[tor-dev] Should cloud-hosted relays be rejected?

Tim Wilson-Brown - teor teor2345 at gmail.com
Tue Sep 1 00:01:11 UTC 2015 

>> On 1 Sep 2015, at 07:45, Philipp Winter <phw at nymity.ch <mailto:phw at nymity.ch>> wrote:
>> 
>> The harm caused by cloud-hosted relays is more difficult to quantify.
>> Getting rid of them also wouldn't mean getting rid of any attacks.  At
>> best, attackers would have to jump through more hoops.
>> 
>> If we were to decide to permanently reject cloud-hosted relays, we would
>> have to obtain the netblocks that are periodically published by all
>> three (and perhaps more) cloud providers:
>> <https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html <https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html>>
>> <https://msdn.microsoft.com/en-us/library/azure/Dn175718.aspx <https://msdn.microsoft.com/en-us/library/azure/Dn175718.aspx>>
>> <https://cloud.google.com/appengine/kb/general?hl=en#static-ip <https://cloud.google.com/appengine/kb/general?hl=en#static-ip>>
>> 
>> Note that this should be done periodically because the netblocks are
>> subject to change.

> On 1 Sep 2015, at 08:58, nusenu <nusenu at openmailbox.org> wrote:
> 
> Should you decide to continue generally blacklisting entire ISPs/ASes/IP
> ranges:
> 
> Please add that info (including the banned ISPs/ASes/IP ranges) to the
> documentation (i.e. relay setup guides [4])  so volunteers don't waste
> their time and money to setup blacklisted relays [5].
> 
> [4] https://www.torproject.org/getinvolved/relays.html.en <https://www.torproject.org/getinvolved/relays.html.en>
> [5]
> https://lists.torproject.org/pipermail/tor-relays/2015-August/007655.html <https://lists.torproject.org/pipermail/tor-relays/2015-August/007655.html>
If the blocked IP ranges are going to become numerous, and change frequently, why not create a tool that volunteer relay operators can use to check an IP address?

Tim (teor)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150901/9985bc33/attachment-0001.html>

More information about the tor-dev mailing list