[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Handling possible abuse requests

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Handling possible abuse requests
From: pa011 <pa011@xxxxxx>
Date: Thu, 19 May 2016 22:44:05 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 May 2016 16:49:55 -0400
In-reply-to: <573DA9E7.5010500@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <573CCD04.9010603@xxxxxx> <573DA9E7.5010500@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0

Thank you all who have contributed with there hints, support and
motivation so far. I will dig into that links and papers hopefully in
the coming days and probably ask again afterwards :-)

What seems to be important is to get an IP reassignment from the ISP -is
that really essential to start?

And furthermore is it ok to run with such a set of IP4 rules:

/etc/iptables/rules.v4
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Thank you again

PA

Am 19.05.2016 um 13:56 schrieb Moritz Bartl:
> On 05/18/2016 10:13 PM, pa011 wrote:
>> Is there anybody out there who can give me some advice, or even help me
>> doing (answering) these?
> 
> I think it is pretty much straightforward. You can explain what Tor is,
> why you are supporting it, and in some more heated cases offer to
> temporarily block destination IP/port pairs. You will come up with your
> own language and standard cases as you go along, and from that can
> derive some template replies.
> 
>> How many of those abuses are to expect?
>> How to avoid on changing what parameters?
> 
> The easiest parameter to tune is bandwidth. The more bandwidth you
> provide, the more abusive traffic you will see. The second most
> important parameter is the ExitPolicy. See also
> https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
> and https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines .
> 
> Thanks for running Tor relays, and welcome to the exit business! :)
>

Attachment: 0xC8C330E7.asc
Description: application/pgp-keys

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Handling possible abuse requests
  - From: Tristan

References:
- [tor-relays] Handling possible abuse requests
  - From: pa011
- Re: [tor-relays] Handling possible abuse requests
  - From: Moritz Bartl

Prev by Author: [tor-relays] Handling possible abuse requests
Next by Author: Re: [tor-relays] VPS for Exits
Previous by thread: Re: [tor-relays] Handling possible abuse requests
Next by thread: Re: [tor-relays] Handling possible abuse requests
Index(es):
- Author
- Thread