Tor server


The crisis in the Ukraine triggert me to provide Tor relays.

But my motivation is much bigger (and few inches in size): the Stasi observation files about my parents - few hundred pages.
In contrast here are the ridiculous 9 (and mostly blackened) spy pages about me.

My view: Freedom needs free press. Free press needs whistle-blowing. Whiste-blowing needs anonymity. Anonymity is provided by Tor.


The status of my Tor relays is seen at


  • The relays run at a stable hardened Gentoo Linux, using always the latest stable vanilla kernel (no modules, minimal config) and LibreSSL.
    hint: boot into a kernel made with make defconfig, strip down the kernel .config file using /usr/src/linux/scripts/kconfig/, and remove everything which is not really needed at a headless server, eg. sound, USB (eg.: why not), graphics, serial interfaces, unused drivers, FS et. al.
  • /tmp is a tmpfs, swap is encrypted
  • network: IPv4 and IPv6 with static ip addresses
  • dnsmasq is used for DNSSEC
  • incoming ports except ssh, DirPort and ORPort are closed
  • sshd listens at a non-default port, no password login, no root login
  • A Tor exit notice is provided at IPv4 and IPv6 DirPort ( IPv4, IPv4:9030, IPv6, IPv6:9030 )
  • homepage is legal-checked (contact, impressum and disclaimer)
  • misc

    An unusual behavior where the BOINC software was involved too happened at 6th of Nov 2014.
    And here're few DDoS examples from the past:
    27th of April 2015 (>300 MBit/s), 20th of Nov 2015 (34 MBit/s, more), 30th of Jan 2016 (>500 MBit/s), 20th of March 2016 (>900 MBit/s, values), 13th of Jun 2016 (>65 MBit/s), 7th of Jun 2016 (>275 MBit/s), 21th of Jul 2016 (>180 MBit/s, values and graph), 22th of Jul 2016 (>250 Kpck/s, graph)

    "Tor" and the "Onion Logo" are registered trade marks of Torproject, Inc.

    back to my home page