[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] tor-relays Digest, Vol 89, Issue 49



first, Thank you all for you answers and help.
let me make it a bit harder. now, im running a relay which is Guard and Exit relays.
i have defined in my relay(the server that's running the relay in /torrc file) to be "AllowSingleHopExits 1"
and set in my computer that running the TOR(in /torrc file) with the 1(one) hop to:
"ExcludeSingleHopRelays  0"    and
"AllowSingleHopCircuits  1"
so now every thing needs to be ok right?
but, still its not working


On Tue, Jun 26, 2018 at 5:34 PM, <tor-relays-request@xxxxxxxxxxxxxxxxxxxx> wrote:
Send tor-relays mailing list submissions to
        tor-relays@lists.torproject.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
or, via email, send a message with subject or body 'help' to
        tor-relays-request@lists.torproject.org

You can reach the person managing the list at
        tor-relays-owner@lists.torproject.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-relays digest..."


Today's Topics:

   1. Is Tor-network protected from using one hop? (dave levi)
   2. Re: Is Tor-network protected from using one hop? (Logforme)
   3. Re: Is Tor-network protected from using one hop? (Matt Traudt)
   4. Re: Is Tor-network protected from using one hop? (Nagaev Boris)
   5. Re: Is Tor-network protected from using one hop?
      (Roger Dingledine)
   6. Re: Is Tor-network protected from using one hop? (Matt Traudt)


----------------------------------------------------------------------

Message: 1
Date: Tue, 26 Jun 2018 17:16:46 +0300
From: dave levi <levi72827@xxxxxxxxx>
To: tor-relays@lists.torproject.org
Subject: [tor-relays] Is Tor-network protected from using one hop?
Message-ID:
        <CAJUku5hQa5JCk1UCn_CynyVG=kxhXkQpC0-ApW=k7vJxPrTM5g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

 I'm testing few things in Tor and I noticed that if im changing(from the
source code) the number of hop's(nodes) to be more then 3 hop's it work's
fine(slowly,  but still working) and if im sting only 2 hop's its still
works great. but, when i'm setting only 1 hop, i can open the Tor-browser
but i can't use it(Tor-browser) to visit site(regular site or onion site
too). so im thinking maybe the Tor-network have protected from users who
are using 1 hop?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180626/0ee9a653/attachment-0001.html>

------------------------------

Message: 2
Date: Tue, 26 Jun 2018 14:25:42 +0000
From: Logforme <m7527@xxxxxx>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?
Message-ID: <emc7fcd1ee-3ce9-4161-9a90-c2fd28b951b5@mats-win7>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

On 2018-06-26 16:16:46, "dave levi" <levi72827@xxxxxxxxx> wrote:

>I'm testing few things in Tor and I noticed that if im changing(from
>the source code) the number of hop's(nodes) to be more then 3 hop's it
>work's fine(slowly,  but still working) and if im sting only 2 hop's
>its still works great. but, when i'm setting only 1 hop, i can open the
>Tor-browser but i can't use it(Tor-browser) to visit site(regular site
>or onion site too). so im thinking maybe the Tor-network have protected
>from users who are using 1 hop?

I guess it's part of the DoS protection recently implemented. My guard
relay DoS statistics in the heartbeat log entry:

[notice] DoS mitigation since startup: 0 circuits killed with too many
cells. 232704 circuits rejected, 15 marked addresses. 2939 connections
closed. 1534 single hop clients refused.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180626/5eeea141/attachment-0001.html>

------------------------------

Message: 3
Date: Tue, 26 Jun 2018 10:27:29 -0400
From: Matt Traudt <pastly@xxxxxxxxxxxxxx>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?
Message-ID: <35ec8dd3-43bc-1c71-4cb0-00029ba56e64@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=utf-8

On 6/26/18 10:16, dave levi wrote:
> I'm testing few things in Tor and I noticed that if im changing(from the
> source code) the number of hop's(nodes) to be more then 3 hop's it
> work's fine(slowly,  but still working) and if im sting only 2 hop's its
> still works great. but, when i'm setting only 1 hop, i can open the
> Tor-browser but i can't use it(Tor-browser) to visit site(regular site
> or onion site too). so im thinking maybe the Tor-network have protected
> from users who are using 1 hop?
>

Yes.

