[tor-relays] Exit policy question
tagnaq at gmail.com
Fri Jun 3 13:13:15 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 06/03/2011 02:45 PM, Jesus Cea wrote:
> I run a TOR node in OVH (France). They shutdown my server several times
> because it was "hacked" in the sense of "we don't think a server should
> make outgoing port 443 connections". After a lof of complains and
> arguments, and a dozen of shutdowns, I restricted my node to NON-EXIT.
> And filter my 443 outgoing at FW level, because even connecting to port
> 443 of other TOR nodes were considered "you have a compromised machine".
I suppose most of the circuits attempts through your relay will break
because 7 out of the 10 fastest relays have their ORPort set to 443.
(in total ~30% of relays have ORPort set to 443)
Your relay won't be able to publish its descriptor to all directory
Would be nice to add a detection for such firewalled relays to the scanner.
You might be interested into this (long term) feature request:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-relays