Hi Jon, On Sat, 13 Jun 2009 10:20:45 -0600 Jon <scr...@nonvocalscream.com> wrote: >I've read the entire thread and I still have one persisting question in >my mind... > > >Why are "bogus port exists" bad, and why should I eliminate them form my >exit policy?
Okay, consider how tor works. Each request to connect to a destination IP address's TCP port 43 and all data traveling in both directions over the resulting connection travel in a unique tor stream. There is some overhead at each of several steps in the process of establishing the stream, encrypting and decrypting the data, passing data in both directions, and then destroying the stream. Each stream exists within a circuit. If the client already has a circuit available that can support the stream, then that is good. Many streams can be supported by a single circuit, so there is not a 1:1 correspondence in the total number of requests (and therefore streams), which makes it difficult to know just what the impact of millions/billions of extraneous streams happens to be, but for the sake of discussion, let's say that the average circuit ends up having supported 10 streams by the time it is shut down. If the client currently has no circuit available to support a stream, then it must build one. This is a slow and tedious process with lots of overhead demand placed upon the relays selected for the route of the circuit to be built. It is an unfortunate fact that many circuits fail during the construction phase and get destroyed without ever having been used. All such failed circuits amount to lost/wasted tor network capacity. Suppose a 100 KB/s tor exit node services 150,000 exits/week for https (port 443). But if its exit policy allows unrestricted exits for whois (port 43), it may also end up having to service 750,000 - 1,500,000 port 43 exits. If we average 10 streams/circuit, then that adds the burden of 75,000 - 150,000 circuits to the other loads already on this exit node, as well as distributing twice that burden (assuming routelen = 3) across the rest of the tor network. If that traffic is legitimate, then that's just life, and is part of the service the tor network was established to provide. However, if 95% or more of those port 43 streams and circuits are bogus, then they represent lost/wasted capacity that then is not available to provide the service that tor is intended to provide. When you consider that the distribution of circuits across the set of exit nodes that allow exits to a particular port is based upon the relative data rate capacities of all exits in that set, you see that what one exit node experiences should be similar to what all others in that set experience, proportionally adjusted according to relative capacities. In other words, if a single, 100 KB/s exit node is burdened with bogus exits to the tune of 10, 20, or maybe 30 times as many as the combined total of all the legitimate exit requests it gets, then all the other exit nodes in that set are getting hammered basically the same way. That amounts to a horrendous waste of tor resources that could have been devoted to providing better service for the legitimate requests. Again, it is important to keep in mind that the volume of payload data traversing the tor network is only one part of the consumption of tor network resources. Circuit construction and tear-down are another big piece of the picture. Remember that circuit construction means lots of very slow asymmetric key exchanges, as well as lots of overhead at the TCP and IP levels. Each tor hop in a circuit might have 10 - 30 physical hops through the Internet. > >*if* I want to keep the type of traffic somewhat also anonymous >(assuming the operator is not looking at the content) then I might use a >separate port to communicate my information. I don't know if I totally >feel comfortable in this, most especially when we start talking about >peering into the content. And even looking to see what the protocol >actually is, is peering. That should be private, as an ethical >consideration for all operators. > Yeah, looking at the content is a really noxious idea. I don't understand why anyone would ever suggest it if they've bothered to read the documentation and other materials available on the torproject.org web site. And if someone has *not* read those materials, they really shouldn't be running tor nodes. I would still very much like to hear from exit node operators who allow exits to ports 80 (http) and 443 (https) to find out what the ratio of http exits to https exits might be. If those same nodes also allow exits to port 43 (whois) and/or port 4321 (rwhois), then those figures might be helpful, too, although just the ratio of http:https exits should be enough to clarify the magnitude of the potentially bogus traffic burden pretty well because I can already calculate the other ratios from the data I already have. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************