote:
On Sun, Oct 25, 2015, at 07:52 PM, Moritz Bartl wrote:
On 10/25/2015 08:26 PM, Geoff Down wrote:
If so, I'll write a small something that will allow adding new
subdomains
to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would
be
open to abuse.
What kind of abuse?
-- Moritz Bartl https://www.torservers.net/
Oh, off the top of my head....pointing download.torexitnode.net to backdoored Tor or Torbrowser software; pointing lots of subdomains to Canadian Pharmacy websites or other content that the OP would not wish to be associated with, and using them in spam campaigns. GD
-- http://www.fastmail.com - Email service worth paying for. Try it for free
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Usually the Contact Info is obfuscated is some way. Tor Weather handles grabbing these just fine too so should not be a problem to automate the process.
A lot of Exit operators already use subdomains of their own domains to provide their nodes with recognizable Tor related rDNS. I for example use a format like 1.tor.exit.mydomain.tld. As far as I am concerned this does the same job and does not concentrate the rDNS of multiple operators on a single domain.
I love the idea though and operators without own domains or domains they do not want to associate with their nodes can use this nicely.
On 10/25/15 11:04 PM, Eran Sandler wrote:
I was planning on having a system that will use Tor network data from Atlas so that the account must be created using the email reported by contact info and the domain they want needs to be free and reported as the host of that Tor node.
On Mon, 26 Oct 2015 at 12:02 AM Geoff Down geoffdown@fastmail.net wrote:
On Sun, Oct 25, 2015, at 07:52 PM, Moritz Bartl wrote:
On 10/25/2015 08:26 PM, Geoff Down wrote:
If so, I'll write a small something that will allow adding new
subdomains
to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would
be
open to abuse.
What kind of abuse?
-- Moritz Bartl https://www.torservers.net/
Oh, off the top of my head....pointing download.torexitnode.net to backdoored Tor or Torbrowser software; pointing lots of subdomains to Canadian Pharmacy websites or other content that the OP would not wish to be associated with, and using them in spam campaigns. GD
-- http://www.fastmail.com - Email service worth paying for. Try it for free
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network
PGP: 0x2A540FA5 / 3DF3 13FA 4B60 E48A E755 9663 B187 0310 2A54 0FA5
On 26 Oct 2015, at 09:27, NOC noc@babylon.network wrote:
Usually the Contact Info is obfuscated is some way. Tor Weather handles grabbing these just fine too so should not be a problem to automate the process.
Tor Weather requires users to opt-in by filling in a form with an unobfuscated email address and relay fingerprint.
It doesn't use the relay's ContactInfo at all, and anyone can sign up to watch any relay.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
I see.
I guess I can simply ask the fingerprint of the node and try to verify with a reverse lookup (will take a while) that it points back to the domain (and subdomain) that was just allocated.
Eran
On Tue, Oct 27, 2015 at 3:56 AM teor teor2345@gmail.com wrote:
On 26 Oct 2015, at 09:27, NOC noc@babylon.network wrote:
Usually the Contact Info is obfuscated is some way. Tor Weather handles grabbing these just fine too so should not be a problem to automate the process.
Tor Weather requires users to opt-in by filling in a form with an unobfuscated email address and relay fingerprint.
It doesn't use the relay's ContactInfo at all, and anyone can sign up to watch any relay.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 27 Oct 2015, at 12:55, teor teor2345@gmail.com wrote:
On 26 Oct 2015, at 09:27, NOC noc@babylon.network wrote:
Usually the Contact Info is obfuscated is some way. Tor Weather handles grabbing these just fine too so should not be a problem to automate the process.
Tor Weather requires users to opt-in by filling in a form with an unobfuscated email address and relay fingerprint.
It doesn't use the relay's ContactInfo at all, and anyone can sign up to watch any relay.
I was wrong - Tor Weather sends a single email to welcome new relay operators to the Tor network. It encourages them to sign up to monitor their node. (Any further emails require a manual sign-up.)
Roger just corrected my mistake on IRC: "did you know that tor weather auto reads the descriptors, and pulls in contactinfos, and tries to deobfuscate them, and sends a welcome message to relay operators, and later sends a tshirt mail if they achieve some (buggy) set of thresholds?”
