[tor-relays] Oubound Ports
Ryan Getz
ryan2 at getzmail.com
Fri Jul 11 14:19:34 UTC 2014
On Fri, Jul 11, 2014, at 09:41 AM, Moritz Bartl wrote:
> On 07/11/2014 11:33 AM, Roman Mamedov wrote:
> > Agreed, but my point was that only a small minority of relays use port 22
> > (checked, 27 of them - more than I expected) or port 53 (just three relays),
> > so it may be a sacrifice that's worth making, in order to avoid losing the
> > ability to run Tor altogether due to being kicked out by your ISP.
>
> I don't see the point in blocking arbitrary outgoing ports for an
> application that is not going to make any connections other than relay
> connections. The danger of Tor misbehaving on port 22 or port 53 is the
> same as on any other port.
>
> > Some time ago I proposed that Tor flags some ports as being unacceptable as
> > ORPort[1], but this did not gather much of a momentum.
>
> A port is a number. None of them is special. I really don't see any
> reason to discriminate any.
>
> --
> Moritz Bartl
> https://www.torservers.net/
I agree but it depends on the service provider. I've just recently begun
running some relays and while one provider confirmed I could run a
non-exit relay on their network, I was later flagged as abusive for too
many outgoing connections on port 22. Their network monitoring software
tripped the alert as possible SSH scan / exit relay activity. After a
few days of working with them, the issue is finally resolved as they now
understand it was not malicious and I am not operating an exit.
While I still don't fully understand why my server connects over port 22
to some servers listed with the OR port of 443, I clearly have more to
learn about Tor functionality. Regardless, many providers monitor
proactively for malicious traffic patterns. Many outgoing connections on
port 22 appear as SSH scans/brute forcing to a provider. 25 often appear
as spam and 53 as DNS reflection attacks.
I've worked with many providers that do not provide good support and
will instantly suspend/terminate your service when they detect these
traffic patterns. Some allow you to resume service after justification
and the worst ones never resume your service or allow justification.
While these are not providers that I'd recommend using when network
diversity is important and more new users attempt to contribute to the
network, this does cause additional obstacles when using some providers
for hosting a relay. A port is a port but using ports 22, 25 and 53 in
particular are definitely going to cause headaches for a subset of
contributors.
Regards,
Ryan
More information about the tor-relays
mailing list