-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/6/2014 2:57 AM, [email protected] wrote: > Hello, > > I am interested in running a Tor exit relay, and I have > successfully set one up in the past, but I took it down because I > realized that I do not have any clue how to protect myself if > someone who sees lots of Tor traffic exiting from my IP address > decides to attack my router or computer. > > Can you point me to any documentation relating to maintaining your > relay's security? I know that computer security is a large and > complex problem, but just some basic information on likely threats > and tips to protect against them would be much appreciated. > > Thanks so much for making the internet awesome, Ondes > > Hi,
Well there is nothing magic about it. Just run it as you would any server, keep it maintained and up to date and of course don't easily allow remote access to it so somebody can fish it at first mass scan. Install the latest stable version including its dependencies and make sure you run up to date versions for all you have installed on the server. Make sure you use NTP to sync the time and have accurate time on your server - Tor needs the right time, especially if you are a relay. A good practice is to run ORPort on 443 and DirPort 80 for easy connectivity, and include a DirPortFrontPage argument to point to a html file which explains what Tor is and that the said IP is a Tor exit router. You can find an example for this page if you google "this is a tor exit router" and modify the content slightly according to your needs. If you are an exit relay it is recommended you run your own recursive DNS resolver on localhost too (BIND). Use a DirPortFrontPage argument in torrc I suggest you don't run the relay on your computer. Find a reasonable ISP and rent a server / virtual server, run it from there. If you google "how to install tor <insert your operating system here>" you will find plenty tutorials. Just edit the torrc file to act as a relay. Provide a good contact email address, so people can contact you and enter your exit policy. I would recommend you to block just port 25 SMTP, to prevent spam. But if you host you relay in a torrent-unfriendly place, block higher ports also for p2p. But, p2p by definition cannot be really permanently blocked (via destination:port) no matter what. If you find trouble in doing it or if you have any other questions mail me. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 PGP Pubkey: http://www.sky-ip.org/[email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTkQu1AAoJEIN/pSyBJlsR2D4IAMG2kJIufiqmrfz8uCtHlEyV PdmF26JEVn6JoR15lCxk60kvO30NQjlckcP/CACrj3MAvzO6Hsh+GVg30+pFxF5A YARyQpwkho6fb95vsCQCkCKsC8Dm9WFuq8IUyRbi3vE4lV4LcCy79oSchmEmQVNM 4Fdn7RUKoy+UdsaiZMe+OBS/JN6GwiMGF6FF7M+YNTjOsPhydFX8KZ+b1VYvXXsd B4f7snoasHJMk+Jn1RXC3LHJTi4hRkasXQjF2EiMDTHklFtoQ3OVQoZ51NPvsSuB 3x2HAsh/cIKjXbvjAY6INKJQv0NZ4dpkMHusR3j1B/5HVGmaU2jfNNg8P2GupnE= =xPWf -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