The details are in: https://gitweb.torproject.org/weather.git/tree/doc/design.txt https://gitweb.torproject.org/weather.git/tree/doc/design.txt
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
This whole idea came after I got oh too many various alerts from my service provider.
I decide to buy a domain that is not associated directly with my other domains and found torexitnode.net free.
I looked at Atlas and torstatus.blutmagie.de and saw that many exit nodes don't have a domain at all.
Anyhow, I'll be working on something in the next week or so and when I'm ready for testing I'll ping the list again.
Eran
On Mon, Oct 26, 2015 at 12:38 AM NOC noc@babylon.network wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Usually the Contact Info is obfuscated is some way. Tor Weather handles grabbing these just fine too so should not be a problem to automate the process.
A lot of Exit operators already use subdomains of their own domains to provide their nodes with recognizable Tor related rDNS. I for example use a format like 1.tor.exit.mydomain.tld. As far as I am concerned this does the same job and does not concentrate the rDNS of multiple operators on a single domain.
I love the idea though and operators without own domains or domains they do not want to associate with their nodes can use this nicely.
On 10/25/15 11:04 PM, Eran Sandler wrote:
I was planning on having a system that will use Tor network data from Atlas so that the account must be created using the email reported by contact info and the domain they want needs to be free and reported as the host of that Tor node.
On Mon, 26 Oct 2015 at 12:02 AM Geoff Down geoffdown@fastmail.net wrote:
On Sun, Oct 25, 2015, at 07:52 PM, Moritz Bartl wrote:
On 10/25/2015 08:26 PM, Geoff Down wrote:
If so, I'll write a small something that will allow adding new
subdomains
to it. So that you can always add and update subdomains on it.
As long as you don't let other people do that themselves. That would
be
open to abuse.
What kind of abuse?
-- Moritz Bartl https://www.torservers.net/
Oh, off the top of my head....pointing download.torexitnode.net to backdoored Tor or Torbrowser software; pointing lots of subdomains to Canadian Pharmacy websites or other content that the OP would not wish to be associated with, and using them in spam campaigns. GD
-- http://www.fastmail.com - Email service worth paying for. Try it for free
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Semeijn Babylon Network
PGP: 0x2A540FA5 / 3DF3 13FA 4B60 E48A E755 9663 B187 0310 2A54 0FA5 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJWLVdMAAoJELGHAxAqVA+lyioQALigEGrn/AGw6FYevo63Bcms fbhMYZ4R2GFe1TdQcaiFY+uOZjbYlM+VchU+3CZZR+rijEWYWwjspXzo6ocQG2HR HCv9GD8PWQgrgRlwKdBAggZ1eCWN3POxkB/FLKwX0V8gHhv4h2ybsGt7qh/XK4qd offaZtmEXYPxcm/LjtnrT1GOo2mZXbqzW6CJNqIUCvTxIPYNm2Ay7HPBVEP5sdZs 0g5iqpl5/XiKZ3aDWneBRlEnrOxDPksJAM+0MTJ/Q2GTD9ifgQu1wPfWnY22zs1x 7dx7cO7GSkti37o/v8/XYQ0HFlorwSOb/mtXbeioAH4Eg1OL3cW9JCLeO1wJD21J cNobbhQFbmkRsJh4K+6gVFviBh/2sJ0HlPzPjyabAyWt1nEENxwdyG9GL/VsVs9y kZve5032qtiFj6NAP5mAjhnpIuq26inxyqRKcZ9t/J6XkNLGFhRoRmPvbUzkKgcJ OuIHsQ4iG4IcJrvgWDZdeOg9nm4fW7nKClcuZB6xb7JBj/3+5gt8E9B+q3gECegg InzF8nehpCfXUfQ8Vy6Jwnrd+B/PiVs34T8DEoYxBnzzN8XK1NH9uox+8NDtmtJM 9uLAqpdO+8je+0hJH1Pd9zn9EdY/6k/JyLGhzCshStqGP5TPNDlud/peUSqCejtb 3JfiJcurUBlTvushAqMD =dOzm -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Eran Sandler -
fatal -
Geoff Down -
I -
Moritz Bartl -
NOC -
teor -
Tim Wilson-Brown - teor
-
Tom van der Woerdt -
Tor Relays at brwyatt.net -
Virgil Griffith