[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

reconsidering default exit policy

To: or-talk@xxxxxxxxxxxxx
Subject: reconsidering default exit policy
From: Geoffrey Goodell <goodell@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Mar 2005 17:52:43 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Thu, 10 Mar 2005 17:53:07 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i

Choosing an appropriate default exit policy is vital to Tor, since
roughly 60% of Tor exit nodes use the default exit policy, unmodified,
and most of those who modify the exit policy probably do not rewrite from
scratch, but simply prepend new lines to the default policy.

The current default policy can be viewed in the "SERVER OPTIONS" section
of the Tor manual, under "ExitPolicy":

http://tor.eff.org/tor-manual.html

Note that this policy rejects everything under 1024 by default, with a
few specific exceptions, chosen very conservatively.  I propose that we
configure our default exit policy to match how we have been describing
our exit policy all along anyway: "accept most things; reject a few
ports most likely to lead to spam, Internet abuse, or misuse of Tor
network resources."

This in mind, here is my proposal:

# reject private networks (no surprises!)  My understanding is that you
# might want to eliminate the 127.0.0.0/8 line if your kernel
# short-circuits connections to local services and if you want those
# services to be available to Tor users who happen to choose your Tor
# node as an exit... someone please correct me if this is wrong.

ExitPolicy reject 0.0.0.0/255.0.0.0:*
ExitPolicy reject 127.0.0.0/255.0.0.0:*
ExitPolicy reject 10.0.0.0/255.0.0.0:*
ExitPolicy reject 172.16.0.0/255.240.0.0:*
ExitPolicy reject 192.168.0.0/255.255.0.0:*
ExitPolicy reject 169.254.0.0/255.255.0.0:*

# reject ports officially used for protocols that were never meant to be
# anonymous (e.g. email, usenet) because of the spam risk, thus reducing
# our worry that the world would associate Tor with pro-spam advocacy.

ExitPolicy reject *:25
ExitPolicy reject *:119

# reject ports officially used for poorly-designed protocols that are
# always attacked by script kiddies.

ExitPolicy reject *:135-139
ExitPolicy reject *:445

# reject ports commonly used by widely-adopted P2P filesharing programs.
# Tor does not take a stand on the ethics or legality of P2P
# filesharing, either in theory or in practice.  We have simply observed
# that encouraging P2P filesharing presently makes our network less
# useful to those for whom Tor was designed.

ExitPolicy reject *:1214
ExitPolicy reject *:4661-4666
ExitPolicy reject *:6346-6429
ExitPolicy reject *:6881-6999

# accept EVERYTHING else.  Tor should be open by default: that is our
# attitude; our formal policy statement should reflect that attitude.

ExitPolicy accept *:*

----------

What do people think?

Geoff

Attachment: signature.asc
Description: Digital signature

Follow-Ups:
- Re: reconsidering default exit policy
  - From: Aaron Cannon
- Re: reconsidering default exit policy
  - From: Chris Palmer
- Re: reconsidering default exit policy
  - From: Thomas Sjögren
- Re: reconsidering default exit policy
  - From: Valient Gough
- Re: reconsidering default exit policy
  - From: Wes Felter

Prev by Author: Re: Fw: RE: proxy testing
Next by Author: Re: reconsidering default exit policy
Previous by thread: Re: (FWD) privoxy.tor: Script control privoxy's tor.
Next by thread: Re: reconsidering default exit policy
Index(es):
- Author
- Thread