Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

Thanks +++ Simple really -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of Daniel Llewellyn Sent: 28 April 2016 15:35 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] does it make sense to close unused ports at a tor relay wi

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

On 4/28/16, Green Dream wrote: >> The likes of GRC.COM make you think that any port not > blocked... is bad. >> I wondered why if nothing there > > Because there is a difference between a closed port and a filtered port. > Deny vs drop. The less of a fingerprint you offer to atta

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

> The likes of GRC.COM make you think that any port not blocked... is bad. > I wondered why if nothing there Because there is a difference between a closed port and a filtered port. Deny vs drop. The less of a fingerprint you offer to attackers, the better. It's security by obscu

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

On 28/04/16 14:33, Dr Gerard Bulger wrote: > Currently the rules are thus: > -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 9051 -j ACCEPT > Which opens up those TOR ports on BOTH my IPs, not what I want (OK torrc is > listening to the second IP, but that is fidd

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

The likes of GRC.COM make you think that any port not blocked, stealth is bad. I wondered why if nothing there. But you can never be certain there is nothing. I have my TOR Exit node on separate IP form my main server, shared on eth0 as eth0:1 I would like to close as many ports as possible on

Re: [tor-relays] Announcing a shutdown of a relay

> On 28 Apr 2016, at 20:09, Petrusko wrote: > > I already saw Atlas auto-refreshing... and not showing a relay down > after some days. > And when the relay was back (same IP, ORPort), old graphs were back. Tor clients use a consensus published hourly by the directory authorities. Relays whi

Re: [tor-relays] Announcing a shutdown of a relay

I already saw Atlas auto-refreshing... and not showing a relay down after some days. And when the relay was back (same IP, ORPort), old graphs were back. Le 28/04/2016 11:36, Dr Gerard Bulger a écrit : > What if you want to shutdown forever. > > I am in the process of moving mine to another

Re: [tor-relays] Announcing a shutdown of a relay

I also meant shutting down for a longer period. Forgot to mention that :-) Moving is easy. You just copy your keys to the new server and start the daemon up again. Am 28.04.2016 um 11:36 schrieb Dr Gerard Bulger: > What if you want to shutdown forever. > > I am in the process of moving mine to ano

Re: [tor-relays] Announcing a shutdown of a relay

> On 28 Apr 2016, at 19:36, Dr Gerard Bulger wrote: > > What if you want to shutdown forever. > > I am in the process of moving mine to another server. How do I stop tor > atlas listing the old one? Turn it off. The tor consensus will stop listing it within 2 hours. Clients will stop using it

Re: [tor-relays] Announcing a shutdown of a relay

What if you want to shutdown forever. I am in the process of moving mine to another server. How do I stop tor atlas listing the old one? -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of Tim Wilson-Brown - teor Sent: 28 April 2016 10:30 To

Re: [tor-relays] Announcing a shutdown of a relay

> On 28 Apr 2016, at 19:17, Josef 'veloc1ty' Stautner wrote: > > Hi @all, > > can I announce the shutdown of my relay to the network so clients select > a new guard? When you send a SIGINT to tor, tor refuses new circuits, and waits ShutdownWaitLength (default 30 seconds) for clients to choos

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

> On 28 Apr 2016, at 19:18, Toralf Förster wrote: > > Signed PGP part > On 04/28/2016 11:14 AM, Tim Wilson-Brown - teor wrote: > > Ports in, or ports out? > Ports in I meant, sry. > > > Closing inbound ports is a security precaution > The question is - if there's no program listening on that po

[tor-relays] Announcing a shutdown of a relay

Hi @all, can I announce the shutdown of my relay to the network so clients select a new guard? Thanks, ~Josef signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.or

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/28/2016 11:14 AM, Tim Wilson-Brown - teor wrote: > Ports in, or ports out? Ports in I meant, sry. > Closing inbound ports is a security precaution The question is - if there's no program listening on that port, does filtering that in-port has

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

> On 28 Apr 2016, at 18:21, Toralf Förster wrote: > > Signed PGP part > Me do wonder, if it has an advantage or not. Ports in, or ports out? Closing inbound ports is a security precaution, but don't close ssh by mistake! Closing outbound ports is a bad idea, because other Tor relays can choos

[tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Me do wonder, if it has an advantage or not. - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAlchyBQACgkQxOrN3gB26U5eFwD/aVEuQ5OeGYSVq/IaQK4GabhP PUjH+RiTMvgAzk+7KoUA/1zVS89sS2k