[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] firewalled relays



On Sat, 4 Jun 2011 01:31:10 -0700
Mike Perry <mikeperry@xxxxxxxxxx> wrote:

> Thus spake Jesus Cea (jcea@xxxxxxx):
> 
> > On 03/06/11 16:13, tagnaq wrote:
> > > If one out of 1000 circuits through your relay are failing because you
> > > filter 443 while relaying 50Mbit/s I would find it acceptable,
> > > but I fear it are far more. Do you have any stats? (I'm not sure how to
> > > gather them.)
> > > Mikes opinion is also be very valuable on such topics.
> > 
> > If somebody can tell me where to look...
> 
> You likely need to taylor your iptables rules to also log when you
> reject these connections:
> http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html

This is a *very* dangerous thing for *any* relay to do.  Does iptables
have support for âcountersâ?


> P.P.S. Your ISP is really crazy.

I think âevilâ is more appropriate here -- on the other hand,
âsufficiently advanced cluelessness is indistinguishable from maliceâ.

>                                  Have you thought about giving them a
> link to a torstatus directory of Tor IPs so they can feed it to their
> stupid IDS to whitelist for purposes of outgoing connections? We can
> probably induce torstatus to produce a csv of this IP set if would
> help.

If, as Moritz Bartl said, his ISP's current Terms of Service for new
customers explicitly prohibit Tor, they are likely to respond to this
by making up an excuse to turn off his server completely.


Robert Ransom

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays