Delivery-Date: Thu, 05 Jun 2014 22:13:37 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	UNPARSEABLE_RELAY,URIBL_BLACK autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id B87721E0A1B
	for <archiver@seul.org>; Thu,  5 Jun 2014 22:13:33 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 08BE32F7A9;
	Fri,  6 Jun 2014 02:13:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E1FD62F87E
 for <tor-talk@lists.torproject.org>; Fri,  6 Jun 2014 01:58:49 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id xU192grQXEaA for <tor-talk@lists.torproject.org>;
 Fri,  6 Jun 2014 01:58:49 +0000 (UTC)
Received: from WM50.inbox.com (wm50.inbox.com [64.135.83.50])
 by eugeni.torproject.org (Postfix) with SMTP id BB55A2F854
 for <tor-talk@lists.torproject.org>; Fri,  6 Jun 2014 01:58:49 +0000 (UTC)
Received: from inbox.com (127.0.0.1:25)
 by inbox.com with [InBox.Com SMTP Server]
 id <1406051758068.WM50> for <tor-talk@lists.torproject.org> from
 <beatthebastards@inbox.com>; Thu, 5 Jun 2014 17:58:46 -0800
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; d=inbox.com; s=s1;
 h=mime-version:date:message-id:from:subject:to:content-type;
 b=RPe8xeJnfz+PhhrZzHtkKko4rIHaSJRpii78U781TCcgLW2JGavIPhRFkw51eJw04fE+
 5TvRvyPIOpPpfFvMFeexPJsQ3feTA8kbRPwWMFN3HpHIJbhucaWVFDBpDBJO8fhK4ByuY2
 X28/mpe2g/djh6Qi3oh7mHGMkFS9frtNU=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt;
 d=inbox.com; s=s1;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=/jwdTpTlABIcdzbnHNLf532kdhyZ1k2EmlFkmHZifu0=;
 b=LeBO2rO5cAqYPiAzE5TyBT7e7fhh+ti+f/TqLJcqEUvn55owOE/XNKpDWpNHR9pYuoTh
 T5nF3TPlduWJXKKGKeyIAaFdFcx84bRSxjoVrMjAoORNszLthWmCzabifKq5s5LsIim64O
 tqvNof8RH0Tmfn2+8YK4m7oLh9Gp20yc8=
Mime-Version: 1.0
Date: Thu, 5 Jun 2014 17:58:46 -0800
Message-ID: <EFEEE9D7A51.0000012Abeatthebastards@inbox.com>
From: I <beatthebastards@inbox.com>
To: tor-talk@lists.torproject.org
In-Reply-To: <53910BB5.3090708@sky-ip.org>
References: <ff3e43bd5fc83768249ff735637fe35d.squirrel@fulvetta.riseup.net>
X-Mailer: INBOX.COM
X-Originating-IP: 110.174.49.197
X-IWM-ACU: Y2yk0ZnJ4y7SZoZ-MvSnEgeDRTIcx3fEnJYvLlc5tD4ySzupz1LIk8aKQC4Q
 tEe4xnXQEXfBlc6497F18rz7tEa4_TN9q2GYFvAn674IvxRa7RPdRB_yAVyH
 vw6F_pjSemeT--80MyDJP_oo@
Subject: Re: [tor-talk] Security concerns with running an exit relay
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

S7R,

That is a start.
But where is the full and exemplary answer for someone like me who really wants to get it right but doesn't know how to set the DirFrontPage up or the NTP syncing?

Roger says to try the tor-relay list but that has almost no chance of satisfying the need. Responses to my questions have been condescending and smartarse or illinformed from people speaking beyond their ability which is worse.

There ought to be a detailed guide for Tor being set-up on hired servers well intending people answering the call for more Tor nodes and specifically exits.
The EFF Challenge does the encouraging but points to the Tor site for what, I find, is inadequate help.

The presumption must be that the person does not know Linux well nor network security.

Robert


> -----Original Message-----
> From: s7r@sky-ip.org
> Sent: Fri, 06 Jun 2014 03:30:45 +0300
> To: tor-talk@lists.torproject.org
> Subject: Re: [tor-talk] Security concerns with running an exit relay
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 6/6/2014 2:57 AM, ondesmartenot@riseup.net wrote:
>> Hello,
>> 
>> I am interested in running a Tor exit relay, and I have
>> successfully set one up in the past, but I took it down because I
>> realized that I do not have any clue how to protect myself if
>> someone who sees lots of Tor traffic exiting from my IP address
>> decides to attack my router or computer.
>> 
>> Can you point me to any documentation relating to maintaining your
>> relay's security? I know that computer security is a large and
>> complex problem, but just some basic information on likely threats
>> and tips to protect against them would be much appreciated.
>> 
>> Thanks so much for making the internet awesome, Ondes
>> 
>> 
> Hi,
> 
> Well there is nothing magic about it. Just run it as you would any
> server, keep it maintained and up to date and of course don't easily
> allow remote access to it so somebody can fish it at first mass scan.
> Install the latest stable version including its dependencies and make
> sure you run up to date versions for all you have installed on the
> server.
> 
> Make sure you use NTP to sync the time and have accurate time on your
> server - Tor needs the right time, especially if you are a relay. A
> good practice is to run ORPort on 443 and DirPort 80 for easy
> connectivity, and include a DirPortFrontPage argument to point to a
> html file which explains what Tor is and that the said IP is a Tor
> exit router. You can find an example for this page if you google "this
> is a tor exit router" and modify the content slightly according to
> your needs.
> 
> If you are an exit relay it is recommended you run your own recursive
> DNS resolver on localhost too (BIND). Use a DirPortFrontPage argument
> in torrc
> 
> I suggest you don't run the relay on your computer. Find a reasonable
> ISP and rent a server / virtual server, run it from there. If you
> google "how to install tor <insert your operating system here>" you
> will find plenty tutorials. Just edit the torrc file to act as a
> relay. Provide a good contact email address, so people can contact you
> and enter your exit policy. I would recommend you to block just port
> 25 SMTP, to prevent spam. But if you host you relay in a
> torrent-unfriendly place, block higher ports also for p2p. But, p2p by
> definition cannot be really permanently blocked (via destination:port)
> no matter what.
> 
> If you find trouble in doing it or if you have any other questions
> mail me.
> 
> - --
> s7r
> PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
> PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> 
> iQEcBAEBAgAGBQJTkQu1AAoJEIN/pSyBJlsR2D4IAMG2kJIufiqmrfz8uCtHlEyV
> PdmF26JEVn6JoR15lCxk60kvO30NQjlckcP/CACrj3MAvzO6Hsh+GVg30+pFxF5A
> YARyQpwkho6fb95vsCQCkCKsC8Dm9WFuq8IUyRbi3vE4lV4LcCy79oSchmEmQVNM
> 4Fdn7RUKoy+UdsaiZMe+OBS/JN6GwiMGF6FF7M+YNTjOsPhydFX8KZ+b1VYvXXsd
> B4f7snoasHJMk+Jn1RXC3LHJTi4hRkasXQjF2EiMDTHklFtoQ3OVQoZ51NPvsSuB
> 3x2HAsh/cIKjXbvjAY6INKJQv0NZ4dpkMHusR3j1B/5HVGmaU2jfNNg8P2GupnE=
> =xPWf
> -----END PGP SIGNATURE-----
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

