On Tue Apr 29, 2014, grarpamp grarpamp@gmail.com wrote:
On 4/28/2014 10:04 PM, Zack Weinberg wrote:
For what it's worth, after complaints from campus IT we also wound up blocking SSH in the CMU Tor exit's policy.
Sounds like IT is conflicted and sans balls... permits relay service, but well, doesn't. Good that you can run one, but if they're whacking you for denied stuff, plan on moving soon when they get real complaints.
No. You are confusing university campuses with commercial providers, from which, as a customer, you are entitled to certain things per contract.
In that specific instance, campus IT have been extremely good sports about us running a Tor exit on our campus. They could have simply said "no;" instead, they're willing to support this. I think that is admirable: They have no incentive to do this other than an altruistic willingness to support research in that sphere. Not to put too fine a point on it, as a faculty, I pay overhead on research grants whether or not campus IT is kind to me.
Campus IT is understandably not, however, willing to spend an inordinate amount of time dealing with complaints from clueless third parties. SSH port scanning occurs unfortunately often enough it became a pretty big burden on them to deal with repeated emails from "victims." Our research group does not have the cycles to deal with these complaints either---and even if we did, I doubt we would have the authority to speak on behalf of the university.
So, given the choice between not operating an exit, and operating an exit without port 22 to avoid overburdening with red tape people who, once again, have been really good to us, what would you pick?
The servers aren't the one's that shouldn't be online, it's their idiot operators who think SSH's DEFAULT SCREAMING ABOUT DENIED HACK ATTEMPTS in the logs is some kind of important, and then go reporting it to every place they can think of, each of those places staffed by more clueless idiots, etc.
The level of intelligence of the people that receive these complaints is irrelevant. However competent you may be, if you get oodles of complaints every single day, for something that you are doing as a favor to somebody else, you will throw in the towel.
Best regards, Nicolas