I'm testing few things in Tor and I noticed that if im changing(from the source code) the number of hop's(nodes) to be more then 3 hop's it work's fine(slowly, but still working) and if im sting only 2 hop's its still works great. but, when i'm setting only 1 hop, i can open the Tor-browser but i can't use it(Tor-browser) to visit site(regular site or onion site too). so im thinking maybe the Tor-network have protected from users who are using 1 hop?
On 2018-06-26 16:16:46, "dave levi" levi72827@gmail.com wrote:
I'm testing few things in Tor and I noticed that if im changing(from the source code) the number of hop's(nodes) to be more then 3 hop's it work's fine(slowly, but still working) and if im sting only 2 hop's its still works great. but, when i'm setting only 1 hop, i can open the Tor-browser but i can't use it(Tor-browser) to visit site(regular site or onion site too). so im thinking maybe the Tor-network have protected from users who are using 1 hop?
I guess it's part of the DoS protection recently implemented. My guard relay DoS statistics in the heartbeat log entry:
[notice] DoS mitigation since startup: 0 circuits killed with too many cells. 232704 circuits rejected, 15 marked addresses. 2939 connections closed. 1534 single hop clients refused.
On 6/26/18 10:16, dave levi wrote:
I'm testing few things in Tor and I noticed that if im changing(from the source code) the number of hop's(nodes) to be more then 3 hop's it work's fine(slowly, but still working) and if im sting only 2 hop's its still works great. but, when i'm setting only 1 hop, i can open the Tor-browser but i can't use it(Tor-browser) to visit site(regular site or onion site too). so im thinking maybe the Tor-network have protected from users who are using 1 hop?
Yes.
Even before the DoS mitigation stuff, relays wouldn't allow themselves to be used as the only hop in a circuit. Apparently this affects onion service circuits too.
If you want a single-hop proxy, then you don't want Tor.
Matt
On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt pastly@torproject.org wrote:
On 6/26/18 10:16, dave levi wrote:
I'm testing few things in Tor and I noticed that if im changing(from the source code) the number of hop's(nodes) to be more then 3 hop's it work's fine(slowly, but still working) and if im sting only 2 hop's its still works great. but, when i'm setting only 1 hop, i can open the Tor-browser but i can't use it(Tor-browser) to visit site(regular site or onion site too). so im thinking maybe the Tor-network have protected from users who are using 1 hop?
Yes.
Even before the DoS mitigation stuff, relays wouldn't allow themselves to be used as the only hop in a circuit. Apparently this affects onion service circuits too.
If you want a single-hop proxy, then you don't want Tor.
Matt _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
How does a relay know if there is another relay in the circuit? What if the attacker runs a "relay" locally?
On 6/26/18 10:29, Nagaev Boris wrote:
On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt pastly@torproject.org wrote:
On 6/26/18 10:16, dave levi wrote:
I'm testing few things in Tor and I noticed that if im changing(from the source code) the number of hop's(nodes) to be more then 3 hop's it work's fine(slowly, but still working) and if im sting only 2 hop's its still works great. but, when i'm setting only 1 hop, i can open the Tor-browser but i can't use it(Tor-browser) to visit site(regular site or onion site too). so im thinking maybe the Tor-network have protected from users who are using 1 hop?
Yes.
Even before the DoS mitigation stuff, relays wouldn't allow themselves to be used as the only hop in a circuit. Apparently this affects onion service circuits too.
If you want a single-hop proxy, then you don't want Tor.
Matt _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
How does a relay know if there is another relay in the circuit? What if the attacker runs a "relay" locally?
The way a client connects to a relay and the way a relay connects to another relay is different.
Technically the attacker/user could run a relay/bridge locally and connect to that before the remote relay, creating a 2-hop circuit that **might** have performance similar to a 1-hop circuit.
Matt
On 27 Jun 2018, at 00:34, Matt Traudt pastly@torproject.org wrote:
On 6/26/18 10:29, Nagaev Boris wrote:
On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt pastly@torproject.org wrote:
On 6/26/18 10:16, dave levi wrote: I'm testing few things in Tor and I noticed that if im changing(from the source code) the number of hop's(nodes) to be more then 3 hop's it work's fine(slowly, but still working) and if im sting only 2 hop's its still works great. but, when i'm setting only 1 hop, i can open the Tor-browser but i can't use it(Tor-browser) to visit site(regular site or onion site too). so im thinking maybe the Tor-network have protected from users who are using 1 hop?
Yes.
Even before the DoS mitigation stuff, relays wouldn't allow themselves to be used as the only hop in a circuit. Apparently this affects onion service circuits too.
If you want a single-hop proxy, then you don't want Tor.
How does a relay know if there is another relay in the circuit? What if the attacker runs a "relay" locally?
The way a client connects to a relay and the way a relay connects to another relay is different.
Technically the attacker/user could run a relay/bridge locally and
A relay, not a bridge: bridges look like clients to relays. Also, relays that aren't in the consensus trigger the exit defence, and I think they trigger some of the DDoS defences as well.
connect to that before the remote relay, creating a 2-hop circuit that **might** have performance similar to a 1-hop circuit.
T
On Tue, Jun 26, 2018 at 10:27:29AM -0400, Matt Traudt wrote:
Even before the DoS mitigation stuff, relays wouldn't allow themselves to be used as the only hop in a circuit. Apparently this affects onion service circuits too.
Right. Relays protect themselves from being used as one-hop proxies, because it could make life harder for the operators:
"Currently there is no reason to suspect that investigating a single relay will yield user-destination pairs, but if many people are using only a single hop, we make it more likely that attackers will seize or break into relays in hopes of tracing users."
https://www.torproject.org/docs/faq#ChoosePathLength
--Roger
tor-relays@lists.torproject.org
-
dave levi -
Logforme -
Matt Traudt -
Nagaev Boris -
Roger Dingledine -
teor