[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: What to do at IP number change?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: What to do at IP number change?
- From: "F. Fox" <kitsune.or@xxxxxxxxx>
- Date: Mon, 07 Jan 2008 18:14:15 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 07 Jan 2008 21:14:27 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=xPKJD0gwMwiQ31mOXOMMuVBQzLzWksK2wIC1yOqs0TQ=; b=mKHddtlxsBCDvxnz1Zl9lMybjRc47zd+a2fiXsiT+CcmPFBUSoR5PfZBu5FHnb+M8Iy3lhunDg3b6i2rP61EW4qUx2mTYARXjDycxOv2CxNUdO7kcytp8NCyPlkEwb0EjTS4mzx+jBP+fJTk/qVUCx41tg8ND1PTepQqcCNi9oY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=MIvSFeSdCjUkHYWKBIjblG/AzmwrQ0g5IQHbRrrZVoQFpic7RKZ7hZ7a5w1PXzpR+Fv13c9Mq5wjQeCQX6lOCsHaXCzkm0K3aYzt+enw9jKsCcUT3t8SHcPOrzHBHH8vwmJTsz4U50FFmwrQvEmdbNtNHWoeXqGW4V10NN/NrrY=
- In-reply-to: <525056157@xxxxxx>
- References: <525056157@xxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 18.104.22.168 (Windows/20071031)
-----BEGIN PGP SIGNED MESSAGE-----
| it's because a moving target is harder to hit; it's more safe to
| change the IP number often. Another point is that states like germany
| do like IP numbers so much that they do data retention and therefore
| i give them what they want - many IP numbers ;-)
~From a purely theoretical idea, I can see why you're doing this;
however, it's very bad for the people who are routing their data through
Every time the IP changes - or the relay even goes down and up (instead
of doing a -SIGHUP) - it breaks all the circuits running through your node.
If security is a big concern - and you have a dedicated machine for
running Tor (which is a must, if you're paranoid about it) - you should
set up a DMZ.
Oh, and as far as the German data retention law, that doesn't take
effect until next year - and I don't know if it's even been passed.
|>> Tor will detect it and republish his server descriptor with the
|>> new IP in it.
|> That is true iff the Address line in torrc contains a host+domain
|> name, not an IP address, and the name server data base in question
|> has been updated to reflect the changed address.
| So i should use a DynDNS host+domain name?
You could, but a better way is to comment out the address line entirely.
This will cause Tor's IP detection to be fully automatic.
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----