[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Extreme Exit Policy

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Extreme Exit Policy
From: Roger Dingledine <arma@xxxxxxx>
Date: Mon, 17 Dec 2018 19:47:13 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Dec 2018 19:47:25 -0500
In-reply-to: <016001d49661$d6c0f130$8442d390$@bulger.co.uk>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <94E20C0A-28AB-4724-974A-08AE1F1BCE38@quintex.com> <016001d49661$d6c0f130$8442d390$@bulger.co.uk>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.10.1 (2018-07-13)

On Mon, Dec 17, 2018 at 11:40:05PM +0000, gerard@xxxxxxxxxxxx wrote:
> I always blocked the obvious abuse ports, but for reasons I do not know, blocking port 80 except to a few subnets, abolished complaints about my exits.  I widened the number of subnets and complaints started again, so put restrictions back. 
> 
> 443 wide open, along with very wide range of ports and most high numbers.  I am puzzled that port 80 attracts the abuse complaints.  Is it because the port 80 traffic is more easily read by agencies sniffing for bad things and copyright infringements?  

One plausible explanation would be that when you blocked too much of port
80, you lost the Exit flag, which caused most clients to not consider
you as suitable for use in the third hop of their circuit.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2564

That is, by closing down your exit policy so much, you signaled to clients
that they shouldn't try using you as their exit, so most of them didn't.

(You might still see a few exit requests anyway, since clients with a
stream request for port 443 would still consider you a legit option if
they don't have an available circuit. But when they're making preemptive
circuits, they would skip over you because you don't seem like the sort of
relay that's likely to be able to satisfy whatever their future requests
will be.)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Extreme Exit Policy
  - From: gerard

References:
- [tor-relays] Extreme Exit Policy
  - From: John Ricketts
- Re: [tor-relays] Extreme Exit Policy
  - From: gerard

Prev by Author: Re: [tor-relays] Extreme Exit Policy
Next by Author: Re: [tor-relays] Extreme Exit Policy
Previous by thread: Re: [tor-relays] Extreme Exit Policy
Next by thread: Re: [tor-relays] Extreme Exit Policy
Index(es):
- Author
- Thread