[tor-relays] Just got my first Abuse email :-)

Vasilis andz at torproject.org
Sun Oct 22 21:10:00 UTC 2017


Hello,

I will suggest to first reply to the abuse email, rather than using a
reduced exit policy.

Many times ISPs or abuse email senders (even in automated abuse emails)
are happy with any response that they can show to their upstream
provider or abuse reporter.

Dr Gerard Bulger:
> So far I have had no abuse emails or complaints after two months on a new server, using the longer suggested reduced policy list, but I do exclude 80, which seems safer but limits the role as an exit. But 443 open. I closed other potential abuse ports such as 22, 8080, 5900.
> 
> It's not the complaints that worry me, but the reaction of the ISP with any complaints, so best avoided until I can afford to be my own ISP.
> 
> What are the risks of abuse reports in opening up a wide range of high port numbers as an exit say 20,000-50,000? 

From:
'https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy'

"Since bittorrent clients can be run on any port, and most of them pick
random ports, every port you add to your exit policy increases the
probability of a bittorrent client using your exit node to connect to a
monitored peer that is listening on that port. This means that enabling
ranges of ports is especially bad, unfortunately. Each new port adds
1/65535 (or even more if eg. the port numbers listen below are preferred
to use for torrent traffic b/c they are well known now) to your risk of
getting DMCA takedowns. The privileged ports (1-1024) have a smaller
risk of getting DMCA takedowns."

Also have a look at the IANA registered ports:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Registered_ports


~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171022/5f70cc95/attachment.sig>


More information about the tor-relays mailing list