[tor-relays] Any security tips on running a TOR relay?

[Tristan]

Green,

Thanks for the info. I used iptables once when setting up a VPN, but I just
followed instructions. It's obviously way more intricate than UFW lets on.

Also thanks to Mike for the really good blog post about operational
security. It was really informative.

On Aug 4, 2016 8:49 PM, "Green Dream" <greendream848 at gmail.com> wrote:

> P.S. Tristan, here's the explanation from that mailing list... just in
> case people can't access the link or it goes away:
>
> "Yes, it has everything to do with those flag bits. For TCP connections,
> Linux tends to use a "half-duplex" close sequence where either side of the
> session can initiate connection termination via a single 2 way FIN-ACK
> handshake (which puts the connection into the CLOSE_WAIT state), instead of
> a full 4 way FIN-ACK handshake. When one also includes routers and such, it
> is not uncommon, indeed common, that one side might think the connection
> has been terminated, while the other side thinks it has still open or not
> fully terminated. Your log file is, most probably, showing entries for
> cases where your computer thinks the tcp had been closed and it has
> forgotten about it, but the client is trying to close the session. In the
> case where you got a RST bit, it can be because the client gave up trying
> the FIN method and now is just trying to reset the connection. By
> observation only, rather than authoritative reference, it seems that Apple
> computers tend to use FIN and FIN-ACK more, and MS windows computers tend
> to use RST more.
>
> Conclusion: Everything is fine."
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160804/03a6f74f/attachment.html>