[tor-relays] Oubound Ports
rm at romanrm.net
Fri Jul 11 09:33:52 UTC 2014
On Fri, 11 Jul 2014 11:02:00 +0200
Moritz Bartl <moritz at torservers.net> wrote:
> > However one thing to consider would be to restrict outbound port 22 and port 53
> > outbound to not get into trouble with your provider due to suspicions of SSH
> > bruteforcing / DNS reflection attacks. This will break a very small portion of
> > circuits built via your relay, but hopefully solve more potential problems
> > than this would cause.
> No! Tor is not able to detect this case, which will make client
> connection silently fail, and make the user experience a sad experience.
Agreed, but my point was that only a small minority of relays use port 22
(checked, 27 of them - more than I expected) or port 53 (just three relays),
so it may be a sacrifice that's worth making, in order to avoid losing the
ability to run Tor altogether due to being kicked out by your ISP.
Some time ago I proposed that Tor flags some ports as being unacceptable as
ORPort, but this did not gather much of a momentum. Meanwhile, especially
port 53 relays continue causing real problems with ISPs.
Running a relay on ports like 22 and 53 should be considered downright rude to
your fellow relay operators.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: not available
More information about the tor-relays