reconsidering default exit policy

Aaron Cannon cannona at fireantproductions.com
Fri Mar 11 01:41:12 UTC 2005 

Looks ok, although 6699 is also a port used by WinMX and the like.


At 04:52 PM 3/10/2005, you wrote:
>Choosing an appropriate default exit policy is vital to Tor, since
>roughly 60% of Tor exit nodes use the default exit policy, unmodified,
>and most of those who modify the exit policy probably do not rewrite from
>scratch, but simply prepend new lines to the default policy.
>
>The current default policy can be viewed in the "SERVER OPTIONS" section
>of the Tor manual, under "ExitPolicy":
>
>http://tor.eff.org/tor-manual.html
>
>Note that this policy rejects everything under 1024 by default, with a
>few specific exceptions, chosen very conservatively.  I propose that we
>configure our default exit policy to match how we have been describing
>our exit policy all along anyway: "accept most things; reject a few
>ports most likely to lead to spam, Internet abuse, or misuse of Tor
>network resources."
>
>This in mind, here is my proposal:
>
># reject private networks (no surprises!)  My understanding is that you
># might want to eliminate the 127.0.0.0/8 line if your kernel
># short-circuits connections to local services and if you want those
># services to be available to Tor users who happen to choose your Tor
># node as an exit... someone please correct me if this is wrong.
>
>ExitPolicy reject 0.0.0.0/255.0.0.0:*
>ExitPolicy reject 127.0.0.0/255.0.0.0:*
>ExitPolicy reject 10.0.0.0/255.0.0.0:*
>ExitPolicy reject 172.16.0.0/255.240.0.0:*
>ExitPolicy reject 192.168.0.0/255.255.0.0:*
>ExitPolicy reject 169.254.0.0/255.255.0.0:*
>
># reject ports officially used for protocols that were never meant to be
># anonymous (e.g. email, usenet) because of the spam risk, thus reducing
># our worry that the world would associate Tor with pro-spam advocacy.
>
>ExitPolicy reject *:25
>ExitPolicy reject *:119
>
># reject ports officially used for poorly-designed protocols that are
># always attacked by script kiddies.
>
>ExitPolicy reject *:135-139
>ExitPolicy reject *:445
>
># reject ports commonly used by widely-adopted P2P filesharing programs.
># Tor does not take a stand on the ethics or legality of P2P
># filesharing, either in theory or in practice.  We have simply observed
># that encouraging P2P filesharing presently makes our network less
># useful to those for whom Tor was designed.
>
>ExitPolicy reject *:1214
>ExitPolicy reject *:4661-4666
>ExitPolicy reject *:6346-6429
>ExitPolicy reject *:6881-6999
>
># accept EVERYTHING else.  Tor should be open by default: that is our
># attitude; our formal policy statement should reflect that attitude.
>
>ExitPolicy accept *:*
>
>----------
>
>What do people think?
>
>Geoff
>



--
E-mail: cannona at fireantproductions.com
Skype: cannona
MSN Messenger: cannona at hotmail.com (Do not send E-mail to the hotmail address.)

More information about the tor-talk mailing list