On Mon, Apr 24, 2006 at 11:26:41PM -0800, Kyle T.Smith wrote: > exit server. Tor is a really great idea, you just have to be vigilant > in setting up your exit policies and be willing to deal with the fact > that as with any network service there is the potential for abuse.
The new default exit policies are pretty decent, but unless you run an outbound application proxy on each port you allow out, you can't really control the type of traffic at a very granular level. For example, if you allow port 22 in your exit policy, you can't really guarantee that people are using SSH on that port. As for abuse, that's the challenge. I don't mind putting in the time to respond to abuse complaints, and adjusting exit policies to block destinations that ask to be shielded. As long as one's upstream ISP understands and supports what you're doing, it's doable. Mostly, I think handling abuse complaints with Tor amount to form letters explaining the nature of the service, and blocking specific destinations or destination:port combinations on request. While it's not *impossible* for an exit server to spy on traffic and do deeper packet inspections, I do think it sort of defeats the purpose even in the rare cases where it might be successful. In fact, I think it would *increase* operator liability because you're no longer acting as a passive conduit; I think the EFF even says something to that effect in their server-op FAQ. -- Re-Interpreting Historic Miracles with SED #141: %s/water/wine/g _______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
