[tor-relays] Tor Relay Web Ports

William Kane ttallink at googlemail.com
Wed May 20 21:21:31 UTC 2020


P.S: If you were not asking about relays on OVH, my bad - had their
company name stuck in my head due to your previous posts to the
mailing list.

2020-05-20 21:07 GMT, William Kane <ttallink at googlemail.com>:
> Port 53 over TCP (DNS) seems useless, it won't be used at all or only
> very rarely - your exit already resolves domain names for your
> clients, this is why it's recommended to have a local recursive
> resolver installed instead of passing on DNS requests to remote
> services such as Google or Cloudflare DNS, due to the possibility of
> correlation and anonymity compromising attacks:
>
> https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
> https://medium.com/@nusenu/what-fraction-of-tors-dns-traffic-goes-to-google-and-cloudflare-492229ccfd42
>
> If you open up 80 and 443, expect to receive a lot of abuse mails
> related to brute-forcing or exploit attempts, and having to deal with
> the occasional douche-bag downloading child porn from a clear-net
> hoster and confused law enforcement agencies.
>
> If that doesn't bother you or your hoster (in the case of OVH, it
> will, I can guarantee you that), then go ahead.
>
> OVH is a bad provider though, over-congested network due to all the
> seed boxes, bad peering, many Tor nodes already hosted there, etc.
>
> All that means please don't host another node there, instead go for a
> small provider, ideally also in a country which does not host a lot of
> Tor nodes already, see if they host only a handful of Tor nodes,
> ideally colocate, get your own IP range and ask them to modify the
> abuse address for the range to an address you control.
>
> After that is all done, you can safely ignore most abuse reports
> unless they actually have a case against you, which, in most countries
> is not possible due to network providers being protected from
> liability by the law.
>
> Hope this helps.
>
>
> 2020-05-20 7:24 GMT, mnlph74 <mnlph74 at protonmail.com>:
>> Hi, I'm running a non-exit relay for quite some time now and I would like
>> to
>> open ports 53, 80, 443 (web ports) to be more useful.
>> How do you handle fraudulent complaints? What is the best approach to
>> this
>> situation? Thank you for your help.
>>
>> Sent with ProtonMail Secure Email.
>


More information about the tor-relays mailing list