[Tor-BSD] The offer of diversity as it could really be delivered by all of us.

Tim Wilson-Brown - teor teor2345 at gmail.com
Wed Nov 18 10:20:10 EST 2015 

> On 19 Nov 2015, at 01:58, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> Vinícius Zavam:
>> During this time getting closer and closer to the Tor and TDP
> 
> FYI, TDP is a project separate from this list, although TDP is here :)
> 
>> communities, I noticed that one tiny detail is being forgotten by many
>> people involved in these projects/families:
>> 
>> " Many Tor users are stuck behind firewalls that only let them browse
>> the web, and this change will let them reach your Tor relay. If you
>> are already using ports 80 and 443, other useful ports are 22, 110,
>> and 143. "
>> 
>> Source: https://www.torproject.org/docs/tor-relay-debian#after
>> 
>> Let's keep up a better diversity of open/reachable ports!
>> "/etc/services" is our friend; take time to see how you can help, by
>> changing one or two ports in your relay(s) config ;3
> 
> Right, and I never considered this before you raised this a few weeks
> ago.  I've always kept standard on tcp/9001 and tcp/9030 for the
> directory port.
> 
> There must be lots of obvious cases in which only 80 and 443 are allowed
> as egress traffic.
> 
> Are there other considerations on this?

Hosting providers often assume that "well-known" ports are used for certain kinds of traffic, and then block or modify that traffic.

For example, the provider for one of the directory authorities installed a "transparent" caching proxy in front of its directory port 80.
(It appears they were trying to help with the load.)
But the caching proxy was adding extra HTTP headers, caching headers that should never be cached, and occasionally corrupting the headers. There was also some weird interaction between the proxy and the redirect from the authority's old IP address.

While we're working on a fix to this issue with directory caching, I'm sure providers do other, less obvious things with traffic on well-known ports.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20151119/0983cb9b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20151119/0983cb9b/attachment-0001.bin>

More information about the Tor-BSD mailing list