[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problematic ORPorts

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Problematic ORPorts
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Sat, 7 Jun 2014 14:02:43 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 07 Jun 2014 14:12:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=x8s5fHmTC1UnKq70Khjz5c7S2353cZd2v4TmCEtstAM=; b=PoPe8uGAPRYHP4LozYvEqCu3U1tmDFuyvMd3O/aXoLBVdn3VwkGk8sDG0kgYUCu0rL +YB//xo0QFqo0RinDg3pwCxWreb5XbkrHWvwPtxG7m/O2QrP7wVWivbRjopb37dLPytk 8o7H2HZ0FJ+hK486Hk5x4jJuX8xu1Vzb5SVvf+wQoKUUbe+9c0F8BO1SGDyp4dF8TkEm 1VutgH41syL2DM+noUt66QUQwNM+O8qpwd85pza9n0stAFCSdW5X0Wimm6G/7R7JPgRc cHr2qXk1AVA2B/V2j67RD5X6kUhH31pPSxYS2IwoKN4kEFlV1q6ksSrkM2k7+c3que0I gnZA==
In-reply-to: <20140607151420.6cde8acd@natsu>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20140607151420.6cde8acd@natsu>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

> So my idea is, maybe consider making directory authorities blacklist some
> ports as being unacceptable as ORPorts, 22 and 53 come to mind for a start,
> along with maybe 25 to avoid false alarms from anti-spam countermeasures.

ORport config exists to give better anti blocking/censorship
performance. So Tor should not exclude any OR port/protocol.
The problem is with you and your ISP, not other relays who
have fine working relationships with their ISP regarding binding
to those ports.

So if end user feels they are at risk of dumb triggers/policies they
should block their client from contacting such nodes in their
config. Easier if exists new option: ClientNoORPorts [...,] .
Or block such outbound ports on their firewall.

A relay operator who feels they are at risk of making such
contact should probably work with their host or find another
one instead of narrowing their possible outbound paths. (The
impact to tor network of RelayNoORPorts would depend on
percent nodes having your noisy ORport and traffic weights.
May also affect clients reaching specific exit relay using said
ports. And add more overhead signaling. Better to find new host.)
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Problematic ORPorts
  - From: Roman Mamedov

References:
- [tor-talk] Problematic ORPorts
  - From: Roman Mamedov

Prev by Author: Re: [tor-talk] [Cryptography] DOJ Wants to Expand Authority to Break Into Suspects' Computers
Next by Author: Re: [tor-talk] Security concerns with running an exit relay
Previous by thread: [tor-talk] Problematic ORPorts
Next by thread: Re: [tor-talk] Problematic ORPorts
Index(es):
- Author
- Thread