[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Calling for more Exit Relays



Hi,

There's not too much special about running an exit relay. Basically you want to make sure your security is good (strong password or pubkey auth, no unnecessary services, proper firewall) and that your relay is properly utilizing its resources (may require some sysctl tweaks if you're not maxing out the network link).

Other than that, make sure nobody has access to your keys and that the exit node has reasonably good uptime.

There's no real maintenance needed for relays, other than keeping the software up to date. For exits you may also need to handle the abuse cases, if any.

Oh, and make sure you don't keep any logs :-)

Tom


butary@xxxxxx schreef op 22/08/15 om 00:09:
Hello,
first of all, sorry for my bad english.
I'm using Tor for some times and I thought it's time to add my part to
the Tor community. So I watched the mailing lists and read a lot of
articles.
Last week I started two 100Mbit/s unmetered exit relays. Another one
200Mbit/s (20TB volume) is planned.
Total costs approx. 50â per month. It is a lot of money for me but I
decided to smoke less cigarettes and drive more bicycle.
It is not the first time I installed and run servers, but to operate Tor
exit relays leaves bad taste. So much traffic and connections ....
The firewall and ssh log is full of warnings, more then I ever had and
is still raising. But I gave my best to secure the servers - as I know.
Can someone describes what are the most important maintenance tasks for
an exit relay, that differ from other "standard" servers?
Currently I check the sparse logs daily.
Thanks for all comments.
ButAry
*Gesendet:* Freitag, 21. August 2015 um 20:06 Uhr
*Von:* "Tom van der Woerdt" <info@xxxxxxx>
*An:* tor-relays@xxxxxxxxxxxxxxxxxxxx
*Betreff:* Re: [tor-relays] Calling for more Exit Relays
spiros_spiros@xxxxxxxxxxx schreef op 21/08/15 om 19:32:
 >
 > ÎÏÎÏ 21 ÏÎÏ ÎÏÎÎÏÏÏÎÏ 2015, 13:21, Sharif Olorin <sio@xxxxxxxxxx> ÎÎÏÎÏÎ:
 >
 >> Could you estimate the number of abuse complaints you receive, or the
 >> amount of time you need to spend responding to them - and how many
 >> exits for how long, for context?
 >
 > I am the operator of exit relays in Iceland, England and Czech
republic (as well as some non-exit relays where the providers are less
friendly to Tor/donât understand Tor). The nodes have been built in the
last six months (financial circumstance only permitted me to start
contributing recently), and I hope to run them for many years to come.
As such they are all Debian Linux based with administration via Chef, so
I probably spend an hour per month on the admin for all of them in total.
 >
 > Abuse complaints generally come in the form of automated email from
Webiron and similar services, via the hosting providers. In one case,
the hosting provider is happy to change the PTR record and abuse email
in the WHOIS to an address that I control, so that they donât bother
forwarding the mail. I get about 5 of these per month for all of the
exits, and no action is necessary. In rare cases, the hosting company
based in the Czech republic asks me what steps I have taken in response
to the abuse report. In this case I respond quickly with a polite
message with the actions Iâve taken (blocking the host in the firewall,
temporarily restricting the port in question or agreeing with the
complainant that they will block the host). I spend about an hour per
month on this task as well. The most frustrating part of this is when
one of the exit nodes attacks a honeypot or connects to a sinkholed DNS
domain, and I have to query the NIDS to make sure it is legit Tor
traffic and my boxe
 > s arenât compromised.
 >
 > The other category of abuse is far more rare but takes a lot of time,
and that is legal threat from a company or state entity. Iâve been very
lucky and so far only had two such cases, both of which required
multiple emails to be sent and staff to be educated in the purpose and
functionality of Tor to make the issue go away. These cases took a few
hours of work and worrying each.
 >
 > All of my exits have a web page on port 80 explaining that they are a
Tor exit and what that means.
 >
 > Hope this is helpful.
 >
 > Spiros

I used to run a lot of exit relays. Roughly 3Gbit/s.

Then the bwauth problems popped up, and some of my exit relays would
suddenly lose all their traffic for a few weeks.

Then at some point the German government decided to spam my main ISP
with legal requests. They didn't like that so they told me to switch
them to normal relays. I tried to convince them, but to be fair, the
amount of time they had to invest dealing with the government was not
worth the money I sent them. So those nodes are no more.

Right now I am left with ~350Mbit/s of exit bandwidth, and the bwauth
problems are not really solved. Image to illustrate:
http://i.imgur.com/xRrr12W.png

The bwauth problem has been dragging along for several months now and
despite my attempts to help out, nothing has changed.

I am talking with some providers to maybe get some decent contracts
again. However, I will not commit to anything before my trust in the
bandwidth authorities (and, by extension, the directory authorities) has
been restored. Committing to annual contracts that cost hundreds of
euros per month is not fun when you can't do a thing to actually get
them utilized properly.

Please don't get me wrong, I strongly believe in the importance of Tor
and would be happy to contribute. Sadly I feel that the Tor Project is
not paying any attention to relay operators or users that have been
affected by issues that have been dragging along for months. It seems
that their main focus is on the research and implementation of cool
projects. Research is nice, but if your network is having trouble, you
may want to shift priorities a bit.

I'm looking forward to a future where the Tor Project operates as a
non-profit company with a focus on keeping its relay operators and users
happy, instead of the research.

As soon as my trust in this operational part of the Tor Project has been
restored, I will probably commit to running more exits again. Until then
it just seems like a waste of time and money.

Tom

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Attachment: smime.p7s
Description: S/MIME-cryptografische ondertekening

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays