any of Tor operators receiving mail from MediaSentry Copyright Infringement?

Geoffrey Goodell goodell at eecs.harvard.edu
Mon Oct 10 13:13:48 UTC 2005


1. Your exit policy is not the default.  We now recommend setting this
as your exit policy:

reject 0.0.0.0/255.0.0.0:*
reject 169.254.0.0/255.255.0.0:*
reject 127.0.0.0/255.0.0.0:*
reject 192.168.0.0/255.255.0.0:*
reject 10.0.0.0/255.0.0.0:*
reject 172.16.0.0/255.240.0.0:*
reject *:25
reject *:119
reject *:135-139
reject *:445
reject *:465
reject *:587
reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6699
reject *:6881-6999
accept *:*

Note that this is both more reasonable about well-known ports and more
restrictive in ranges often chosen by P2P filesharing networks.

2. As long as you are in the business of digging around in the
application layer for clues about whether you should filter a connection
or not, and in so doing provide Tor users with uncertainty about whether
their connections will satisfy the filtering constraints or not, you
might as well just put your Tor router behind a firewall of your own,
with a script to drop connections whose application-layer payloads or
traffic patterns you consider evil.  Indeed, the possibilities are
endless, and ultimately cannot be expressed using simple policy
statements.  Entering the market for application-layer
filtering is a slippery slope.

Geoff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20051010/4813ff33/attachment.pgp>


More information about the tor-talk mailing list