Good morning Spiros,
You are correct in that I won't maintain the exit flag without ports 80 and 443 open, *and* I lose my eligibility for a free t-shirt, *but* I am not likely to attract attention at my home either. =)
Make your day great, Isaac Grover, Senior I.T. Consultant Aileron I.T. - "Practical & Proactive I.T. Solutions"
O: 715-377-0440, F:715-690-1029, W: www.aileronit.com
LinkedIn: https://www.linkedin.com/in/IsaacGrover/ YouTube: https://www.youtube.com/channel/UCqrwZNFKdR-guKtuQzFPObQ
* Isaac Grover:
You are correct in that I won't maintain the exit flag without ports 80 and 443 open, *and* I lose my eligibility for a free t-shirt, *but* I am not likely to attract attention at my home either. =)
No exit flag means your relay will not be used as an exit, just as a regular relay. You can therefore get rid of all exit rules because they won't make any difference.
-Ralph
On 31 Oct 2018, at 01:53, Ralph Seichter m16+tor@monksofcool.net wrote:
- Isaac Grover:
You are correct in that I won't maintain the exit flag without ports 80 and 443 open, *and* I lose my eligibility for a free t-shirt, *but* I am not likely to attract attention at my home either. =)
No exit flag means your relay will not be used as an exit, just as a regular relay. You can therefore get rid of all exit rules because they won't make any difference.
That's not quite true.
The Exit flag means "useful for general exiting". Clients build preemptive circuits to Exit-flagged relays. When a client has an available circuit for exiting, it will use that circuit.
The Exit policy means "allows exiting to these ports". If a client doesn't have a circuit to an exit that supports the port it wants, it randomly chooses an exit that allows that port.
So you may see a small amount of traffic over those ports.
T
* teor:
If a client doesn't have a circuit to an exit that supports the port it wants, it randomly chooses an exit that allows that port.
Sure, but is the distinction of what is considered "an exit" reflected in the exit flag? And is it truly random, or does the consensus weight factor into it, the latter being what I thought to be the case?
My point is that a Tor node not flagged as an exit is pretty much useless for that role, and removing all exit rules is appropriate in my opinion.
-Ralph
On 31 Oct 2018, at 22:47, Ralph Seichter m16+tor@monksofcool.net wrote:
- teor:
If a client doesn't have a circuit to an exit that supports the port it wants, it randomly chooses an exit that allows that port.
Sure, but is the distinction of what is considered "an exit" reflected in the exit flag?
I don't understand what you mean by "an exit". Do you mean "the Exit flag" or "an exit policy that allows some ports"?
The Exit flag means "useful for general exiting". Clients build preemptive circuits to Exit-flagged relays. When a client has an available circuit for exiting, it will use that circuit.
The Exit policy means "allows exiting to these ports".
And is it truly random, or does the consensus weight factor into it, the latter being what I thought to be the case?
Clients filter Exits by exit policy or Exit flag, then choose an exit randomly weighted by consensus weight. Almost everything in Tor is chosen randomly by consensus weight. (HSDirs are an exception.)
My point is that a Tor node not flagged as an exit is pretty much useless for that role, and removing all exit rules is appropriate in my opinion.
I agree, but each operator can make their own choice.
T
* teor:
I don't understand what you mean by "an exit". Do you mean "the Exit flag" or "an exit policy that allows some ports"?
I put "an exit" in quotes because I think there are different interpretations. I consider a Tor Exit to be a specialisation of a Tor Node which allows connections beyond the Tor network, based on exit rules, and which actually is utilised in that role, based on available bandwidth and consensus weight.
I agree, but each operator can make their own choice.
Sure. Deciding to sell bycicles from an inflatable raft at Point Nemo is a choice one could make, but is it a *good* choice? ;-)
-Ralph
Hello,
Isaac Grover, Aileron I.T. wrote:
Good morning Spiros,
You are correct in that I won't maintain the exit flag without ports 80 and 443 open, *and* I lose my eligibility for a free t-shirt, *but* I am not likely to attract attention at my home either. =)
Make your day great, Isaac Grover, Senior I.T. Consultant Aileron I.T. - "Practical & Proactive I.T. Solutions"
O: 715-377-0440, F:715-690-1029, W: www.aileronit.com
LinkedIn: https://www.linkedin.com/in/IsaacGrover/ YouTube: https://www.youtube.com/channel/UCqrwZNFKdR-guKtuQzFPObQ
First of all, thank you for running an Exit relay. Why don't you allow exit with reduced exit policy so that your exit node will be able to handle more traffic?
I mean, for sure if you allow more ports you will have more Tor traffic, thus increase your chances to get (more) abuse complaints, but I think running a relay from home is not bad! I am aware a lot of people say it's not desirable, not because you could actually get into trouble but just to avoid a possible mess / raid / headaches / having to waste time to explain. Such things don't happen so often, fortunately, more and more law enforcement people know what Tor is and how it works.
I see it no different than forgetting to set a Wi-Fi password at your home, or sharing it, or choosing a poor one that can be found with a dictionary attack with aircrack-ng -- nothing can happen to you if you are the victim of this. So with Tor, running Tor software configured as an Exit relay is perfectly legal in most countries that I am aware of.
And most of the abuse complaints are automated emails anyway that do not even require a reply, from people who setup tools in the wrong way to spam RIR's databases with automated notifications that nobody should care, because they still don't understand how the internet works. In the land of internet you rely only on your actions to make your systems and networks secure, not on what other people should not do to you because you think it's abusive -- it doesn't work this way, never had and never will.
So, I think you are fine if you run an Exit with the reduced exit policy. 99,99% worst case scenario is: ISP cutting you off because of too many abuse complaints. If it's a big ISP I doubt they will care.
Of course it's up to you. Anyway, thanks for running it, any way you choose to do, with any ports open, it still helps the network.
tor-relays@lists.torproject.org
-
Isaac Grover, Aileron I.T. -
Ralph Seichter -
s7r -
teor