Tor server
why
The crisis in the Ukraine triggert me to provide Tor relays.
But my motivation is much bigger (and few inches in size): the Stasi
observation files about my parents - few hundred pages.
In contrast here are the ridiculous 9 (and mostly blackened) spy pages about me.
My view:
Freedom needs free press.
Free press needs whistle-blowing.
Whiste-blowing needs anonymity.
Anonymity is provided by Tor.
status
The status of my Tor relays is seen at
metrics.torproject.org.
setup
The relays run at a stable hardened Gentoo Linux,
using always the latest stable vanilla kernel (no modules, minimal config) and LibreSSL.
hint: boot into a kernel made with make defconfig,
strip down the kernel .config file using /usr/src/linux/scripts/kconfig/streamline_config.pl,
and remove everything which is not really needed at a headless server, eg. sound, USB (eg.: why not), graphics, serial interfaces, unused drivers, FS et. al.
/tmp is a tmpfs, swap is encrypted
network: IPv4 and IPv6 with static ip addresses
dnsmasq is used for DNSSEC
incoming ports except ssh, DirPort and ORPort are closed
sshd listens at a non-default port, no password login, no root login
A Tor exit notice is provided at IPv4 and IPv6 DirPort
(
IPv4, IPv4:9030,
IPv6, IPv6:9030
)
homepage is legal-checked (contact, impressum and disclaimer)
misc
An unusual behavior where the BOINC software was involved too happened at 6th of Nov 2014.
And here're few DDoS examples from the past:
27th of April 2015 (>300 MBit/s),
20th of Nov 2015 (34 MBit/s, more),
30th of Jan 2016 (>500 MBit/s),
20th of March 2016 (>900 MBit/s, values),
13th of Jun 2016 (>65 MBit/s),
7th of Jun 2016 (>275 MBit/s),
21th of Jul 2016 (>180 MBit/s, values and graph),
22th of Jul 2016 (>250 Kpck/s, graph)
"Tor" and the "Onion Logo" are registered trade marks of Torproject, Inc.
back to my home page
