[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problematic ORPorts

> So my idea is, maybe consider making directory authorities blacklist some
> ports as being unacceptable as ORPorts, 22 and 53 come to mind for a start,
> along with maybe 25 to avoid false alarms from anti-spam countermeasures.

ORport config exists to give better anti blocking/censorship
performance. So Tor should not exclude any OR port/protocol.
The problem is with you and your ISP, not other relays who
have fine working relationships with their ISP regarding binding
to those ports.

So if end user feels they are at risk of dumb triggers/policies they
should block their client from contacting such nodes in their
config. Easier if exists new option: ClientNoORPorts [...,] .
Or block such outbound ports on their firewall.

A relay operator who feels they are at risk of making such
contact should probably work with their host or find another
one instead of narrowing their possible outbound paths. (The
impact to tor network of RelayNoORPorts would depend on
percent nodes having your noisy ORport and traffic weights.
May also affect clients reaching specific exit relay using said
ports. And add more overhead signaling. Better to find new host.)
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to