[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)



On Tue, 5 Nov 2013 13:39:50 -0800
I <beatthebastards@xxxxxxxxx> allegedly wrote:

> Ip tables are a mystery to me.
> Can someone either explain them or point to a complete explanation,
> please?
> 
> Robert
>  
> "Also, use iptables! If it is a dedicated VPS then drop anything you
> dont recognize, "leaving only Tor ports (9001,9030 default) and maybe
> a service port like 22 for SSH for "something. Port 9050 should not
> be visible from outside..."

Robert

The linux kernel ships with a default network packet processing
subsystem called netfilter (see http://www.netfilter.org/ for a
description of the system). iptables is the mechanism by which you can
define rules to apply to packet filtering in that system. Most people
use iptables to set up default firewall rulesets allowing inbound
traffic only to certain services and denying all others. 

For example, on a webserver you might wish to allow in only
traffic aimed at ports 80 and, if you are running SSL/TLS, 443.
(Of course if that webserver is running remotely you almost certainly
need to allow in traffic to the ssh port to permit remote
administration). 

This is not strictly on-topic for the tor list so you might care to
spend some time perusing the netfilter web page and its related
resources (FAQs, lists etc). Short term  and if it helps you, I wrote
some recommended iptables configuration scripts a while ago. See
https://baldric.net/2012/09/09/iptables-firewall-for-servers/ 

Note, however, that whilst /I/ believe those configurations to be
safe and useful, I would not recommend that you blindly trust my
scripts without first understanding what they do. Netfilter is
complex, and trusting some unknown third party (me) with your
firewall configuration may not be the best idea in the world. :-)

Best

Mick
    
---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays