On Fri, 11 Jul 2014 11:02:00 +0200 Moritz Bartl <moritz@xxxxxxxxxxxxxx> wrote: > > However one thing to consider would be to restrict outbound port 22 and port 53 > > outbound to not get into trouble with your provider due to suspicions of SSH > > bruteforcing / DNS reflection attacks. This will break a very small portion of > > circuits built via your relay, but hopefully solve more potential problems > > than this would cause. > > No! Tor is not able to detect this case, which will make client > connection silently fail, and make the user experience a sad experience. Agreed, but my point was that only a small minority of relays use port 22 (checked, 27 of them - more than I expected) or port 53 (just three relays), so it may be a sacrifice that's worth making, in order to avoid losing the ability to run Tor altogether due to being kicked out by your ISP. Some time ago I proposed that Tor flags some ports as being unacceptable as ORPort[1], but this did not gather much of a momentum. Meanwhile, especially port 53 relays continue causing real problems[2] with ISPs. Running a relay on ports like 22 and 53 should be considered downright rude to your fellow relay operators. [1] https://lists.torproject.org/pipermail/tor-talk/2014-June/033173.html [2] https://lists.torproject.org/pipermail/tor-relays/2014-May/004562.html -- With respect, Roman
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays