Delivery-Date: Sat, 07 Jun 2014 14:12:24 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id B804E1E0A64
	for <archiver@seul.org>; Sat,  7 Jun 2014 14:12:22 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9F6B52F87A;
	Sat,  7 Jun 2014 18:12:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8D0152F865
 for <tor-talk@lists.torproject.org>; Sat,  7 Jun 2014 18:02:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id oCto7-VzXdnr for <tor-talk@lists.torproject.org>;
 Sat,  7 Jun 2014 18:02:46 +0000 (UTC)
Received: from mail-vc0-x22a.google.com (mail-vc0-x22a.google.com
 [IPv6:2607:f8b0:400c:c03::22a])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 6DF132F734
 for <tor-talk@lists.torproject.org>; Sat,  7 Jun 2014 18:02:46 +0000 (UTC)
Received: by mail-vc0-f170.google.com with SMTP id hy10so395206vcb.1
 for <tor-talk@lists.torproject.org>; Sat, 07 Jun 2014 11:02:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=x8s5fHmTC1UnKq70Khjz5c7S2353cZd2v4TmCEtstAM=;
 b=PoPe8uGAPRYHP4LozYvEqCu3U1tmDFuyvMd3O/aXoLBVdn3VwkGk8sDG0kgYUCu0rL
 +YB//xo0QFqo0RinDg3pwCxWreb5XbkrHWvwPtxG7m/O2QrP7wVWivbRjopb37dLPytk
 8o7H2HZ0FJ+hK486Hk5x4jJuX8xu1Vzb5SVvf+wQoKUUbe+9c0F8BO1SGDyp4dF8TkEm
 1VutgH41syL2DM+noUt66QUQwNM+O8qpwd85pza9n0stAFCSdW5X0Wimm6G/7R7JPgRc
 cHr2qXk1AVA2B/V2j67RD5X6kUhH31pPSxYS2IwoKN4kEFlV1q6ksSrkM2k7+c3que0I
 gnZA==
MIME-Version: 1.0
X-Received: by 10.220.92.193 with SMTP id s1mr14612905vcm.34.1402164163947;
 Sat, 07 Jun 2014 11:02:43 -0700 (PDT)
Received: by 10.221.65.198 with HTTP; Sat, 7 Jun 2014 11:02:43 -0700 (PDT)
In-Reply-To: <20140607151420.6cde8acd@natsu>
References: <20140607151420.6cde8acd@natsu>
Date: Sat, 7 Jun 2014 14:02:43 -0400
Message-ID: <CAD2Ti29NYWC+FUvbTGxTXEGVSjW5k1HP2NezjF4NfbOZWKVe+Q@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Problematic ORPorts
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> So my idea is, maybe consider making directory authorities blacklist some
> ports as being unacceptable as ORPorts, 22 and 53 come to mind for a start,
> along with maybe 25 to avoid false alarms from anti-spam countermeasures.

ORport config exists to give better anti blocking/censorship
performance. So Tor should not exclude any OR port/protocol.
The problem is with you and your ISP, not other relays who
have fine working relationships with their ISP regarding binding
to those ports.

So if end user feels they are at risk of dumb triggers/policies they
should block their client from contacting such nodes in their
config. Easier if exists new option: ClientNoORPorts [...,] .
Or block such outbound ports on their firewall.

A relay operator who feels they are at risk of making such
contact should probably work with their host or find another
one instead of narrowing their possible outbound paths. (The
impact to tor network of RelayNoORPorts would depend on
percent nodes having your noisy ORport and traffic weights.
May also affect clients reaching specific exit relay using said
ports. And add more overhead signaling. Better to find new host.)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

