[tor-dev] Should cloud-hosted relays be rejected?
Tim Wilson-Brown - teor
teor2345 at gmail.com
Tue Sep 1 00:01:11 UTC 2015
>> On 1 Sep 2015, at 07:45, Philipp Winter <phw at nymity.ch <mailto:phw at nymity.ch>> wrote:
>> The harm caused by cloud-hosted relays is more difficult to quantify.
>> Getting rid of them also wouldn't mean getting rid of any attacks. At
>> best, attackers would have to jump through more hoops.
>> If we were to decide to permanently reject cloud-hosted relays, we would
>> have to obtain the netblocks that are periodically published by all
>> three (and perhaps more) cloud providers:
>> <https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html <https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html>>
>> <https://msdn.microsoft.com/en-us/library/azure/Dn175718.aspx <https://msdn.microsoft.com/en-us/library/azure/Dn175718.aspx>>
>> <https://cloud.google.com/appengine/kb/general?hl=en#static-ip <https://cloud.google.com/appengine/kb/general?hl=en#static-ip>>
>> Note that this should be done periodically because the netblocks are
>> subject to change.
> On 1 Sep 2015, at 08:58, nusenu <nusenu at openmailbox.org> wrote:
> Should you decide to continue generally blacklisting entire ISPs/ASes/IP
> Please add that info (including the banned ISPs/ASes/IP ranges) to the
> documentation (i.e. relay setup guides ) so volunteers don't waste
> their time and money to setup blacklisted relays .
>  https://www.torproject.org/getinvolved/relays.html.en <https://www.torproject.org/getinvolved/relays.html.en>
> https://lists.torproject.org/pipermail/tor-relays/2015-August/007655.html <https://lists.torproject.org/pipermail/tor-relays/2015-August/007655.html>
If the blocked IP ranges are going to become numerous, and change frequently, why not create a tool that volunteer relay operators can use to check an IP address?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-dev