[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Public Munin Graphs: Security Risk?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Public Munin Graphs: Security Risk?
From: Andrew Lewman <andrew@xxxxxxxxxxxxx>
Date: Tue, 29 Jan 2013 11:07:05 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Jan 2013 11:07:18 -0500
In-reply-to: <5107F0D2.1040304@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Organization: The Tor Project, Inc.
References: <5107F0D2.1040304@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx

On Tue, 29 Jan 2013 16:54:58 +0100
Moritz Bartl <moritz@xxxxxxxxxxxxxx> wrote:

> I finally deployed Munin across our exit nodes. The graphs are
> currently public, and I don't see an obvious reason for not doing
> that. Any objections?

For what it's worth, we do this too, https://munin.torproject.org.
Right now it has a tor-guest account on it to avoid cgi exploits, but
otherwise it has been fine for the past few years.

If someone does exploit a cgi script, they'll get an empty webserver
with copies of munin data. Not the end of the world for us.

Thanks for putting that up Moritz. Others can learn what it takes to
run busy exit relays.

-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Public Munin Graphs: Security Risk?
  - From: Moritz Bartl

Prev by Author: Re: [tor-relays] MaxAdvertisedBandwidth advice please
Next by Author: Re: [tor-relays] running relay severely degrades network performance eventually
Previous by thread: [tor-relays] Public Munin Graphs: Security Risk?
Next by thread: Re: [tor-relays] Public Munin Graphs: Security Risk?
Index(es):
- Author
- Thread