[tor-relays] Exit policy question

tagnaq tagnaq at gmail.com
Fri Jun 3 13:13:15 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/03/2011 02:45 PM, Jesus Cea wrote:
> I run a TOR node in OVH (France). They shutdown my server several times
> because it was "hacked" in the sense of "we don't think a server should
> make outgoing port 443 connections". After a lof of complains and
> arguments, and a dozen of shutdowns, I restricted my node to NON-EXIT.
> And filter my 443 outgoing at FW level, because even connecting to port
> 443 of other TOR nodes were considered "you have a compromised machine".

I suppose most of the circuits attempts through your relay will break
because 7 out of the 10 fastest relays have their ORPort set to 443.
(in total ~30% of relays have ORPort set to 443)

Your relay won't be able to publish its descriptor to all directory
authorities.
Would be nice to add a detection for such firewalled relays to the scanner.

You might be interested into this (long term) feature request:
https://trac.torproject.org/projects/tor/ticket/3028

-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk3o3esACgkQyM26BSNOM7aLqAD/VGVNBZ4U7hzbqXk+QT2XY4Fe
fEbKnrW7KsWE5fOVqD4A/35s1J9m09Vl4kXRa26BANJuWmQROMXllh/h7yhATKL9
=HVUb
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list