[tor-relays] Oubound Ports

Roman Mamedov rm at romanrm.net
Fri Jul 11 09:33:52 UTC 2014


On Fri, 11 Jul 2014 11:02:00 +0200
Moritz Bartl <moritz at torservers.net> wrote:

> > However one thing to consider would be to restrict outbound port 22 and port 53
> > outbound to not get into trouble with your provider due to suspicions of SSH
> > bruteforcing / DNS reflection attacks. This will break a very small portion of
> > circuits built via your relay, but hopefully solve more potential problems
> > than this would cause.
> 
> No! Tor is not able to detect this case, which will make client
> connection silently fail, and make the user experience a sad experience.

Agreed, but my point was that only a small minority of relays use port 22
(checked, 27 of them - more than I expected) or port 53 (just three relays),
so it may be a sacrifice that's worth making, in order to avoid losing the
ability to run Tor altogether due to being kicked out by your ISP.

Some time ago I proposed that Tor flags some ports as being unacceptable as
ORPort[1], but this did not gather much of a momentum. Meanwhile, especially
port 53 relays continue causing real problems[2] with ISPs.

Running a relay on ports like 22 and 53 should be considered downright rude to
your fellow relay operators.

[1] https://lists.torproject.org/pipermail/tor-talk/2014-June/033173.html

[2] https://lists.torproject.org/pipermail/tor-relays/2014-May/004562.html

-- 
With respect,
Roman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140711/b32040de/attachment.sig>


More information about the tor-relays mailing list