Thanks for the links and reply, I appreciate it, that answers my question on web ports. How about Bitcoin ports 8333 to help other BTC nodes sync? Is this port also risky to open? Thanks again...
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, May 21, 2020 5:21 AM, William Kane ttallink@googlemail.com wrote:
P.S: If you were not asking about relays on OVH, my bad - had their company name stuck in my head due to your previous posts to the mailing list.
2020-05-20 21:07 GMT, William Kane ttallink@googlemail.com:
Port 53 over TCP (DNS) seems useless, it won't be used at all or only very rarely - your exit already resolves domain names for your clients, this is why it's recommended to have a local recursive resolver installed instead of passing on DNS requests to remote services such as Google or Cloudflare DNS, due to the possibility of correlation and anonymity compromising attacks: https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca https://medium.com/@nusenu/what-fraction-of-tors-dns-traffic-goes-to-google-... If you open up 80 and 443, expect to receive a lot of abuse mails related to brute-forcing or exploit attempts, and having to deal with the occasional douche-bag downloading child porn from a clear-net hoster and confused law enforcement agencies. If that doesn't bother you or your hoster (in the case of OVH, it will, I can guarantee you that), then go ahead. OVH is a bad provider though, over-congested network due to all the seed boxes, bad peering, many Tor nodes already hosted there, etc. All that means please don't host another node there, instead go for a small provider, ideally also in a country which does not host a lot of Tor nodes already, see if they host only a handful of Tor nodes, ideally colocate, get your own IP range and ask them to modify the abuse address for the range to an address you control. After that is all done, you can safely ignore most abuse reports unless they actually have a case against you, which, in most countries is not possible due to network providers being protected from liability by the law. Hope this helps. 2020-05-20 7:24 GMT, mnlph74 mnlph74@protonmail.com:
Hi, I'm running a non-exit relay for quite some time now and I would like to open ports 53, 80, 443 (web ports) to be more useful. How do you handle fraudulent complaints? What is the best approach to this situation? Thank you for your help. Sent with ProtonMail Secure Email.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays