Dear Team,
I started building new images for Amazon EC2, as of last night. I noticed that obf2 and obf3 ports are hard-coded and the same for all Tor instances on Amazon.
Is there a specific reason for this? If not, can I randomize the ports?
All the best, SiNA
On 2014-06-11 23:50, Karsten Loesing wrote:
Hi Sina,
please find the following conversation below from #tor-project. Any thoughts?
Thanks, Karsten
06:43:15 < Lunar^> We really need a maintainer for Tor Cloud. Thre's some of the support tickets we are getting I have no idea how to answer… 06:45:20 < karsten>
https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure says inf0 and Runa are the maintainers. 06:45:55 < karsten> is that not the case? should we mark it as unmaintained and threaten to turn it off three months later? 06:47:01 < arma1> sina said he would pick it up 06:47:04 < arma1> but i don't know that he ever did 06:47:13 < karsten> sina = inf0? 06:47:18 < arma1> perhaps karsten could mail him and ask if he is maintaining it or if we should turn it off? 06:47:19 < arma1> yes 06:47:28 < karsten> sure, I can do that. 06:47:57 < arma1> thanks!
On Fri, Jun 13, 2014 at 3:51 PM, Sina Rabbani sina@redteam.net wrote:
Dear Team,
Hi,
I started building new images for Amazon EC2, as of last night. I noticed that obf2 and obf3 ports are hard-coded and the same for all Tor instances on Amazon.
Is there a specific reason for this? If not, can I randomize the ports?
Users need to create a security group in the EC2 web interface and specify which ports their instances will be using. If you randomize the ports used by the Tor Cloud instances, users will have no idea which ports to open.
Also, you can drop obfs2 now and just implement support for normal bridges and obfs3. In a few weeks, you should be able to add scramblesuit and one other transport as well.
On 2014-06-13 08:55, Runa A. Sandvik wrote:
On Fri, Jun 13, 2014 at 3:51 PM, Sina Rabbani sina@redteam.net wrote:
Hi Runa!
Users need to create a security group in the EC2 web interface and specify which ports their instances will be using. If you randomize the ports used by the Tor Cloud instances, users will have no idea which ports to open.
I think we can just open a range of ports on the Amazon's security interface. Also, since Tor and SSH are the only network listening programs, we probably don't even need a firewall at all.
Also, you can drop obfs2 now and just implement support for normal bridges and obfs3. In a few weeks, you should be able to add scramblesuit and one other transport as well.
I will remove obfs2 from the bridge image.
All the best, SiNA
On Fri, Jun 13, 2014 at 5:45 PM, Sina Rabbani sina@redteam.net wrote:
On 2014-06-13 08:55, Runa A. Sandvik wrote:
On Fri, Jun 13, 2014 at 3:51 PM, Sina Rabbani sina@redteam.net wrote:
Hi Runa!
Hi Sina,
Users need to create a security group in the EC2 web interface and specify which ports their instances will be using. If you randomize the ports used by the Tor Cloud instances, users will have no idea which ports to open.
I think we can just open a range of ports on the Amazon's security interface.
You could update the documentation to say that users need to create a security group with the range X-Y, and make sure the random ports used by Tor are within that range.
Also, since Tor and SSH are the only network listening programs, we probably don't even need a firewall at all.
All Amazon instances are behind a firewall by default, all you can do is specify which ports you want to open.
-
Runa A. Sandvik -
Sina Rabbani