Policy on Running Tor Exit Nodes
Like most technologies, Tor can be used for both good and bad purposes. Some of the good purposes, from the website:
"Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. …
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. … Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization."
However, it's also possible to abuse Tor. Those engaged in malicious computer attacks may use Tor to hide their identity. The end result is that harmful traffic can, in some cases, emerge from a Tor exit node. The administrator of the exit node has no control over this.
I hope it's OK to run a Tor exit node on my Linode, but I would also understand if that's a headache Linode.com would rather not deal with.
Thanks for your time, and I look forward to your answer.
12 Replies
-erik
We don't explicitly restrict you from running a tor exit node, but we have had clients running one that end up getting a lot of AUP violations (because of attacks/scans coming out of their node).
Eventually, we'd run tired of handling these and ask you to knock it off
-Chris
@xerbutter:
If it were used for something malicious, could there be repercussions for the other linodes on that machine?
A Tor exit node is more likely to generate a lot of complaints about abuse like port scanning - that makes work for Linode - than cause harm to other customers. At worst, Tor abuse could prompt a DDoS attack, which might affect that Linode host or even all Linodes at that datacenter. If that happens, the affected IP gets null routed and Linode asks the Tor operator to "knock it off". If they carry on, Linode invites them to take their business elsewhere.
People using tor as an anonymizer when conducting VA and/or port scans aren't going to be targeting linodes…I mean, they may, but that would be highly irregular, like biting the hand that feeds you…kinda dumb. More likely, they're going to bue using Tor as a conduit to attack/scan their targets. At most, the sheer traffic may impact the linode host the Tor conduit, and if the impact is high, the neighboring linode hosts may be affected.
IMO, I don't think there is a direct danger of vulnerability scans and attacks to the linodes themselves, but since the traffic will go through the linode hosting the service, linodes may be affected indirectly.
What you're talking about could happen to ANY machine that has an IP, no matter the location. What I'm talking about is a definitive impact to the linodes themselves (loads that may spread to other neighboring linodes).
@unixfool:
What you're talking about could happen to ANY machine that has an IP, no matter the location. What I'm talking about is a definitive impact to the linodes themselves (loads that may spread to other neighboring linodes).
I agree, a Tor exit node isn't going to load the host so other Linodes notice. It does, however, increase the likelihood of a DDoS attack temporarily screwing the network for everyone.
@anderiv:
I'm not sure if the tor daemon has a means of setting bandwidth speed/transfer limits, but it's something to think about.
-erik
In /etc/tor/torrc:
AccountingMax 50 GB
Thats 50 GB in and 50GB out, so 100GB in real transit. The accounting period is by default a month.
You might want to up the bandwidth rate and restrict the exit policy to just port 80.
TOR is a wonderful thing. It gives back the freedom of information many governments try to take away. Yes people will abuse it but while we still allow windows machines on the internet there will always be large pools of IPs open for abuse.
I've been doing most of the above (or some variant) on hosts in facilities where I dont have hardware firewalls for ages and I have never once been hacked in years (over 5).