Even before the DoS mitigation stuff, relays wouldn't allow themselves
to be used as the only hop in a circuit. Apparently this affects onion
service circuits too.

If you want a single-hop proxy, then you don't want Tor.

Matt


------------------------------

Message: 4
Date: Tue, 26 Jun 2018 17:29:29 +0300
From: Nagaev Boris <bnagaev@xxxxxxxxx>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?
Message-ID:
        <CAFC_Vt7906rh2R33hb-tXr3TME5Op2gVbOGvuT79kMRyivTNhQ@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="UTF-8"

On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt <pastly@xxxxxxxxxxxxxx> wrote:
> On 6/26/18 10:16, dave levi wrote:
>> I'm testing few things in Tor and I noticed that if im changing(from the
>> source code) the number of hop's(nodes) to be more then 3 hop's it
>> work's fine(slowly,  but still working) and if im sting only 2 hop's its
>> still works great. but, when i'm setting only 1 hop, i can open the
>> Tor-browser but i can't use it(Tor-browser) to visit site(regular site
>> or onion site too). so im thinking maybe the Tor-network have protected
>> from users who are using 1 hop?
>>
>
> Yes.
>
> Even before the DoS mitigation stuff, relays wouldn't allow themselves
> to be used as the only hop in a circuit. Apparently this affects onion
> service circuits too.
>
> If you want a single-hop proxy, then you don't want Tor.
>
> Matt
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

How does a relay know if there is another relay in the circuit? What
if the attacker runs a "relay" locally?

--
Best regards,
Boris Nagaev


------------------------------

Message: 5
Date: Tue, 26 Jun 2018 10:31:53 -0400
From: Roger Dingledine <arma@xxxxxxx>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?
Message-ID: <20180626143153.GC19069@moria.seul.org>
Content-Type: text/plain; charset=us-ascii

On Tue, Jun 26, 2018 at 10:27:29AM -0400, Matt Traudt wrote:
> Even before the DoS mitigation stuff, relays wouldn't allow themselves
> to be used as the only hop in a circuit. Apparently this affects onion
> service circuits too.

Right. Relays protect themselves from being used as one-hop proxies,
because it could make life harder for the operators:

"Currently there is no reason to suspect that investigating a single
relay will yield user-destination pairs, but if many people are using
only a single hop, we make it more likely that attackers will seize or
break into relays in hopes of tracing users."

https://www.torproject.org/docs/faq#ChoosePathLength

--Roger



------------------------------

Message: 6
Date: Tue, 26 Jun 2018 10:34:50 -0400
From: Matt Traudt <pastly@xxxxxxxxxxxxxx>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Is Tor-network protected from using one hop?
Message-ID: <a72e788e-1083-5f4c-8aec-9ba6cfd96959@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=utf-8

On 6/26/18 10:29, Nagaev Boris wrote:
> On Tue, Jun 26, 2018 at 5:27 PM, Matt Traudt <pastly@xxxxxxxxxxxxxx> wrote:
>> On 6/26/18 10:16, dave levi wrote:
>>> I'm testing few things in Tor and I noticed that if im changing(from the
>>> source code) the number of hop's(nodes) to be more then 3 hop's it
>>> work's fine(slowly,  but still working) and if im sting only 2 hop's its
>>> still works great. but, when i'm setting only 1 hop, i can open the
>>> Tor-browser but i can't use it(Tor-browser) to visit site(regular site
>>> or onion site too). so im thinking maybe the Tor-network have protected
>>> from users who are using 1 hop?
>>>
>>
>> Yes.
>>
>> Even before the DoS mitigation stuff, relays wouldn't allow themselves
>> to be used as the only hop in a circuit. Apparently this affects onion
>> service circuits too.
>>
>> If you want a single-hop proxy, then you don't want Tor.
>>
>> Matt
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> How does a relay know if there is another relay in the circuit? What
> if the attacker runs a "relay" locally?
>

The way a client connects to a relay and the way a relay connects to
another relay is different.

Technically the attacker/user could run a relay/bridge locally and
connect to that before the remote relay, creating a 2-hop circuit that
**might** have performance similar to a 1-hop circuit.

Matt


------------------------------

Subject: Digest Footer

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


------------------------------

End of tor-relays Digest, Vol 89, Issue 49
******************************************

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays