Skip to content
Snippets Groups Projects
New look: Off

Move secret bad.conf to public repository

    • Closed (moved) Issue created by Philipp Winter @phw

    I'm in the process of moving bad.conf from inside dirauth-conf to our newly created and public authdirbadexit repository.

    At this point, bad.conf contains 314 authdirbadexit, authdirreject, and authdirinvalid entries, dating back to 2007. Most of these relays are long gone. I think we have the following options:

    1. Don't touch the file and just copy it to the new repository. That's the status quo.
    2. Discard all expired entries and copy the rest. That leaves us with only a handful of entries. The discarded entries still live in the git history of dirauth-conf.
    3. Comment out the expired entries and leave them in the file for future reference. Might be interesting to some people who don't have access to dirauth-conf.

    Opinions?

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • Philipp Winter added badexit component::internal services/service - git git owner::tor-gitadm priority::medium repository resolution::wontfix severity::normal status::closed type::task labels

      added badexit component::internal services/service - git git owner::tor-gitadm priority::medium repository resolution::wontfix severity::normal status::closed type::task labels

    • S
      Sebastian Hahn @sebastian ·

      I really want some kind of thing which checks if a relay on a previously badexited IP comes back up. We've had that case where relays go down for a few months and then reappear again with the same malicious behaviour. But that's probably independent of this discussion. hrm. Option 1 seems easiest for now

    • Tom Ritter
      Tom Ritter @tjr ·

      I vote for Not-Number-Two

      Trac:
      Cc: arma, Sebastian, weasel to arma, Sebastian, weasel, tom

    • Philipp Winter
      Philipp Winter @phw ·
      Author

      I am wondering if we should increase the scope of this repository and rename it to !authdirbadrelay or something. That would also account for all rejected relays, and limiting this to only badexiting is not optimal.

    • C
      cypherpunks @cypherpunks ·

      Replying to phw:

      I am wondering if we should increase the scope of this repository and rename it to !authdirbadrelay or something. That would also account for all rejected relays, and limiting this to only badexiting is not optimal.

      Yes, please include rejected relays! (ideally with a reason comment) So we could use it for look ups.

      Please also publish IP ranges that you blacklist.

      Example: "Are they regenerating keys because they got blacklisted?"

      +---------------------+-----------------+---------+------+------+--------------------------------+---------+---------+----------+
| first_seen          | IP              | country | orp  | dirp | platform                       | as_name | running | FP       |
+---------------------+-----------------+---------+------+------+--------------------------------+---------+---------+----------+
| 2015-06-24 20:00:00 | 188.165.26.13   | lt      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 1B86CC71 |
| 2015-06-24 20:00:00 | 188.165.26.13   | lt      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | DB90B195 |
| 2015-06-24 22:00:00 | 188.165.138.181 | fi      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 0EEB848E |
| 2015-06-24 23:00:00 | 188.165.138.181 | fi      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 9C6DED7D |
| 2015-06-25 20:00:00 | 178.32.143.175  | it      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | B10F4FB5 |
| 2015-06-25 21:00:00 | 178.32.143.175  | it      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 7DB17222 |
| 2015-06-25 22:00:00 | 5.39.122.66     | fr      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 53B53805 |
| 2015-06-25 23:00:00 | 5.39.122.66     | fr      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | D1375F8B |
| 2015-06-26 20:00:00 | 188.165.164.163 | fr      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 328FC3AE |
| 2015-06-26 21:00:00 | 188.165.164.163 | fr      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 325CE6CD |
| 2015-06-26 22:00:00 | 188.165.3.63    | ie      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 6B9EF42A |
| 2015-06-26 23:00:00 | 188.165.3.63    | ie      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | E8444C1D |
| 2015-06-27 20:00:00 | 188.165.26.13   | lt      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | A5156113 |
| 2015-06-27 21:00:00 | 188.165.26.13   | lt      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | F22C8B59 |
| 2015-06-27 22:00:00 | 188.165.138.181 | fi      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 0224348D |
| 2015-06-27 23:00:00 | 188.165.138.181 | fi      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 0E8BB8C9 |
| 2015-06-28 20:00:00 | 178.32.143.175  | it      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 90B29429 |
| 2015-06-28 21:00:00 | 178.32.143.175  | it      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 0CECF4CD |
| 2015-06-28 22:00:00 | 5.39.122.66     | fr      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 0F0B0D41 |
| 2015-06-28 23:00:00 | 5.39.122.66     | fr      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 83A1F6E1 |
| 2015-06-29 20:00:00 | 188.165.164.163 | fr      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | E87EA9EB |
| 2015-06-29 21:00:00 | 188.165.164.163 | fr      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 01B7B6FC |
| 2015-06-29 22:00:00 | 188.165.3.63    | ie      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 23B5A0FA |
| 2015-06-29 23:00:00 | 188.165.3.63    | ie      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | A319F820 |
| 2015-06-30 20:00:00 | 188.165.26.13   | lt      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 05A3C2EE |
| 2015-06-30 21:00:00 | 188.165.26.13   | lt      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | B06B9181 |
| 2015-06-30 22:00:00 | 188.165.138.181 | fi      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | EB7C8A67 |
| 2015-06-30 23:00:00 | 188.165.138.181 | fi      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       0 | 8EF7AD0E |
| 2015-07-01 20:00:00 | 178.32.143.175  | it      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 94D9712D |
| 2015-07-01 21:00:00 | 178.32.143.175  | it      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 25B6BE8C |
| 2015-07-01 22:00:00 | 5.39.122.66     | fr      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 26990920 |
| 2015-07-01 23:00:00 | 5.39.122.66     | fr      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 4D847990 |
| 2015-07-02 20:00:00 | 188.165.164.163 | fr      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 2F663562 |
| 2015-07-02 21:00:00 | 188.165.164.163 | fr      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 5402B586 |
| 2015-07-02 22:00:00 | 188.165.3.63    | ie      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 8DBB1D15 |
| 2015-07-02 23:00:00 | 188.165.3.63    | ie      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | D2625D1F |
| 2015-07-03 21:00:00 | 188.165.26.13   | lt      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 795E688C |
| 2015-07-03 21:00:00 | 188.165.26.13   | lt      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 1DE55DC3 |
| 2015-07-03 22:00:00 | 188.165.138.181 | fi      | 9200 | 9300 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 0192B430 |
| 2015-07-03 22:00:00 | 188.165.138.181 | fi      | 9201 | 9301 | Tor 0.2.6.0-alpha-dev on Linux | OVH SAS |       1 | 407ED1A1 |
+---------------------+-----------------+---------+------+------+--------------------------------+---------+---------+----------+
    • Trac
      Trac @tracbot ·

      Trac:
      Username: tyseom
      Cc: arma, Sebastian, weasel, tom to arma, Sebastian, weasel, tom, tyseom

    • T
      teor @teor ·

      Set all open tickets without a severity to "Normal"

      Trac:
      Severity: N/A to Normal

    • irl
      irl @irl ·

      I think probably phw is no longer working on this.

      Is this even still something that is desirable?

      If it is then we should move this to an appropriate component. This ticket is not about our git service. If not, then we can just close this as wontfix.

      Trac:
      Reviewer: N/A to N/A
      Sponsor: N/A to N/A
      Status: new to needs_information

    • irl
      irl @irl ·

      Setting owner to tor-gitadm as the owners that are set are not working on this currently. (Please correct me if I'm wrong).

      Trac:
      Status: needs_information to assigned
      Owner: phw to tor-gitadm

    • irl
      irl @irl ·

      Setting back to needs_information

      Trac:
      Status: assigned to needs_information

    • irl
      irl @irl ·

      Got information from dgoulet in IRC.

      Please do not re-open this ticket. Even if you would like to argue for this being done, this is not a problem with our git infrastructure and so this is the wrong place to have that debate.

      Trac:
      Resolution: N/A to wontfix
      Status: needs_information to closed

    • Trac closed

      closed

    Please register or sign in to reply