[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] hardening a tor relay

To: Contra Band <contra0band@xxxxxxxxx>, "tor-relays@xxxxxxxxxxxxxxxxxxxx" <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] hardening a tor relay
From: Contra Band <contra0band@xxxxxxxxx>
Date: Sat, 24 May 2014 06:36:41 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 24 May 2014 09:35:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1400938601; bh=zeNplDSScokuhh0bkGyMQqIEk7FMJFlK4zDJNQM0Mx8=; h=References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=eQld4ua/rWfyuJYFyb+sRqlapRTXYrUcgqPeJeiD3CvK+LV+8CfCyoq0eQCoAsFoZ9+4rr/6iE2qeNI/vgKTGS9oh050qk8BDxOmglvghZvRnxTbe0ZKhf5PrN8fHRncb4K3CKqbGnIU0qnHFIw3wSw7j6vRLOu6ZCWexz5UIgQ=
In-reply-to: <20140524085152.GD32434@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <1400718225.40138.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <537E3469.7020100@xxxxxxxxxx> <CACk28AVjj=YFJ-2LoaY13N5YVSjNx9ygsrPRvw_7vLrXfNiJuA@xxxxxxxxxxxxxx> <20140523223007.GA27732@xxxxxxxxxxxxxx> <1400919936.3088.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20140524085152.GD32434@xxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

That is a great piece of advice David. I have enabled the tcp outgoing 9001 and seeing a lot of new connections established to relays with 9001 ORPort. Thanks a lot.

Keep it up guys...

On Saturday, May 24, 2014 8:51 AM, David Serrano <tor@xxxxxxxxxxxx> wrote:
On 2014-05-24 01:25:36 (-0700), Contra Band wrote:

> 
> Your experience is really helpful. After some thoughts now I'm allowing only 
> 
> incoming tcp ports 443 and ssh 
> 
> outgoing tcp port 443

Please enable at least outgoing port 9001 as well. Most relays listen on that
port, with 443 in second place. With those ports allowed you'll be able to
reach 80% of the network.

This is a quick tally of the number of relays by orport:

$ awk '/^r / {print $8}' ~/tmp/2014-05-24-07-00-00-consensus |sort -n |uniq -c |sort -rn |head
   2613 9001
   1251 443
     49 8080
     35 9090
     34 80
     27 9002
     25 8443
     25 22
     23 8001
     22 110

-- 
David Serrano
GnuPG id: 280A01F9
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Thanks 

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] hardening a tor relay
  - From: David Serrano

References:
- [tor-relays] hardening a tor relay
  - From: Contra Band
- Re: [tor-relays] hardening a tor relay
  - From: Paul Staroch
- Re: [tor-relays] hardening a tor relay
  - From: Noilson Caio
- Re: [tor-relays] hardening a tor relay
  - From: Roger Dingledine
- Re: [tor-relays] hardening a tor relay
  - From: Contra Band
- Re: [tor-relays] hardening a tor relay
  - From: David Serrano

Prev by Author: Re: [tor-relays] hardening a tor relay
Next by Author: Re: [tor-relays] About running an Exit node
Previous by thread: Re: [tor-relays] hardening a tor relay
Next by thread: Re: [tor-relays] hardening a tor relay
Index(es):
- Author
- Thread