parent
5b3efdbec3
commit
9704ff2c57
|
@ -1,3 +1,9 @@
|
|||
Changes in version 0.2.0.27-rc - 2008-05-??
|
||||
o New files:
|
||||
- A new contrib/tor-exit-notice.html file that exit relay operators
|
||||
can put on their website to help reduce abuse queries.
|
||||
|
||||
|
||||
Changes in version 0.2.0.26-rc - 2008-05-13
|
||||
Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug
|
||||
in Debian's OpenSSL packages. All users running any 0.2.0.x version
|
||||
|
|
|
@ -3,7 +3,7 @@ DIST_SUBDIRS = osx suse
|
|||
|
||||
confdir = $(sysconfdir)/tor
|
||||
|
||||
EXTRA_DIST = exitlist tor-tsocks.conf torify.1 tor.nsi.in tor.sh torctl rc.subr cross.sh tor-mingw.nsi.in package_nsis-mingw.sh tor.ico tor-ctrl.sh
|
||||
EXTRA_DIST = exitlist tor-tsocks.conf torify.1 tor.nsi.in tor.sh torctl rc.subr cross.sh tor-mingw.nsi.in package_nsis-mingw.sh tor.ico tor-ctrl.sh linux-tor-prio.sh tor-exit-notice.html
|
||||
|
||||
conf_DATA = tor-tsocks.conf
|
||||
|
||||
|
|
|
@ -1,9 +1,50 @@
|
|||
#!/bin/bash
|
||||
# Written by Marco Bonetti & Mike Perry
|
||||
# Based on instructions from Dan Singletary's ADSL Bandwidth Management HOWTO
|
||||
# Based on instructions from Dan Singletary's ADSL BW Management HOWTO:
|
||||
# http://www.faqs.org/docs/Linux-HOWTO/ADSL-Bandwidth-Management-HOWTO.html
|
||||
# This script is Public Domain.
|
||||
|
||||
############################### README #################################
|
||||
|
||||
# This script provides prioritization of Tor traffic below other
|
||||
# traffic on a Linux server. It has two modes of operation: UID based
|
||||
# and IP based. The UID based method requires that Tor be launched from
|
||||
# a specific user ID. The "User" and "Group" Tor config settings are
|
||||
# insufficient, as they set the UID after the socket is created.
|
||||
# Here is a three line C wrapper you can use to execute Tor and drop
|
||||
# privs to UID 501 before it creates any sockets. Change the UID
|
||||
# to the UID for your tor server user, and compile with
|
||||
# 'gcc tor_wrap.c -o tor_wrap':
|
||||
|
||||
# #include <unistd.h>
|
||||
# int main(int argc, char **argv) {
|
||||
# if(setresuid(501, 501, 501) == -1) { perror("setresuid"); return 1; }
|
||||
# execl("/bin/tor", "/bin/tor", "-f", "/etc/tor/torrc", NULL);
|
||||
# perror("execl"); return 1;
|
||||
# }
|
||||
|
||||
# The IP setting requires that a separate IP address be dedicated to Tor.
|
||||
# Your Torrc should be set to bind to this IP for "OutboundBindAddress",
|
||||
# "ListenAddress", and "Address".
|
||||
|
||||
# You should also tune the individual connection rate parameters below
|
||||
# to your individual connection. In particular, you should leave *some*
|
||||
# minimum amount of bandwidth for Tor, so that Tor users are not
|
||||
# completely choked out when you use your server's bandwidth. 30% is
|
||||
# probably a polite choice.
|
||||
|
||||
# To start the shaping, run it as:
|
||||
# ./linux-tor-prio.sh
|
||||
|
||||
# To get status information (useful to verify packets are getting marked
|
||||
# and prioritized), run:
|
||||
# ./linux-tor-prio.sh status
|
||||
|
||||
# And to stop prioritization:
|
||||
# ./linux-tor-prio.sh stop
|
||||
|
||||
########################################################################
|
||||
|
||||
# BEGIN USER TUNABLE PARAMETERS
|
||||
|
||||
DEV=eth0
|
||||
|
@ -27,7 +68,10 @@ RTT_LATENCY=40
|
|||
RATE_UP=5000
|
||||
|
||||
# RATE_UP_TOR is the minimum speed your Tor connections will have.
|
||||
# They will have at least this much bandwidth for upload
|
||||
# They will have at least this much bandwidth for upload. In general,
|
||||
# you probably shouldn't set this too low, or else Tor users who use
|
||||
# your node will be completely choked out whenever your machine
|
||||
# does any other network activity. That is not very fun.
|
||||
RATE_UP_TOR=1500
|
||||
|
||||
# RATE_UP_TOR_CEIL is the maximum rate allowed for all Tor trafic
|
||||
|
@ -38,7 +82,7 @@ CHAIN=OUTPUT
|
|||
#CHAIN=POSTROUTING
|
||||
|
||||
MTU=1500
|
||||
AVG_PKT=900
|
||||
AVG_PKT=900 # should be more like 600 for non-exit nodes
|
||||
|
||||
# END USER TUNABLE PARAMETERS
|
||||
|
||||
|
|
|
@ -0,0 +1,125 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>This is a Tor Exit Router</title>
|
||||
|
||||
<!--
|
||||
|
||||
This notice is intended to be placed on a virtual host for a domain that
|
||||
your Tor exit node IP reverse resolves to so that people who may be about
|
||||
to file an abuse complaint would check it first before bothering you or
|
||||
your ISP. Ex:
|
||||
http://tor-exit.yourdomain.org or http://tor-readme.yourdomain.org.
