[tor-relays] Exit flag and port 6667 vs 6697

teor teor2345 at gmail.com
Tue Jul 4 16:34:48 UTC 2017 

> On 5 Jul 2017, at 00:18, Igor Mitrofanov <igor.n.mitrofanov at gmail.com> wrote:
> 
> Hi,
> 
> I am trying to run a few Exit relays on my 1 gbps connection. To keep
> donating the exit capacity to the Tor project I have to keep abuse
> reports to a minimum.
> 
> In order to have the Exit flag I have read that I have to keep two of
> ports 80, 443 and 6667 open, plus allow exiting to at least one /8
> network - is that still the Dir spec?

Yes.

> Is it correct that without the
> Exit flag, no clients will choose the relay for their circuits - even
> if its Exit policy allows the port they need? For example, take a look
> at the "cry" relay (one of top 10) - it is not marked as "Exit" as it
> only allows ports 6660-6667 - does that mean it is only ever used as a
> middle relay?

It means that clients won't chose the relay for preemptive exit circuits.
I think it might get some other Exit usage, but I'm not sure.

> I have read that port 80 generates quite a bit of abuse complaints as
> it is used to tunnel non-HTTP traffic, by malware, etc. So, choosing
> ports 443 and 6667 to get the 'Exit'  flag looks like the safest
> choice. I have also read that ports above 1024 are more likely to used
> by BitTorrent clients, so they are to be rejected in order to minimize
> abuse.
> 
> My current, rather paranoid, list of accepted ports looks like this:
> 20-21, 53, 443, 993, 995, 6667. I am not sure how useful this is to
> Tor, and whether I will actually avoid complaints, but I guess I can
> only wait and see.

Most Tor traffic is HTTP or HTTPS, and the HTTPS proportion is growing.
So this is useful.

> My question is about 6667 - should Tor's 'Exit flag policy' allow 6697
> (IRC encrypted over SSL) as an alternative to 6667? I would rather
> support people using 6697, if I had the choice.

Some IRC services allow or require SSL on 6667, others require it on
6697. Why not enable both?

So I can't see a strong case for switching to 6697, given that the Exit
flag is only a hint to relay operators about the minimum useful ports.
(And a hint to clients about good relays for preemptive Exit circuits.)

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170705/2a6b5685/attachment.sig>

More information about the tor-relays mailing list