[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Extreme Exit Policy

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Extreme Exit Policy
From: <gerard@xxxxxxxxxxxx>
Date: Tue, 18 Dec 2018 23:31:37 -0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Dec 2018 18:31:54 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=bulger.co.uk; s=mail; t=1545175893; bh=leSFbPvF3066jchN/wqPOsBO2HZwchodxeH+LF+PpWQ=; h=From:To:References:In-Reply-To:Subject:Date:From; b=aHhP+LNK9sqV6prAPhd1FDHMwoZAYHl72IbW3wrBplC0f12TPSjRb//89TC2qL1sg HUTSbS+6zXyhD3y1hxBwjOGmTNTnR2xGK9y2KmgYlFzefe4rmeQF/xzgSLFa+4mipi rYLL4UM454f8/q49TOnXP2bhXgZ2SMHxGKjXrpKE=
In-reply-to: <20181218004713.GV25350@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <94E20C0A-28AB-4724-974A-08AE1F1BCE38@quintex.com> <016001d49661$d6c0f130$8442d390$@bulger.co.uk> <20181218004713.GV25350@moria.seul.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQLEZXUt7EXTEurBhSJXxoajA/F1rwMtIhyXAPNplbujhIEbQA==

Thanks Roger for your helpful explanations, as always.

I still have exit flags.  The total traffic through through my exits does not see change whatever I do to port 80,  with some 3,000 exits.  Vnstat makes it 17 T a month on my main server.  I am puzzled that amount of activity, with limited port 80, is not generating anything on the abuse front with so many ports open,...touching wood firmly now.   Delighted, and of course I do feel guilty that I do not have port 80 (or 22 for that matter) wide open for Tor community, but don't have the balls for it, and I am not hiding behind a limited company.

Gerry Bulger

-----Original Message-----
From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Roger Dingledine
Sent: 18 December 2018 00:47
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Extreme Exit Policy

On Mon, Dec 17, 2018 at 11:40:05PM +0000, gerard@xxxxxxxxxxxx wrote:
> I always blocked the obvious abuse ports, but for reasons I do not know, blocking port 80 except to a few subnets, abolished complaints about my exits.  I widened the number of subnets and complaints started again, so put restrictions back. 
> 
> 443 wide open, along with very wide range of ports and most high numbers.  I am puzzled that port 80 attracts the abuse complaints.  Is it because the port 80 traffic is more easily read by agencies sniffing for bad things and copyright infringements?  

One plausible explanation would be that when you blocked too much of port 80, you lost the Exit flag, which caused most clients to not consider you as suitable for use in the third hop of their circuit.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2564

That is, by closing down your exit policy so much, you signaled to clients that they shouldn't try using you as their exit, so most of them didn't.

(You might still see a few exit requests anyway, since clients with a stream request for port 443 would still consider you a legit option if they don't have an available circuit. But when they're making preemptive circuits, they would skip over you because you don't seem like the sort of relay that's likely to be able to satisfy whatever their future requests will be.)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Extreme Exit Policy
  - From: John Ricketts
- Re: [tor-relays] Extreme Exit Policy
  - From: gerard
- Re: [tor-relays] Extreme Exit Policy
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] 300mbps FreeBSD Tor relay on HPE MicroServer Gen10 (AMD X3421)
Next by Author: Re: [tor-relays] Extreme Exit Policy
Previous by thread: Re: [tor-relays] Extreme Exit Policy
Next by thread: Re: [tor-relays] Extreme Exit Policy
Index(es):
- Author
- Thread