On Sat, 13 Jun 2009 10:46:26 +0200 Dominik Schaefer <schaed...@gmx.de> wrote: >On 12.06.09 09:29, Scott Bennett wrote: >> This apparent fact, in turn, suggests that if a) all tor nodes with an >> explicit exit policy were to restrict port 443 exits to just the legitimate >> port 43 IP addresses and b) the tor default exit policy did the same, a >> huge and illegitimate load would be lifted from the tor network overall. If >> no relays offer exits to port 43 that don't go to the NICs' whois servers, >> well over half of all tor exits, which are illegitimate and undeserving of >> service in the first place, ... >My comment is very basic and related to one somebody else already made, but >IMHO it should not vanish in the discussion: >What definition of 'illegitimate' do you use? Even if traffic to some port 43
http://www.iana.org/assignments/port-numbers >is not a request for a whois server, why should that be illegitimate? Because port 43 is a privileged, reserved port for that function. There are tens of thousands of unprivileged, unreserved ports available for use for whatever anyone wants to do with them, subject only to the possibility that there is no guarantee that any of those ports will remain unreserved. Use of privileged, reserved ports is fraught with risks from conflicts with the officially allocated uses. The uses for which some port numbers are reserved are indeed the legitimate uses. Certainly, there is nothing in TCP to prevent any reserved port number for being used for a different purpose than that for which the port is reserved, but it is unwise to do so in most cases. >Transferring specific data to/from specific ports is (thanks <divine being of >choice>) not compulsory. Many Tor nodes operate the OR port on 80 or 443, but >clearly don't transfer HTTP traffic. Does that make it illegitimate traffic? In principle, yes. However, many of us do choose to offer tor access at those port numbers because the unreserved, unprivileged port numbers have been unreasonably blocked by certain controlling agencies. To the best of my knowledge, there has been no such concerted effort to block services like whois, rwhois, and so forth. I suppose it is also worth noting that the whois function is one of the basic functions used to call up information necessary to proper maintenance of Internet operation, whereas something like tor is not. >And if yes: does everyone operating a whois server would have to register >somewhere, so that the Tor developers/operators can include its IP into the >(default) exit policy? Apparently not, although that would certainly make things more convenient. > >There may be people using port 43 for something 'illegitimate' (depending on >definition), but you cannot deduce this from that the fact that a large >percentage of your port 43 traffic is not addressed to one of 43 IP addresses. Yes, I obviously forgot about the ccTLD whois servers. I will attempt to add those that are not already covered by the ones in the list I posted, and when I have data based upon an exit policy that includes those servers, I will post an update to the list. I do not know offhand how to deal with the issue of private/unofficial whois servers, except that I doubt we should worry about providing access to them via tor. I still find it difficult to believe that there are so many genuine whois requests being proxied through tor--note that the standard whois(1) does not have a way to specify the use of a proxy, so something like proxychains(1) is required in order to funnel whois requests through tor--that they so dramatically outnumber https requests. It's *just* *not* *credible*. Without solid evidence to the contrary, it would not be credible even if it did not require that special efforts be made to trap and redirect the normal whois TCP connections through tor, but that it does require that special effort makes the notion even less believable. That having been said, the use of IP addresses of known, legitimate whois servers is the only method that has occurred to me so far to allow genuine whois request to pass through the tor network while also excluding the high volume of non-whois connections masquerading as whois connections. This in no way denies the problem of obtaining/maintaining a complete or accurate list of real whois server. >Of course, everyone is free to restrict his Tor node as he likes, but calling >for a default restriction is IMHO not justified without more information. > More information is, of course, always a good idea and should be welcomed, provided it is obtained by means that are both ethical and legal. In fact, if you're running an exit, would you be willing to provide some numbers regarding the relative exit counts on your node for ports 43, 80, 443, and 4321? Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************