[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Extreme Exit Policy
Thanks Roger for your helpful explanations, as always.
I still have exit flags. The total traffic through through my exits does not see change whatever I do to port 80, with some 3,000 exits. Vnstat makes it 17 T a month on my main server. I am puzzled that amount of activity, with limited port 80, is not generating anything on the abuse front with so many ports open,...touching wood firmly now. Delighted, and of course I do feel guilty that I do not have port 80 (or 22 for that matter) wide open for Tor community, but don't have the balls for it, and I am not hiding behind a limited company.
Gerry Bulger
-----Original Message-----
From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Roger Dingledine
Sent: 18 December 2018 00:47
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Extreme Exit Policy
On Mon, Dec 17, 2018 at 11:40:05PM +0000, gerard@xxxxxxxxxxxx wrote:
> I always blocked the obvious abuse ports, but for reasons I do not know, blocking port 80 except to a few subnets, abolished complaints about my exits. I widened the number of subnets and complaints started again, so put restrictions back.
>
> 443 wide open, along with very wide range of ports and most high numbers. I am puzzled that port 80 attracts the abuse complaints. Is it because the port 80 traffic is more easily read by agencies sniffing for bad things and copyright infringements?
One plausible explanation would be that when you blocked too much of port 80, you lost the Exit flag, which caused most clients to not consider you as suitable for use in the third hop of their circuit.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2564
That is, by closing down your exit policy so much, you signaled to clients that they shouldn't try using you as their exit, so most of them didn't.
(You might still see a few exit requests anyway, since clients with a stream request for port 443 would still consider you a legit option if they don't have an available circuit. But when they're making preemptive circuits, they would skip over you because you don't seem like the sort of relay that's likely to be able to satisfy whatever their future requests will be.)
--Roger
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays