Difference between revisions of "Tor-exit"

From CSLabsWiki
Jump to: navigation, search
(moved to 144 subnet)
(Added OIT's conditions)
Line 22: Line 22:
  
 
It is currently in the process of being set up for a CS-657 project. Various measures are being taken to ensure that it will be run safely, and if it proves harmless, it may continue to be run after the class project is completed. If that is the case, it will need to be handed off to someone else for the 2016-2017 academic year, and the contacts at OIT and elsewhere will need to be changed.
 
It is currently in the process of being set up for a CS-657 project. Various measures are being taken to ensure that it will be run safely, and if it proves harmless, it may continue to be run after the class project is completed. If that is the case, it will need to be handed off to someone else for the 2016-2017 academic year, and the contacts at OIT and elsewhere will need to be changed.
 +
 +
==OIT's Conditions==
 +
1.  Designate a technical/administrative contact for the project.  We can automate abuse notices so that they forward to this contact for you/them to respond. 
 +
 +
2.  Use iptables/ipfilters to prohibit outbound traffic from the TOR host to on-campus networks; outbound from TOR host to COSI/ITL networks are okay, but all others should be DROP'ed by the host firewall. 
 +
 +
3.  Establish a specific reverse DNS name for the IP assigned to the TOR host, indicating its purpose.  I've seen others that are formatted similar to "tor-exit.cosi.clarkson.edu"
 +
 +
4.  Run a simple web server on tcp/80 on this host which hosts a page indicating the host's purpose.  Something akin to:  http://tor-exit-node.cs.usu.edu/
 +
 +
5.  As long as it is compatible with your research intentions, I would like to see us running a reduced exit policy. This will minimize opportunities for abusive traffic types. (See https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy)

Revision as of 16:07, 8 November 2015

Tor-exit
IP Address(es): 128.153.144.125
Contact Person: Alan Beadle & Pad Cashin
Last Update: Fall 2015
Services: Tor-exit


Hostname: tor-exit.cslabs.clarkson.edu
Operating system: Debian 8
NIC 1: Clarkson Network
MAC: ?
IP: 128.153.144.125
CPU: Core 2 Duo
RAM: Not much


Tor-exit is a Tor exit note run by the Clarkson Open Source Institute with the permission of OIT and Clarkson University.

It is currently in the process of being set up for a CS-657 project. Various measures are being taken to ensure that it will be run safely, and if it proves harmless, it may continue to be run after the class project is completed. If that is the case, it will need to be handed off to someone else for the 2016-2017 academic year, and the contacts at OIT and elsewhere will need to be changed.

OIT's Conditions

1. Designate a technical/administrative contact for the project. We can automate abuse notices so that they forward to this contact for you/them to respond.

2. Use iptables/ipfilters to prohibit outbound traffic from the TOR host to on-campus networks; outbound from TOR host to COSI/ITL networks are okay, but all others should be DROP'ed by the host firewall.

3. Establish a specific reverse DNS name for the IP assigned to the TOR host, indicating its purpose. I've seen others that are formatted similar to "tor-exit.cosi.clarkson.edu"

4. Run a simple web server on tcp/80 on this host which hosts a page indicating the host's purpose. Something akin to: http://tor-exit-node.cs.usu.edu/

5. As long as it is compatible with your research intentions, I would like to see us running a reduced exit policy. This will minimize opportunities for abusive traffic types. (See https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy)