blog-contributions/opsec/tor/exit_node/index.html

256 lines
12 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>TOR Exit Node</title>
<!-- Bootstrap core CSS -->
<link href="../../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../../assets/css/xt256.css" rel="stylesheet">
<script src="../../../assets/js/highlight.pack.js"></script>
<!-- Custom styles for this template -->
<link href="../../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../../index.html">Previous Page</a></br></br> <p><img src="../../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 29 / 01 / 2024</ba></p>
<h1>TOR Exit Node </h1>
<img src="../logo.png" class="imgRz">
<p> Before we start, make sure you either rent a VPS anonymously (tor+XMR + ssh via tor) click <a href="https://kycnot.me/search?q=hosting&type=service">here</a> for the list of anonymity-friendly hosting providers or rent a VPS on a cloud provider that <a href="https://community.torproject.org/relay/community-resources/good-bad-isps/">explicitly</a> allows for tor exit nodes to be hosted on their platform.</p>
<img src="2.jpg" class="imgRz">
<p>As a disclaimer, you need to know who allows these tor exit nodes, if you're going to pick a random host provider to host an exit node for you,
you really don't know how the host may respond to that. Therefore it is best to pre-emptively see who actually accepts those exit nodes by looking at their TOS or
by contacting them for additional information. </p>
<img src="1.png" class="imgRz">
<p> ⚠️ Beware that authorities aren't always aware of tor exit node and what to do from a legal stand point. Before hosting an exit node, please take time to do sufficient legal research.
People have been arrested all around the world and had a lot of trouble with authorities because they hosted exit nodes.
If you are still motivated to get your own exit node, keep the phone number of a lawyer specialised in this field just in case anything goes wrong. ⚠️ </p>
<p>Now you can get a domain name to resolve to your exit node, or just use the one provided by njal.la :</p>
<img src="8.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial setup</b></h2> </br> </br>
<pre><code class="nim">
apt update && apt -y dist-upgrade && apt -y autoremove && apt install -y curl tmux vim obfs4proxy gnupg2
apt update -y && apt upgrade -y
apt install curl tmux vim -y
root@Datura:~# cat /etc/apt/sources.list |head -n3
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
root@Datura:~# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
apt update -y
apt install tor nyx
</code></pre>
<p>From inside nyx you can view tor's status :</p>
<pre><code class="nim">
root@exit:~# nyx
</code></pre>
<img src="5.png" class="imgRz">
<p>inside nyx you can use the left and right arrow to navigate the different pages:</p>
<img src="6.png" class="imgRz">
<p>Above you can see the connections, pressing right again shows how your server is configured, along with extra details on each setting:</p>
<img src="7.png" class="imgRz">
<p>Next we make sure it's an exit like so: (be aware that this is where it gets dangerous if you're not doing this on a non-KYC VPS, or on a cloud provider that doesnt accept tor exit nodes.</p>
<pre><code class="nim">
root@exit:~# vim /etc/tor/torrc
root@exit:~# cat /etc/tor/torrc
RunAsDaemon 1
ControlPort 9051
CookieAuthentication 1
ORPort 9001
Nickname anonymous
ExitPolicy accept *:* # Accept exit connections
ExitPolicy reject private:* # Block private IPv4
IPv6Exit 1 # Allow IPv6 connections
ExitPolicy accept6 *:* # Accept IPv6
ExitPolicy reject6 [FC00::]/7:* # Block private IPv6
ExitPolicy reject6 [FE80::]/10:* # Block link-local IPv6
ExitPolicy reject6 [2002::]/16:* # Block 6to4 addresses
</code></pre>
<p>you can also make a stricter tor exit policy like so:</p>
<pre><code class="nim">
root@Datura:~# cat /etc/tor/torrc
RunAsDaemon 1
ControlPort 9051
CookieAuthentication 1
ORPort 9001
Nickname Datura
ExitPolicy accept *:20-21 # FTP
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:80-81 # HTTP, HTTP alt.
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:5222-5223 # XMPP, XMPP over
ExitPolicy accept *:6667-7000 # IRC
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE, HUSH coin
ExitPolicy accept *:9418 # git - Git pack transfer service
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble - voice over IP
ExitPolicy accept *:18080-18081 # Monero
ExitPolicy reject *:*
ExitPolicy reject private:* # Block private IPv4
IPv6Exit 1 # Allow IPv6 connections
ExitPolicy accept6 *:* # Accept IPv6
ExitPolicy reject6 [FC00::]/7:* # Block private IPv6
ExitPolicy reject6 [FE80::]/10:* # Block link-local IPv6
ExitPolicy reject6 [2002::]/16:* # Block 6to4 addresses
</pre></code>
<p>And then just restart the tor service to make sure the exit node is active:</p>
<pre><code class="nim">
root@exit:~# systemctl restart tor@default
root@exit:~# systemctl status tor@default
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; preset: enabled)
Active: active (running) since Mon 2024-01-29 10:43:02 UTC; 5s ago
Process: 3852 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS)
Process: 3853 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
Main PID: 3855 (tor)
Tasks: 3 (limit: 19110)
Memory: 140.1M
CGroup: /system.slice/system-tor.slice/tor@default.service
└─3855 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
Jan 29 10:43:03 exit Tor[3855]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Jan 29 10:43:04 exit Tor[3855]: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
Jan 29 10:43:04 exit Tor[3855]: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Jan 29 10:43:04 exit Tor[3855]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Jan 29 10:43:05 exit Tor[3855]: Bootstrapped 100% (done): Done
Jan 29 10:43:05 exit Tor[3855]: Now checking whether IPv4 ORPort 80.78.22.215:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Jan 29 10:43:05 exit Tor[3855]: Now checking whether IPv6 ORPort [2a0a:3840:8078:22:0:504e:16d7:1337]:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Jan 29 10:43:06 exit Tor[3855]: Self-testing indicates your ORPort [2a0a:3840:8078:22:0:504e:16d7:1337]:9001 is reachable from the outside. Excellent.
Jan 29 10:43:06 exit Tor[3855]: Self-testing indicates your ORPort 80.78.22.215:9001 is reachable from the outside. Excellent. Publishing server descriptor.
Jan 29 10:43:06 exit Tor[3855]: Performing bandwidth self-test...done.
root@exit:~# nyx
</code></pre>
<p>Then wait a few hours for the exit node to appear on tor metrics, then you can take the node fingerprint (example 916EDD8E5D61613BBC7B6CCEFB2778AE706786B9) and check it's status on torproject.org <a href="https://metrics.torproject.org/rs.html#search/flag:exit">here</a>.</p>
<p>After that, you need to wait 2 weeks for the exit node to be fully operational as explained <a href="https://blog.torproject.org/lifecycle-of-a-new-relay/">here</a>.</p>
<pre><code class="nim">
"A new relay, assuming it is reliable and has plenty of bandwidth, goes through four phases: the unmeasured phase (days 0-3) where it gets roughly no use, the remote-measurement phase (days 3-8) where load starts to increase, the ramp-up guard phase (days 8-68) where load counterintuitively drops and then rises higher, and the steady-state guard phase (days 68+). "
</pre></code>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>