|
||||
|
||||
This type of setup has proven very effective at reducing abuse complaints
|
||||
for exit node operators.
|
||||
|
||||
There are a few places in this document that you may want to customize.
|
||||
They are marked with FIXME.
|
||||
|
||||
-->
|
||||
|
||||
</head>
|
||||
<body bgcolor=white text=black>
|
||||
|
||||
<center><h1>This is a Tor Exit Router</h1></center>
|
||||
|
||||
<p>Most likely you are accessing this website because you had some issue with
|
||||
the traffic coming from this IP. This router is part of the <a
|
||||
href="https://www.torproject.org/">Tor Anonymity Network</a>, which is
|
||||
dedicated to providing people with anonymity who need it most: average
|
||||
computer users. This router IP should be generating no other traffic, unless
|
||||
it has been compromised.
|
||||
|
||||
<p>
|
||||
|
||||
While Tor is not designed for malicious computer users, it is inevitable that
|
||||
some may use the network for malicious ends. In the mind of this operator,
|
||||
the social need for easily accessible censorship-resistant anonymous
|
||||
communication trumps the risk. Tor sees use by many important segments of the
|
||||
population, including whistle blowers, journalists, Chinese dissidents
|
||||
skirting the Great Firewall and oppressive censorship, abuse victims,
|
||||
stalker targets, the US military, and law enforcement, just to name a few.
|
||||
|
||||
<p>
|
||||
|
||||
<!-- FIXME: you should probably grab your own copy of tor-route.png
|
||||
and serve it locally -->
|
||||
<center><a href="https://www.torproject.org/overview.html.en">
|
||||
<img src="http://tor-exit.fscked.org/tor-route.png"></a></center>
|
||||
|
||||
<p>
|
||||
|
||||
In terms of applicable law, the best way to understand Tor is to consider it a
|
||||
network of routers operating as common carriers, much like the Internet
|
||||
backbone. However, unlike the Internet backbone routers, Tor routers
|
||||
explicitly do not contain identifiable routing information about the source of
|
||||
a packet.
|
||||
|
||||
<p>
|
||||
|
||||
As such, there is little the operator of this router can do to help you track
|
||||
the connection further. This router maintains no logs of any of the Tor
|
||||
traffic, so there is little that can be done to trace either legitimate or
|
||||
illegitimate traffic (or to filter one from the other). Attempts to
|
||||
seize this router will accomplish nothing.
|
||||
<p>
|
||||
|
||||
<!--- FIXME: US-Only section. Remove if you are a non-US operator -->
|
||||
|
||||
Furthermore, this machine also serves as a carrier of email, which means that
|
||||
its contents are further protected under the ECPA. <a
|
||||
href="http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002707----000-.html">18
|
||||
USC 2707</a> explicitly allows for civil remedies ($1000/account
|
||||
<i><b><u>plus</u></b></i> legal fees)
|
||||
in the event of a seizure executed without good faith or probable cause (it
|
||||
should be clear at this point that traffic with an originating IP address of
|
||||
FIXME_DNS_NAME should not constitute probable cause to seize the
|
||||
machine). Similar considerations exist for 1st amendment content on this
|
||||
machine.
|
||||
|
||||
<p>
|
||||
|
||||
<!-- FIXME: May or may not be US-only. Some non-US tor nodes have in
|
||||
fact reported DMCA harassment... -->
|
||||
|
||||
If you are a representative of a company who feels that this router is being
|
||||
used to violate the DMCA, please be aware that this machine does not host or
|
||||
contain any illegal content. Also be aware that network infrastructure
|
||||
maintainers are not liable for the type of content that passes over their
|
||||
equipment, in accordance with <a
|
||||
href="http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00000512----000-.html">DMCA
|
||||
"safe harbor" provisions</a>. In other words, you will have just as much luck
|
||||
sending a takedown notice to the Internet backbone providers. Please consult
|
||||
<a href="https://www.torproject.org/eff/tor-dmca-response.html">EFF's prepared
|
||||
response</a> for more information on this matter.
|
||||
|
||||
<p>For more information, please consult the following documentation:
|
||||
|
||||
<ol>
|
||||
<li><a href="https://www.torproject.org/overview.html">Tor Overview</a></li>
|
||||
<li><a href="https://www.torproject.org/faq-abuse.html">Tor Abuse FAQ</a></li>
|
||||
<li><a href="https://www.torproject.org//eff/tor-legal-faq.html">Tor Legal FAQ</a></li>
|
||||
</ol>
|
||||
<p>
|
||||
|
||||
That being said, if you still have a complaint about the router, you may
|
||||
email the <a href="mailto:FIXME_YOUR_EMAIL_ADDRESS">maintainer</a>. If
|
||||
complaints are related to a particular service that is being abused, I will
|
||||
consider removing that service from my exit policy, which would prevent my
|
||||
router from allowing that traffic to exit through it. I can only do this on an
|
||||
IP+destination port basis, however. Common P2P ports are
|
||||
already blocked.
|
||||
|
||||
<p>You also have the option of blocking this IP address and others on
|
||||
the Tor network if you so desire. The Tor project provides a <a
|
||||
href="https://www.torproject.org/cvs/tor/contrib/exitlist">python script</a> to
|
||||
extract all IP addresses of Tor exit nodes, and an official <a
|
||||
href="http://exitlist.torproject.org/">DNSRBL</a> is also available to
|
||||
determine if a given IP address is actually a Tor exit server. Please
|
||||
be considerate
|
||||
when using these options. It would be unfortunate to deny all Tor users access
|
||||
to your site indefinitely simply because of a few bad apples.
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
Loading…
Reference in New Issue