-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 5/7/2014 12:56 PM, Pika ohc wrote:
Hi there,
I was considering to run an Exit node with my own pc, however, i have some questions about exit node.
It's very nice you want to contribute to the Tor network by running a relay. If you can spare the budget, it's always better to run a Tor exit relay at a datacenter, on a dedicated or virtual server, and that machine to have only on scope: Tor relay. If you go on this way make sure you specify to the provider that it will be a Tor relay and it will consume bandwidth more than usual.
- How can I know if there is a client specifying me as an exit
node and the traffic is sent from the client to me directly(where my exit node is the first node and also the last node for the client.)?
That is not allowed by default in Tor. You don't need to do anything to protect against this since it won't happen. An user can trick your exit node into thinking that "he" is a Tor relay too, but this will not affect you in any way and it will just have terrible anonymity impact over the so-called "attacker". This would not be something sane to do, I mean nobody would benefit anything out of doing this, it will just decrease their level of anonymity. This affects everyone so it's no cause for worrying.
- If i found some clients trying to do something bad by using the
method mentiond in 1., how can I stop him? Is iptables or anything else can help me to block such clients?
This is irrelevant. You should not do anything and you should not even monitor what the users are doing via your exit relay. Restrict what you do not want to allow by using reject argument in torrc. For example, block port 25 to prevent spam (SMTP) - this is where most abuse comes from. And if you are in a country concerned about p2p filesharing, reject high ports too commonly known to be used by bittorrent. You can find on torproject.org reduced exit policy example. Other than port 25 it's not anything else important what somebody could do to cause harm to you relay, in the real sense of the world. If you consider scanning or bruteforcing SSH or other services relevant, you should not :)
If you are an exit relay, include a valid contact email address in torrc. Run a page on port 80 of the relay's IP (DirPortFrontPage if you use DirPort on port 80) and explain that this is a Tor exit relay, explain in few words what Tor is and provide a valid contact email address so concerned people can at least send you an email. You can find this page sample just by searching on google "this is a tor exit router".
Hope there's someone can answer me. Thank you!
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays