On 4/28/2014 10:04 PM, Zack Weinberg wrote:
For what it's worth, after complaints from campus IT we also wound up blocking SSH in the CMU Tor exit's policy. It's a shame we can't help people do sysadmin stuff and whatnot anonymously, but the port scans do seem to happen quite often.
zw
The silly thing is that port scans happen hundreds of times per day to every internet-connected device, and Tor isn't involved in the vast majority of it. Not a single server on the 'net is made more secure by an exit node blocking a port. Will they request that port 80 be blocked because of the SQL injection and Wordpress vulnerability scans? Or that IMAP and FTP ports be blocked for attempts to brute force logins? Any open port has the potential for abuse -- blocking ports doesn't seem like a very well thought-out response to the issue.
The time people spend complaining to exit node operators would be much better spent performing any number of simple changes that would /actually/ improve security for the server(s). I think if a server is so threatened by a port scan that it invokes a human response, that server probably shouldn't be online.
/rant
-- Mike