What to do at IP number change?

F. Fox kitsune.or at gmail.com
Tue Jan 8 02:14:15 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

dr._no at cool.ms wrote:
(snip)
|
| it's because a moving target is harder to hit; it's more safe to
| change the IP number often. Another point is that states like germany
|  do like IP numbers so much that they do data retention and therefore
|  i give them what they want - many IP numbers ;-)

~From a purely theoretical idea, I can see why you're doing this;
however, it's very bad for the people who are routing their data through
your node.

Every time the IP changes - or the relay even goes down and up (instead
of doing a -SIGHUP) - it breaks all the circuits running through your node.

If security is a big concern - and you have a dedicated machine for
running Tor (which is a must, if you're paranoid about it) - you should
set up a DMZ.

Oh, and as far as the German data retention law, that doesn't take
effect until next year - and I don't know if it's even been passed.

(snip)
|>> Tor will detect it and republish his server descriptor with the
|>> new IP in it.
|>>
|> That is true iff the Address line in torrc contains a host+domain
|> name, not an IP address, and the name server data base in question
|> has been updated to reflect the changed address.
|
| So i should use a DynDNS host+domain name?
|
(snip)

You could, but a better way is to comment out the address line entirely.
This will cause Tor's IP detection to be fully automatic.

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHgtx3bgkxCAzYBCMRCK2eAJwIkK+JLNAYC13iHM6UUaBBSZU/VwCdGsf1
FDOc3WdxyZoCBfxhIegYiNk=
=uK8f
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list