Having run a relay on an older RPi with standard Raspbian, I would caution you to look carefully at the packages you're using, if you choose that hardware. Of course the Tor package itself is woefully out of date, so you have to build from source. But it's worse than that.
I noticed that running regular apt-get update && apt-get upgrade was not enough to keep openssl up to date. Over a year after Heartbleed had been fixed, I noticed that my "up-to-date" version was still vulnerable, not to mention all the other bugs discovered there in the last few years. I thought maybe I could replace openssl with one of the forks, but was unable to find any pre-built packages or even signed source distributions with signing keys distributed over TLS. It was a pretty bad state of affairs, so I shut that relay down entirely. Maybe it has improved since then, but be careful.
It does help a little to prevent attackers from spinning up a lot of
On 08/28/2016 04:26 PM, Petrusko wrote:
>
>> Up to two per IP.
> Hu? it's sad for people having several CPU... :s
>
relays. With this limit, they must have n/2 IPs at their disposal.
For example, this paper[1] shows an attack for harvesting onion
services. It would have been much easier without the 2-per-IP limit.
Matt
[1]: http://ieee-security.org/TC/SP2013/papers/4977a080.pdf
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor- relays
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays