-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 06/03/2011 02:45 PM, Jesus Cea wrote:
I run a TOR node in OVH (France). They shutdown my server several times because it was "hacked" in the sense of "we don't think a server should make outgoing port 443 connections". After a lof of complains and arguments, and a dozen of shutdowns, I restricted my node to NON-EXIT. And filter my 443 outgoing at FW level, because even connecting to port 443 of other TOR nodes were considered "you have a compromised machine".
I suppose most of the circuits attempts through your relay will break because 7 out of the 10 fastest relays have their ORPort set to 443. (in total ~30% of relays have ORPort set to 443)
Your relay won't be able to publish its descriptor to all directory authorities. Would be nice to add a detection for such firewalled relays to the scanner.
You might be interested into this (long term) feature request: https://trac.torproject.org/projects/tor/ticket/3028