[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Oubound Ports



On Thu, 10 Jul 2014 19:48:06 -0700
"Greg Moss" <gmoss82@xxxxxxxxx> wrote:

> Thanks for the help. I have my ORport and DIRport defined in torrc and
> forwarded through the firewall up to the Tor Relay. I was just wondering in
> regards to outbound traffic from the server itself. In the event it gets
> compromised I really hate to open all ports outbound let alone possible DNS
> leaks and what not. Appoligize if this doesn't make since I just fired this
> thing up yesterday and want to make sure it is secure.

You do need to have all ports open outbound.

The reason is, your relay needs to be able to connect to all other relays, and
people run their relays on all sorts of weird ports.

However one thing to consider would be to restrict outbound port 22 and port 53
outbound to not get into trouble with your provider due to suspicions of SSH
bruteforcing / DNS reflection attacks. This will break a very small portion of
circuits built via your relay, but hopefully solve more potential problems
than this would cause.

-- 
With respect,
Roman

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays